Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 Vapor187

Vapor187

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 September 2012 - 12:38 PM

Alright I was told to make a new post on this forum as standard actions where not enough to remove the virus so here is the DDS logs


DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Kirk at 13:30:46 on 2012-09-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8140.6045 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No File
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C68231DB-6387-417B-9CF2-9572AD789FDA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C68231DB-6387-417B-9CF2-9572AD789FDA}\B496D6745756374713 : DhcpNameServer = 10.1.10.1 192.168.10.1
TCP: Interfaces\{D55D3347-7C45-4B44-8EA6-9EC54C1E36B7} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No File
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-9 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-10 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-10 676936]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-7 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-23 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-13 15:31:04 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-09-12 12:46:58 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 12:46:58 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 12:45:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA932338-13FB-4571-92D4-AEB0F782338D}\offreg.dll
2012-09-11 19:46:11 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-11 19:26:12 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-11 19:26:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 17:45:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-11 15:22:25 -------- d-----w- C:\Program Files\CCleaner
2012-09-11 15:13:31 -------- d-----w- C:\Program Files\Microsoft Games
2012-09-11 15:04:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-11 14:04:26 -------- d-----w- C:\Users\Kirk\AppData\Roaming\SUPERAntiSpyware.com
2012-09-11 14:04:07 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-11 14:04:07 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-11 13:55:35 1629088 ----a-w- C:\rkill.com
2012-09-11 12:25:11 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA932338-13FB-4571-92D4-AEB0F782338D}\mpengine.dll
2012-09-10 20:08:14 -------- d-----w- C:\Users\Kirk\AppData\Roaming\Malwarebytes
2012-09-10 20:08:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-10 20:08:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-10 20:08:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-10 19:16:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-10 19:16:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-10 19:00:09 -------- d-----w- C:\Users\Kirk\AppData\Local\Macromedia
2012-09-10 16:17:06 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-10 16:17:06 -------- d-----w- C:\Program Files\AVAST Software
2012-09-10 13:18:28 98816 ----a-w- C:\Windows\sed.exe
2012-09-10 13:18:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-10 13:18:28 256000 ----a-w- C:\Windows\PEV.exe
2012-09-10 13:18:28 208896 ----a-w- C:\Windows\MBR.exe
2012-09-07 19:48:06 328704 ----a-w- C:\Windows\System32\services.exe.F0E3663E1AE94E14
2012-09-07 17:14:39 -------- d-----w- C:\Program Files (x86)\stinger
2012-09-07 17:11:19 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-24 17:28:40 2211928 ----a-w- C:\TDSSKiller.exe
.
==================== Find3M ====================
.
2012-08-16 03:30:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 03:30:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:31:22.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:01 AM

Posted 13 September 2012 - 02:34 PM

Hello Vapor187,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 13 September 2012 - 04:09 PM

Yes I have a flash drive an you should know that I am a Sys Admin by profession so I know my way around a computer :) . Unfortunately this is a friends computer and this unlike any virus infection Ive ever seen or dealt with so thank you for the help

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:01 AM

Posted 13 September 2012 - 05:06 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]


Can you please tell me which Browsers are redirecting?
IE, Firefox, Chrome?

Edited by fireman4it, 13 September 2012 - 05:07 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 September 2012 - 06:55 AM

IE and Firefox but I uninstalled it a few days ago

#6 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 September 2012 - 07:48 AM

Farbar Log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 14-09-2012 08:42:14
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1617920 2011-02-27] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe [73728 2010-11-12] (ArcSoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Kirk\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-11] (SUPERAntiSpyware.com)

==================== Services ====================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-09-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

==================== Drivers =================================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-13 09:33 - 2012-09-13 09:33 - 00017276 ____A C:\Users\Kirk\Desktop\DDS.txt
2012-09-13 09:33 - 2012-09-13 09:33 - 00016204 ____A C:\Users\Kirk\Desktop\Attach.txt
2012-09-13 07:31 - 2012-09-13 07:31 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-09-13 04:25 - 2012-09-13 04:25 - 00059430 ____A C:\Users\Kirk\Desktop\AutoRuns.txt
2012-09-13 04:24 - 2012-09-13 04:24 - 00540921 ____A C:\Users\Kirk\Downloads\Autoruns.zip
2012-09-13 04:23 - 2012-09-13 04:23 - 01632160 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Downloads\rkill.exe
2012-09-13 04:21 - 2012-09-13 04:21 - 00262144 ____A C:\Windows\Minidump\091312-19000-01.dmp
2012-09-13 04:21 - 2012-09-13 04:21 - 00000000 ____D C:\Windows\Minidump
2012-09-13 04:20 - 2012-09-13 04:20 - 606746458 ____A C:\Windows\MEMORY.DMP
2012-09-13 04:18 - 2012-09-13 04:23 - 00002070 ____A C:\Users\Kirk\Desktop\Rkill.txt
2012-09-13 04:18 - 2012-09-13 04:18 - 00892832 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Desktop\rkill64.scr
2012-09-12 10:01 - 2012-09-12 10:01 - 00000695 ____A C:\Users\Kirk\Desktop\AdwCleaner[S2].txt
2012-09-12 09:58 - 2012-09-12 09:58 - 00002541 ____A C:\Users\Kirk\Desktop\FSS1.txt
2012-09-12 09:58 - 2012-09-12 09:58 - 00000695 ____A C:\AdwCleaner[S2].txt
2012-09-12 09:57 - 2012-09-12 09:57 - 00693235 ____A (Farbar) C:\Users\Kirk\Downloads\FSS (1).exe
2012-09-12 09:57 - 2012-09-12 09:57 - 00002541 ____A C:\Users\Kirk\Desktop\FSS.txt
2012-09-12 09:56 - 2012-09-12 09:56 - 00036439 ____A C:\Users\Kirk\Downloads\Result.txt
2012-09-12 09:56 - 2012-09-12 09:56 - 00036439 ____A C:\Users\Kirk\Desktop\Result mini toolbox.txt
2012-09-12 09:30 - 2012-09-12 09:58 - 00512399 ____A C:\Users\Kirk\Downloads\adwcleaner (1).exe
2012-09-12 09:27 - 2012-09-12 09:27 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Kirk\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-12 09:26 - 2012-09-12 09:26 - 00751391 ____A (Farbar) C:\Users\Kirk\Downloads\MiniToolBox (1).exe
2012-09-12 04:58 - 2012-09-12 04:59 - 02322184 ____A (ESET) C:\Users\Kirk\Downloads\esetsmartinstaller_enu.exe
2012-09-12 04:58 - 2012-09-12 04:58 - 00001898 ____A C:\Users\Kirk\Desktop\aswMBR.txt
2012-09-12 04:58 - 2012-09-12 04:58 - 00000512 ____A C:\Users\Kirk\Desktop\MBR.dat
2012-09-12 04:46 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 04:46 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 04:43 - 2012-09-12 04:44 - 04731392 ____A (AVAST Software) C:\Users\Kirk\Downloads\aswMBR.exe
2012-09-12 04:41 - 2012-07-11 03:56 - 00000880 ____A C:\Users\Kirk\Desktop\Downloads.lnk
2012-09-11 12:53 - 2012-09-11 13:03 - 00000000 ____D C:\Users\Kirk\Desktop\RK_Quarantine
2012-09-11 12:53 - 2012-09-11 12:53 - 01378816 ____A C:\Users\Kirk\Desktop\RogueKiller.exe
2012-09-11 12:44 - 2012-09-11 05:55 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Desktop\rkill.com
2012-09-11 11:46 - 2012-09-11 11:46 - 02322184 ____A (ESET) C:\Users\Kirk\Desktop\esetsmartinstaller_enu.exe
2012-09-11 11:46 - 2012-09-11 11:46 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-11 11:41 - 2012-09-11 11:41 - 01932256 ____A (Symantec Corporation) C:\Users\Kirk\Downloads\FixTDSS.exe
2012-09-11 11:41 - 2012-09-11 11:41 - 01932256 ____A (Symantec Corporation) C:\Users\Kirk\Desktop\FixTDSS.exe
2012-09-11 11:26 - 2012-09-11 11:25 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-11 11:26 - 2012-09-11 11:25 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-11 11:26 - 2012-09-11 11:25 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-11 11:25 - 2012-09-11 11:25 - 00000000 ____D C:\Users\All Users\McAfee
2012-09-11 11:12 - 2012-09-11 11:12 - 00448512 ____A (OldTimer Tools) C:\Users\Kirk\Desktop\TFC.exe
2012-09-11 10:45 - 2012-09-11 10:45 - 00512399 ____A C:\Users\Kirk\Downloads\adwcleaner.exe
2012-09-11 10:45 - 2012-09-11 10:45 - 00001088 ____A C:\AdwCleaner[S1].txt
2012-09-11 10:02 - 2012-09-11 09:58 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Desktop\rkill.scr
2012-09-11 09:58 - 2012-09-11 09:58 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Downloads\rkill.scr
2012-09-11 09:57 - 2012-09-11 11:58 - 00000000 ____D C:\Users\Kirk\Downloads\old
2012-09-11 09:56 - 2012-09-11 09:56 - 02193184 ____A C:\Users\Kirk\Downloads\12341234.zip
2012-09-11 09:55 - 2012-09-11 09:55 - 00000335 ____A C:\Users\Kirk\Downloads\FixExe.reg
2012-09-11 09:45 - 2012-09-14 04:25 - 00002886 ____A C:\Windows\setupact.log
2012-09-11 09:45 - 2012-09-11 10:00 - 00001484 ____A C:\Windows\PFRO.log
2012-09-11 09:45 - 2012-09-11 09:45 - 00000000 ____A C:\Windows\setuperr.log
2012-09-11 09:16 - 2012-09-11 09:16 - 00047707 ____A C:\ComboFix.txt
2012-09-11 07:22 - 2012-09-11 07:22 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-11 07:22 - 2012-09-11 07:22 - 00000000 ____D C:\Program Files\CCleaner
2012-09-11 07:13 - 2012-09-11 07:13 - 00000000 ____D C:\Program Files\Microsoft Games
2012-09-11 07:10 - 2012-09-11 07:10 - 00013024 ____A C:\Users\Kirk\Documents\cookies.txt
2012-09-11 07:10 - 2012-09-11 07:10 - 00011867 ____A C:\Users\Kirk\Documents\bookmark.htm
2012-09-11 07:10 - 2012-09-11 07:10 - 00000703 ____A C:\Users\Kirk\Documents\feeds.opml
2012-09-11 07:08 - 2012-09-11 07:08 - 00000031 ____A C:\tmuninst.ini
2012-09-11 07:04 - 2012-09-11 07:04 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-11 06:58 - 2012-09-11 06:58 - 00002541 ____A C:\Users\Kirk\Downloads\FSS.txt
2012-09-11 06:38 - 2012-09-11 06:38 - 00693235 ____A (Farbar) C:\Users\Kirk\Downloads\FSS.exe
2012-09-11 06:37 - 2012-09-11 06:37 - 00751391 ____A (Farbar) C:\Users\Kirk\Downloads\MiniToolBox.exe
2012-09-11 06:04 - 2012-09-11 09:45 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-11 06:04 - 2012-09-11 06:04 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-11 06:04 - 2012-09-11 06:04 - 00000000 ____D C:\Users\Kirk\AppData\Roaming\SUPERAntiSpyware.com
2012-09-11 06:04 - 2012-09-11 06:04 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-11 06:03 - 2012-09-11 06:04 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Kirk\Downloads\SUPERAntiSpyware.exe
2012-09-11 05:55 - 2012-09-11 05:55 - 01629088 ____A (Bleeping Computer, LLC) C:\rkill.com
2012-09-11 04:09 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-11 04:09 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-11 04:09 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-11 04:09 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-11 04:09 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-11 04:09 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-11 04:09 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-11 04:09 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-11 04:09 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-11 04:09 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-11 04:09 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-11 04:09 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-11 04:09 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-11 04:09 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-11 04:09 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-11 04:09 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-11 04:09 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-11 04:09 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-11 04:09 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-11 04:09 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-11 04:09 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-11 04:09 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-11 04:09 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-11 04:09 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-11 04:09 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-11 04:09 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-11 04:09 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-11 04:09 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-10 12:08 - 2012-09-12 09:27 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-10 12:08 - 2012-09-12 09:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-10 12:08 - 2012-09-10 12:08 - 00000000 ____D C:\Users\Kirk\AppData\Roaming\Malwarebytes
2012-09-10 12:08 - 2012-09-10 12:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-10 12:08 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-10 12:07 - 2012-09-10 12:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kirk\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-10 11:16 - 2012-09-12 04:35 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-10 11:16 - 2012-09-12 04:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-10 11:00 - 2012-09-10 11:00 - 00000000 ____D C:\Users\Kirk\AppData\Local\Macromedia
2012-09-10 08:18 - 2012-09-10 08:18 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-10 08:18 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-09-10 08:17 - 2012-09-11 10:00 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-09-10 08:17 - 2012-09-10 08:17 - 00000000 ____D C:\Program Files\AVAST Software
2012-09-10 05:35 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-09-10 05:35 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-09-10 05:35 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-09-10 05:35 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-09-10 05:35 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-09-10 05:35 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-09-10 05:35 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-09-10 05:35 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-09-10 05:35 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-09-10 05:35 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-09-10 05:35 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-09-10 05:35 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-09-10 05:35 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-09-10 05:18 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-10 05:18 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-10 05:18 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-10 05:18 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-10 05:18 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-10 05:18 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-10 05:18 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-10 05:18 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-10 05:16 - 2012-09-13 04:25 - 00649864 ____A (Sysinternals - www.sysinternals.com) C:\Users\Kirk\Desktop\autoruns.exe
2012-09-10 05:16 - 2012-09-13 04:25 - 00567944 ____A (Sysinternals - www.sysinternals.com) C:\Users\Kirk\Desktop\autorunsc.exe
2012-09-10 05:16 - 2012-09-11 09:16 - 00000000 ____D C:\Qoobox
2012-09-10 05:14 - 2012-09-10 05:31 - 00000000 ____D C:\Windows\erdnt
2012-09-10 05:13 - 2012-09-11 09:04 - 04759433 ____R (Swearware) C:\Users\Kirk\Desktop\ComboFix.exe
2012-09-07 11:48 - 2012-09-07 11:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0E3663E1AE94E14
2012-09-07 09:14 - 2012-09-07 11:21 - 00000000 ____D C:\Program Files (x86)\stinger
2012-09-07 09:11 - 2012-09-07 09:11 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-07 08:47 - 2012-09-10 05:56 - 73799216 ____A (Microsoft Corporation) C:\Users\Kirk\Downloads\msert.exe
2012-08-24 09:28 - 2012-09-11 10:03 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Kirk\Desktop\TDSSKiller.exe
2012-08-24 09:28 - 2012-09-10 07:10 - 02211928 ____A (Kaspersky Lab ZAO) C:\TDSSKiller.exe


==================== 3 Months Modified Files ================================

2012-09-14 04:25 - 2012-09-11 09:45 - 00002886 ____A C:\Windows\setupact.log
2012-09-14 04:25 - 2011-09-23 10:50 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 04:25 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-14 04:22 - 2011-09-09 04:20 - 01433203 ____A C:\Windows\WindowsUpdate.log
2012-09-14 04:20 - 2009-07-13 21:13 - 00892838 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-14 04:16 - 2012-08-07 04:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-14 04:16 - 2011-09-23 10:50 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-13 09:33 - 2012-09-13 09:33 - 00017276 ____A C:\Users\Kirk\Desktop\DDS.txt
2012-09-13 09:33 - 2012-09-13 09:33 - 00016204 ____A C:\Users\Kirk\Desktop\Attach.txt
2012-09-13 07:29 - 2009-07-13 20:45 - 00015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-13 07:29 - 2009-07-13 20:45 - 00015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-13 04:26 - 2011-09-20 10:37 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-13 04:25 - 2012-09-13 04:25 - 00059430 ____A C:\Users\Kirk\Desktop\AutoRuns.txt
2012-09-13 04:25 - 2012-09-10 05:16 - 00649864 ____A (Sysinternals - www.sysinternals.com) C:\Users\Kirk\Desktop\autoruns.exe
2012-09-13 04:25 - 2012-09-10 05:16 - 00567944 ____A (Sysinternals - www.sysinternals.com) C:\Users\Kirk\Desktop\autorunsc.exe
2012-09-13 04:25 - 2011-11-05 09:52 - 00049648 ____A C:\Users\Kirk\Desktop\autoruns.chm
2012-09-13 04:25 - 2006-07-28 05:32 - 00007005 ____A C:\Users\Kirk\Desktop\Eula.txt
2012-09-13 04:24 - 2012-09-13 04:24 - 00540921 ____A C:\Users\Kirk\Downloads\Autoruns.zip
2012-09-13 04:23 - 2012-09-13 04:23 - 01632160 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Downloads\rkill.exe
2012-09-13 04:23 - 2012-09-13 04:18 - 00002070 ____A C:\Users\Kirk\Desktop\Rkill.txt
2012-09-13 04:21 - 2012-09-13 04:21 - 00262144 ____A C:\Windows\Minidump\091312-19000-01.dmp
2012-09-13 04:20 - 2012-09-13 04:20 - 606746458 ____A C:\Windows\MEMORY.DMP
2012-09-13 04:18 - 2012-09-13 04:18 - 00892832 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Desktop\rkill64.scr
2012-09-12 10:01 - 2012-09-12 10:01 - 00000695 ____A C:\Users\Kirk\Desktop\AdwCleaner[S2].txt
2012-09-12 09:58 - 2012-09-12 09:58 - 00002541 ____A C:\Users\Kirk\Desktop\FSS1.txt
2012-09-12 09:58 - 2012-09-12 09:58 - 00000695 ____A C:\AdwCleaner[S2].txt
2012-09-12 09:58 - 2012-09-12 09:30 - 00512399 ____A C:\Users\Kirk\Downloads\adwcleaner (1).exe
2012-09-12 09:57 - 2012-09-12 09:57 - 00693235 ____A (Farbar) C:\Users\Kirk\Downloads\FSS (1).exe
2012-09-12 09:57 - 2012-09-12 09:57 - 00002541 ____A C:\Users\Kirk\Desktop\FSS.txt
2012-09-12 09:56 - 2012-09-12 09:56 - 00036439 ____A C:\Users\Kirk\Downloads\Result.txt
2012-09-12 09:56 - 2012-09-12 09:56 - 00036439 ____A C:\Users\Kirk\Desktop\Result mini toolbox.txt
2012-09-12 09:27 - 2012-09-12 09:27 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Kirk\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-12 09:27 - 2012-09-10 12:08 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 09:26 - 2012-09-12 09:26 - 00751391 ____A (Farbar) C:\Users\Kirk\Downloads\MiniToolBox (1).exe
2012-09-12 04:59 - 2012-09-12 04:58 - 02322184 ____A (ESET) C:\Users\Kirk\Downloads\esetsmartinstaller_enu.exe
2012-09-12 04:58 - 2012-09-12 04:58 - 00001898 ____A C:\Users\Kirk\Desktop\aswMBR.txt
2012-09-12 04:58 - 2012-09-12 04:58 - 00000512 ____A C:\Users\Kirk\Desktop\MBR.dat
2012-09-12 04:44 - 2012-09-12 04:43 - 04731392 ____A (AVAST Software) C:\Users\Kirk\Downloads\aswMBR.exe
2012-09-11 12:53 - 2012-09-11 12:53 - 01378816 ____A C:\Users\Kirk\Desktop\RogueKiller.exe
2012-09-11 11:46 - 2012-09-11 11:46 - 02322184 ____A (ESET) C:\Users\Kirk\Desktop\esetsmartinstaller_enu.exe
2012-09-11 11:41 - 2012-09-11 11:41 - 01932256 ____A (Symantec Corporation) C:\Users\Kirk\Downloads\FixTDSS.exe
2012-09-11 11:41 - 2012-09-11 11:41 - 01932256 ____A (Symantec Corporation) C:\Users\Kirk\Desktop\FixTDSS.exe
2012-09-11 11:25 - 2012-09-11 11:26 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-11 11:25 - 2012-09-11 11:26 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-11 11:25 - 2012-09-11 11:26 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-11 11:25 - 2011-09-19 12:30 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-11 11:25 - 2011-09-19 12:30 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-11 11:12 - 2012-09-11 11:12 - 00448512 ____A (OldTimer Tools) C:\Users\Kirk\Desktop\TFC.exe
2012-09-11 10:45 - 2012-09-11 10:45 - 00512399 ____A C:\Users\Kirk\Downloads\adwcleaner.exe
2012-09-11 10:45 - 2012-09-11 10:45 - 00001088 ____A C:\AdwCleaner[S1].txt
2012-09-11 10:03 - 2012-08-24 09:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Kirk\Desktop\TDSSKiller.exe
2012-09-11 10:00 - 2012-09-11 09:45 - 00001484 ____A C:\Windows\PFRO.log
2012-09-11 09:58 - 2012-09-11 10:02 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Desktop\rkill.scr
2012-09-11 09:58 - 2012-09-11 09:58 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Downloads\rkill.scr
2012-09-11 09:56 - 2012-09-11 09:56 - 02193184 ____A C:\Users\Kirk\Downloads\12341234.zip
2012-09-11 09:55 - 2012-09-11 09:55 - 00000335 ____A C:\Users\Kirk\Downloads\FixExe.reg
2012-09-11 09:45 - 2012-09-11 09:45 - 00000000 ____A C:\Windows\setuperr.log
2012-09-11 09:16 - 2012-09-11 09:16 - 00047707 ____A C:\ComboFix.txt
2012-09-11 09:14 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-11 09:04 - 2012-09-10 05:13 - 04759433 ____R (Swearware) C:\Users\Kirk\Desktop\ComboFix.exe
2012-09-11 07:22 - 2012-09-11 07:22 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-11 07:10 - 2012-09-11 07:10 - 00013024 ____A C:\Users\Kirk\Documents\cookies.txt
2012-09-11 07:10 - 2012-09-11 07:10 - 00011867 ____A C:\Users\Kirk\Documents\bookmark.htm
2012-09-11 07:10 - 2012-09-11 07:10 - 00000703 ____A C:\Users\Kirk\Documents\feeds.opml
2012-09-11 07:08 - 2012-09-11 07:08 - 00000031 ____A C:\tmuninst.ini
2012-09-11 06:58 - 2012-09-11 06:58 - 00002541 ____A C:\Users\Kirk\Downloads\FSS.txt
2012-09-11 06:38 - 2012-09-11 06:38 - 00693235 ____A (Farbar) C:\Users\Kirk\Downloads\FSS.exe
2012-09-11 06:37 - 2012-09-11 06:37 - 00751391 ____A (Farbar) C:\Users\Kirk\Downloads\MiniToolBox.exe
2012-09-11 06:04 - 2012-09-11 06:04 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-11 06:04 - 2012-09-11 06:03 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Kirk\Downloads\SUPERAntiSpyware.exe
2012-09-11 05:55 - 2012-09-11 12:44 - 01629088 ____A (Bleeping Computer, LLC) C:\Users\Kirk\Desktop\rkill.com
2012-09-11 05:55 - 2012-09-11 05:55 - 01629088 ____A (Bleeping Computer, LLC) C:\rkill.com
2012-09-11 04:15 - 2009-07-13 20:45 - 00416024 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-10 12:07 - 2012-09-10 12:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kirk\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-10 08:18 - 2012-09-10 08:18 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-10 07:10 - 2012-08-24 09:28 - 02211928 ____A (Kaspersky Lab ZAO) C:\TDSSKiller.exe
2012-09-10 06:51 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-09-10 05:56 - 2012-09-07 08:47 - 73799216 ____A (Microsoft Corporation) C:\Users\Kirk\Downloads\msert.exe
2012-09-07 13:04 - 2012-09-10 12:08 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-07 11:48 - 2012-09-07 11:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F0E3663E1AE94E14
2012-09-05 21:05 - 2011-09-19 12:30 - 00000000 ____A C:\sme.log
2012-08-21 01:12 - 2012-09-10 08:18 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-15 19:30 - 2012-08-07 04:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 19:30 - 2011-09-09 06:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 09:55 - 2012-09-12 04:46 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 09:05 - 2012-09-12 04:46 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-18 09:31 - 2012-09-10 05:35 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:56 - 2012-09-12 04:41 - 00000880 ____A C:\Users\Kirk\Desktop\Downloads.lnk
2012-07-08 04:54 - 2012-01-16 13:24 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-07-04 14:04 - 2012-09-10 05:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-09-10 05:35 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-09-10 05:35 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-09-10 05:35 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-09-10 05:35 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-09-11 04:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-09-11 04:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-09-11 04:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-09-11 04:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-09-11 04:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-09-11 04:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-09-11 04:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-09-11 04:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-09-11 04:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-09-11 04:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-09-11 04:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-09-11 04:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-09-11 04:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-09-11 04:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-09-11 04:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-09-11 04:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-09-11 04:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-09-11 04:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-09-11 04:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-09-11 04:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-09-11 04:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-09-11 04:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-09-11 04:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-09-11 04:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-09-11 04:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-09-11 04:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-09-11 04:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-09-11 04:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-19 08:21 - 2012-06-19 08:03 - 00002115 ____A C:\Users\Public\Desktop\Media Impression for Kodak.lnk


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0857600 ____A (Microsoft Corporation) 686B841A27DEE812EDDE443FCE81BFBA

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-10 05:35:21
Restore point made on: 2012-09-10 08:17:03
Restore point made on: 2012-09-11 04:06:02
Restore point made on: 2012-09-11 07:13:04
Restore point made on: 2012-09-11 07:36:42
Restore point made on: 2012-09-11 07:37:54
Restore point made on: 2012-09-11 09:52:48
Restore point made on: 2012-09-11 09:57:00
Restore point made on: 2012-09-11 11:25:47
Restore point made on: 2012-09-11 12:27:52
Restore point made on: 2012-09-13 04:18:00
Restore point made on: 2012-09-13 04:25:25

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8139.86 MB
Available physical RAM: 7349.79 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7343.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:247.18 GB) NTFS
3 Drive f: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.24 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7441 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7437 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 7437 MB Healthy

==================================================================================

Last Boot: 2012-09-12 05:56

==================== End Of Log =============================

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:01 AM

Posted 14 September 2012 - 01:28 PM

  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:/listparts.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • Type e:/listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

So this is only happening in IE?

Edited by fireman4it, 14 September 2012 - 01:28 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 September 2012 - 02:24 PM

ListParts64 Log
ListParts by Farbar Version: 14-09-2012
Ran by SYSTEM (administrator) on 14-09-2012 at 15:21:07
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 8139.86 MB
Available physical RAM: 7449.23 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7442.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:247.18 GB) NTFS
3 Drive f: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.24 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7441 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7437 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 7437 MB Healthy

======================================================================================================

****** End Of Log ******

Yes I have no other browser installed at this time except IE

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:01 AM

Posted 14 September 2012 - 03:06 PM

Hello,

Please try this fix

click the fixit button here - http://support.microsoft.com/kb/923737

Edited by fireman4it, 14 September 2012 - 03:07 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 September 2012 - 03:24 PM

Hi Fireman4it

that did not work still redirecting

Thank you

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:01 AM

Posted 14 September 2012 - 03:29 PM

Well it looks like you have used alot of tools. We will start all over with some of them as some of them have updated.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



3.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

4.
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.


4.
I need for you to run ListParts in Normal mode.


Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

Edited by fireman4it, 16 September 2012 - 05:06 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 14 September 2012 - 03:46 PM

Fireman4it just wanted to give you a heads up that I will be out of town all weekend so I will be running all these task first thing Monday morning and posting back with the logs

Thank you for the help so far and have a good weekend

#13 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 17 September 2012 - 10:56 AM

Alright here are the logs



Combofix Log
ComboFix 12-09-16.01 - Kirk 09/17/2012 9:06.4.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8140.6552 [GMT -4:00]
Running from: c:\users\Kirk\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kirk\AppData\Local\Temp\{4D7111CF-2576-41A8-AE1C-AB17578225AF}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 13:10 . 2012-09-17 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 12:56 . 2012-09-17 13:04 -------- d-----w- C:\Old logs
2012-09-14 20:14 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFF3C2AF-6467-4142-9855-4B986BC0BFC5}\mpengine.dll
2012-09-14 16:42 . 2012-09-14 16:42 -------- d-----w- C:\FRST
2012-09-13 15:31 . 2012-09-13 15:31 -------- d-----w- c:\program files (x86)\NirSoft
2012-09-12 12:46 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:46 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:46 . 2012-09-11 19:46 -------- d-----w- c:\program files (x86)\ESET
2012-09-11 19:26 . 2012-09-11 19:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-11 19:26 . 2012-09-11 19:25 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-11 19:26 . 2012-09-11 19:25 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-11 19:25 . 2012-09-11 19:25 -------- d-----w- c:\programdata\McAfee
2012-09-11 15:22 . 2012-09-11 15:22 -------- d-----w- c:\program files\CCleaner
2012-09-11 15:13 . 2012-09-11 15:13 -------- d-----w- c:\program files\Microsoft Games
2012-09-11 15:04 . 2012-09-11 15:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-11 14:04 . 2012-09-11 14:04 -------- d-----w- c:\users\Kirk\AppData\Roaming\SUPERAntiSpyware.com
2012-09-11 14:04 . 2012-09-11 17:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 14:04 . 2012-09-11 14:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-10 20:08 . 2012-09-10 20:08 -------- d-----w- c:\users\Kirk\AppData\Roaming\Malwarebytes
2012-09-10 20:08 . 2012-09-10 20:08 -------- d-----w- c:\programdata\Malwarebytes
2012-09-10 20:08 . 2012-09-12 17:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-10 20:08 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 19:16 . 2012-09-12 12:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-10 19:16 . 2012-09-12 12:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-10 19:00 . 2012-09-10 19:00 -------- d-----w- c:\users\Kirk\AppData\Local\Macromedia
2012-09-10 16:18 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-10 16:17 . 2012-09-11 18:00 -------- d-----w- c:\programdata\AVAST Software
2012-09-10 16:17 . 2012-09-10 16:17 -------- d-----w- c:\program files\AVAST Software
2012-09-07 19:48 . 2012-09-07 19:48 328704 ----a-w- c:\windows\system32\services.exe.F0E3663E1AE94E14
2012-09-07 17:14 . 2012-09-07 19:21 -------- d-----w- c:\program files (x86)\stinger
2012-09-07 17:11 . 2012-09-07 17:11 -------- d-----w- c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 12:26 . 2011-09-20 18:37 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-16 03:30 . 2012-08-07 12:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 03:30 . 2011-09-09 14:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2009-07-14 . 686B841A27DEE812EDDE443FCE81BFBA . 857600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-09-11_17.14.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-16 20:22 . 2012-03-16 20:22 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-08-17 07:29 . 2012-09-14 20:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-08-17 07:29 . 2012-09-11 15:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-17 07:34 . 2012-09-14 20:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-08-17 07:34 . 2012-09-11 15:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-09-14 20:13 . 2012-09-14 20:22 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012091420120915\index.dat
+ 2012-09-13 12:25 . 2012-09-13 12:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012091320120914\index.dat
+ 2012-09-14 20:14 . 2012-09-14 20:14 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C92CB085-FEA8-11E1-B334-101F74119453}.dat
+ 2012-09-11 17:54 . 2012-09-11 17:54 32256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C3948499-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-11 19:26 . 2012-09-11 19:26 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9123A7A4-FC46-11E1-A7DD-101F74119453}.dat
+ 2012-09-12 17:57 . 2012-09-12 17:58 31232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B7CC4CE-FD03-11E1-9588-101F74119453}.dat
+ 2012-09-11 19:24 . 2012-09-11 19:24 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{51563B51-FC46-11E1-A7DD-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 26624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CCD099A-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 89600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CCD0999-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 24576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3EEEFDAE-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:26 . 2012-09-12 17:26 35328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{053E2D62-FCFF-11E1-9588-101F74119453}.dat
+ 2012-06-25 22:37 . 2012-09-14 20:21 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-17 07:29 . 2012-09-11 17:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
- 2012-08-17 07:29 . 2012-09-11 15:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2011-09-09 13:03 . 2012-09-17 12:52 44328 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-17 12:52 30966 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-09 12:59 . 2012-09-17 12:52 12160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-166673691-4187312228-1921361111-1000_UserData.bin
+ 2012-03-16 20:22 . 2012-03-16 20:22 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-09-09 19:19 . 2012-09-17 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 19:19 . 2012-09-11 15:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-12 13:58 . 2012-09-17 12:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-09 19:19 . 2012-09-11 15:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-11 15:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-17 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-09-14 20:16 83440 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-13 17:18 . 2012-09-13 17:18 25600 c:\windows\Installer\7df751.msi
- 2011-09-09 14:36 . 2012-09-11 12:11 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 43608 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 43608 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-09-12 12:42 . 2012-09-14 20:23 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{593B2933-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-14 20:23 . 2012-09-14 20:23 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{F9CD0D5A-FEA9-11E1-B334-101F74119453}.dat
+ 2012-09-12 17:33 . 2012-09-12 17:34 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FFBB2453-FCFF-11E1-9588-101F74119453}.dat
+ 2012-09-11 20:33 . 2012-09-11 20:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EFD739BB-FC4F-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:25 . 2012-09-12 17:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E030889F-FCFE-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:25 . 2012-09-12 17:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E030618F-FCFE-11E1-9588-101F74119453}.dat
+ 2012-09-11 17:55 . 2012-09-11 17:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D162C3D8-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-12 13:07 . 2012-09-12 13:07 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE749A77-FCDA-11E1-9588-101F74119453}.dat
+ 2012-09-14 20:13 . 2012-09-14 20:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AF7A82CE-FEA8-11E1-B334-101F74119453}.dat
+ 2012-09-11 17:54 . 2012-09-11 17:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC5292D8-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-11 17:54 . 2012-09-11 17:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AA19A9F5-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-11 19:26 . 2012-09-11 19:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9123A7A3-FC46-11E1-A7DD-101F74119453}.dat
+ 2012-09-11 19:18 . 2012-09-11 19:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{75505C21-FC45-11E1-A7DD-101F74119453}.dat
+ 2012-09-12 17:29 . 2012-09-12 17:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70A53536-FCFF-11E1-9588-101F74119453}.dat
+ 2012-09-12 18:05 . 2012-09-12 18:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{64FC69ED-FD04-11E1-9F94-101F74119453}.dat
+ 2012-09-12 17:57 . 2012-09-12 17:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B7CC4CD-FD03-11E1-9588-101F74119453}.dat
+ 2012-09-11 19:24 . 2012-09-11 19:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4AA1FB2C-FC46-11E1-A7DD-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3EEF24BD-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3EEEFDAD-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 13:32 . 2012-09-12 13:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CBE911D-FCDE-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:27 . 2012-09-12 17:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2985CF73-FCFF-11E1-9588-101F74119453}.dat
+ 2012-09-12 13:31 . 2012-09-12 13:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19A00AC2-FCDE-11E1-9588-101F74119453}.dat
+ 2012-09-13 12:25 . 2012-09-13 12:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C0136A0-FD9E-11E1-B02E-101F74119453}.dat
+ 2012-09-12 17:26 . 2012-09-12 17:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{053E2D61-FCFF-11E1-9588-101F74119453}.dat
+ 2012-09-11 20:33 . 2012-09-11 20:33 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFD739BD-FC4F-11E1-9588-101F74119453}.dat
+ 2012-09-11 20:33 . 2012-09-11 20:33 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFD739BC-FC4F-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:25 . 2012-09-12 17:25 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E03088A0-FCFE-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:25 . 2012-09-12 17:26 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0306190-FCFE-11E1-9588-101F74119453}.dat
+ 2012-09-11 17:55 . 2012-09-11 17:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D162C3D9-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-12 13:07 . 2012-09-12 13:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE749A78-FCDA-11E1-9588-101F74119453}.dat
+ 2012-09-14 20:14 . 2012-09-14 20:14 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB80560D-FEA8-11E1-B334-101F74119453}.dat
+ 2012-09-11 17:54 . 2012-09-11 17:54 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6633D01-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-11 17:54 . 2012-09-11 17:54 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC5292D9-FC39-11E1-9900-101F74119453}.dat
+ 2012-09-11 19:19 . 2012-09-11 19:19 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F8DC763-FC45-11E1-A7DD-101F74119453}.dat
+ 2012-09-11 19:18 . 2012-09-11 19:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{814F0B40-FC45-11E1-A7DD-101F74119453}.dat
+ 2012-09-12 18:05 . 2012-09-12 18:05 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64FC69EF-FD04-11E1-9F94-101F74119453}.dat
+ 2012-09-12 18:05 . 2012-09-12 18:05 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64FC69EE-FD04-11E1-9F94-101F74119453}.dat
+ 2012-09-12 17:57 . 2012-09-12 17:58 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B7CC4CF-FD03-11E1-9588-101F74119453}.dat
+ 2012-09-11 19:24 . 2012-09-11 19:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{51563B4F-FC46-11E1-A7DD-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50201B79-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CCD099C-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-13 12:25 . 2012-09-13 12:25 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{25A3E871-FD9E-11E1-B02E-101F74119453}.dat
+ 2012-09-13 12:25 . 2012-09-13 12:25 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1802471F-FD9E-11E1-B02E-101F74119453}.dat
+ 2012-09-17 13:11 . 2012-09-17 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-11 15:41 . 2012-09-11 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-17 13:11 . 2012-09-17 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-11 15:41 . 2012-09-11 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-11 19:26 . 2012-09-11 19:25 246760 c:\windows\SysWOW64\javaws.exe
+ 2011-09-19 20:30 . 2012-09-11 19:25 174056 c:\windows\SysWOW64\javaw.exe
+ 2011-09-19 20:30 . 2012-09-11 19:25 174056 c:\windows\SysWOW64\java.exe
+ 2012-08-14 03:47 . 2012-09-14 20:22 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-12 12:42 . 2012-09-12 19:19 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012091220120913\index.dat
+ 2012-09-11 12:20 . 2012-09-11 21:16 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012091120120912\index.dat
+ 2012-09-12 17:29 . 2012-09-12 17:30 105984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70A53537-FCFF-11E1-9588-101F74119453}.dat
+ 2012-09-12 12:42 . 2012-09-12 12:42 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3EEF24BE-FCD7-11E1-9588-101F74119453}.dat
+ 2012-09-12 13:32 . 2012-09-12 13:32 714240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CBE911E-FCDE-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:27 . 2012-09-12 17:28 239104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2985CF74-FCFF-11E1-9588-101F74119453}.dat
+ 2012-09-12 13:31 . 2012-09-12 13:31 171008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19A00AC3-FCDE-11E1-9588-101F74119453}.dat
+ 2012-09-12 17:34 . 2012-09-12 17:34 292352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09F6C341-FD00-11E1-9588-101F74119453}.dat
+ 2011-09-12 20:39 . 2012-09-14 12:16 231514 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-09-09 21:38 . 2012-09-13 23:57 248554 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-09-10 19:00 748760 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-17 12:54 748760 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-10 19:00 146412 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-17 12:54 146412 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-17 13:10 387040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-11 15:41 387040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-13 12:30 . 2012-09-14 12:22 662916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-166673691-4187312228-1921361111-1000-8192.dat
+ 2012-09-14 12:22 . 2012-09-17 13:10 940296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-166673691-4187312228-1921361111-1000-4096.dat
+ 2012-09-11 19:26 . 2012-09-11 19:26 179200 c:\windows\Installer\b603d.msi
+ 2011-09-09 14:36 . 2012-09-13 12:26 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 470616 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 470616 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-08-17 07:29 . 2012-09-14 20:22 1638400 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-09-11 19:18 . 2012-09-14 20:22 2064384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-14 20:22 4423680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-09-11 15:24 3891306 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-13 15:08 3891306 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-09-19 18:08 . 2012-09-17 13:10 1290736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-19 18:08 . 2012-09-11 15:41 1290736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-25 22:44 . 2012-09-14 20:23 8069096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-08-30 02:39 . 2012-08-30 02:39 3463680 c:\windows\Installer\48e3f.msp
+ 2012-08-30 02:39 . 2012-08-30 02:39 3463680 c:\windows\Installer\3edcb00.msp
+ 2011-09-09 14:36 . 2012-09-13 12:26 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-09-09 14:36 . 2012-09-13 12:26 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2011-09-09 14:36 . 2012-09-11 12:11 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-07-14 02:34 . 2012-09-11 15:41 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-09-13 17:29 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-09-20 20:32 . 2012-09-17 12:49 15486932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-166673691-4187312228-1921361111-1000-12288.dat
+ 2012-09-11 19:25 . 2012-09-11 19:25 27549696 c:\windows\Installer\b602f.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-11 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-13 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-14 686792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-20 1255736]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-13 203776]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-13 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-13 301568]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 03:30]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 18:50]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-23 18:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-02-28 1617920]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-85164165.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{652853AD-5592-4231-88C6-706613A52E61}"=hex:51,66,7a,6c,4c,1d,38,12,c3,50,3b,
61,a0,1b,5f,07,f7,d0,33,26,16,fb,6a,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a5,fe,3b,6f,46,90,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,98,4c,0e,1d,de,0e,4a,b3,ec,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,98,4c,0e,1d,de,0e,4a,b3,ec,38,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-09-17 09:16:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-17 13:16
ComboFix2.txt 2012-09-10 14:58
ComboFix3.txt 2012-09-10 13:34
.
Pre-Run: 264,921,284,608 bytes free
Post-Run: 264,529,772,544 bytes free
.
- - End Of File - - 36A50ACB3FC182A6DB90DD36611BAB55


Sarscan Log

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 9/17/2012 at 10:46:25 AM
User "Kirk" on computer "KIRK-LAPTOP"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSKQAT0\-5IFLcjk_n1fLNqdHAvqc_k79saxNU3q6ZYn9J2h1YEaSGJhJy3SpOfdRxaQLFe4ax6bCQobYZHnhR86I6daY8Mu3icLAVDBOV56w10zx7_2qB7K4KB6FCZbrPukHXgoxQ==[1].htm
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYW9BT4H\xDoAEBqAHp1EKwAQK6ARUzMzgwMTU1ODQ2MDcyODkxODM2OjDAAdiNdsgB_IbDpZ0n2gETMTExMTI5OTg1NTA2Nzk2MDYzN-gBZA%3Bredirecturl2%3D;ord=893117163[1].htm
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7P7JRY3\fl_l;btg=la.av;btg=dx.bi;btg=pr.cb;btg=po.ab;btg=la.af;btg=pr.fx;btg=pr.gk;btg=op.ip;btg=op.kv;btg=cm.ippi;btg=pr.hu;btg=op.lj;btg=op[2].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3HAI4WS\fl_l;btg=la.av;btg=dx.bi;btg=pr.cb;btg=po.ab;btg=la.af;btg=pr.fx;btg=pr.gk;btg=op.ip;btg=op.kv;btg=cm.ippi;btg=pr.hu;btg=op.lj;btg=op[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3HAI4WS\=cm.music_l;btg=cm.ent_l;btg=cm.nfl_l;btg=cm.stbl;btg=et.1c;btg=la.av;btg=la.af;btg=po.ab;btg=po.ac;btg=ap.b;btg=ap.g;btg=ap.c;btg=ap[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSKQAT0\=cm.music_l;btg=cm.ent_l;btg=cm.nfl_l;btg=cm.stbl;btg=et.1c;btg=la.av;btg=la.af;btg=po.ab;btg=po.ac;btg=ap.b;btg=ap.g;btg=ap.c;btg=ap[2].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSKQAT0\fl_l;btg=la.av;btg=dx.bi;btg=pr.cb;btg=po.ab;btg=la.af;btg=pr.fx;btg=pr.gk;btg=op.ip;btg=op.kv;btg=cm.ippi;btg=pr.hu;btg=op.lj;btg=op[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSKQAT0\hu;btg=pr.gk;btg=pr.io;btg=cm.music_l;btg=cm.stbl;btg=et.1c;btg=la.av;btg=la.af;btg=po.ab;btg=po.ac;btg=ap.b;btg=ap.g;btg=ap.c;btg=ap[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7P7JRY3\fl_l;btg=la.av;btg=dx.bi;btg=pr.cb;btg=po.ab;btg=la.af;btg=pr.fx;btg=pr.gk;btg=op.ip;btg=op.kv;btg=cm.ippi;btg=pr.hu;btg=op.lj;btg=op[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYW9BT4H\btg=pr.io;btg=cm.music_l;btg=cm.ent_l;btg=cm.stbl;btg=et.1c;btg=la.av;btg=la.af;btg=po.ab;btg=po.ac;btg=ap.b;btg=ap.g;btg=ap.c;btg=ap[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYW9BT4H\fl_l;btg=la.av;btg=dx.bi;btg=pr.cb;btg=po.ab;btg=la.af;btg=pr.fx;btg=pr.gk;btg=op.ip;btg=op.kv;btg=cm.ippi;btg=pr.hu;btg=op.lj;btg=op[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSKQAT0\=cm.music_l;btg=cm.ent_l;btg=cm.nfl_l;btg=cm.stbl;btg=et.1c;btg=la.av;btg=la.af;btg=po.ab;btg=po.ac;btg=ap.b;btg=ap.g;btg=ap.c;btg=ap[1].js
Hidden: file C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYW9BT4H\%7CuSFU3F%7C-S44s4FfU3wUFSUs4kf4~-sfsUS3SwUkSkfS443U%7CwFk4k4sfwS3wU%7CwwkuuS%7Cukf%7C-4fk4wSukkSfS33UksfU~swUwUFk443wSsUUFUfk%7CeTD[1].htm
Stopped logging on 9/17/2012 at 11:03:47 AM



ListParts64 Log
ListParts by Farbar Version: 15-09-2012
Ran by Kirk (administrator) on 17-09-2012 at 11:46:52
Windows 7 (X64)
Running From: C:\Users\Kirk\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 8139.86 MB
Available physical RAM: 5985.34 MB
Total Pagefile: 16277.86 MB
Available Pagefile: 13881.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:246.09 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy Boot

======================================================================================================

****** End Of Log ******

Attached Files



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:01 AM

Posted 17 September 2012 - 04:54 PM

Hello,

Did you run yorkyt.exe tool from my last post? If not please do so now. If you already have please post the log.

Also is it still redirecting? If so which browsers?

Edited by fireman4it, 17 September 2012 - 04:56 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Vapor187

Vapor187
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 18 September 2012 - 07:18 AM

Yes I did run it sorry forgot the log here it is and yes IE is still redirecting

Yorkyt Log

2012-09-17 09:25:56: ****************************************************
2012-09-17 09:25:56: Starting UP ... v 0.0.0.220
2012-09-17 09:25:56: ****************************************************
2012-09-17 09:25:56: Stop TPSRV returns: 2
2012-09-17 09:26:11: Listing processes...
2012-09-17 09:26:11: :[System Process]:0
2012-09-17 09:26:11: :System:4
2012-09-17 09:26:11: :smss.exe:316
2012-09-17 09:26:11: :csrss.exe:444
2012-09-17 09:26:11: :wininit.exe:560
2012-09-17 09:26:11: :csrss.exe:580
2012-09-17 09:26:11: :Services.exe:624
2012-09-17 09:26:11: :lsass.exe:644
2012-09-17 09:26:11: :lsm.exe:652
2012-09-17 09:26:11: :svchost.exe:744
2012-09-17 09:26:11: :svchost.exe:824
2012-09-17 09:26:11: :atiesrxx.exe:888
2012-09-17 09:26:11: :winlogon.exe:924
2012-09-17 09:26:11: :svchost.exe:964
2012-09-17 09:26:11: :svchost.exe:1008
2012-09-17 09:26:11: :svchost.exe:336
2012-09-17 09:26:11: :svchost.exe:528
2012-09-17 09:26:11: :hpservice.exe:1088
2012-09-17 09:26:11: :WUDFHost.exe:1144
2012-09-17 09:26:11: :atieclxx.exe:1236
2012-09-17 09:26:11: :dwm.exe:1444
2012-09-17 09:26:11: :explorer.exe:1468
2012-09-17 09:26:11: :svchost.exe:1520
2012-09-17 09:26:11: :wlanext.exe:1608
2012-09-17 09:26:11: :conhost.exe:1616
2012-09-17 09:26:11: :spoolsv.exe:1672
2012-09-17 09:26:11: :taskhost.exe:1700
2012-09-17 09:26:11: :svchost.exe:1732
2012-09-17 09:26:11: :SASCORE64.EXE:1124
2012-09-17 09:26:11: :ACService.exe:1420
2012-09-17 09:26:11: :EvtEng.exe:1932
2012-09-17 09:26:11: :mbamscheduler.exe:2040
2012-09-17 09:26:11: :mbamservice.exe:1792
2012-09-17 09:26:11: :svchost.exe:2084
2012-09-17 09:26:11: :RegSrvc.exe:2108
2012-09-17 09:26:11: :svchost.exe:2160
2012-09-17 09:26:11: :mbamgui.exe:2284
2012-09-17 09:26:11: :unsecapp.exe:2604
2012-09-17 09:26:11: :WmiPrvSE.exe:1296
2012-09-17 09:26:11: :iFrmewrk.exe:2812
2012-09-17 09:26:11: :SynTPEnh.exe:2804
2012-09-17 09:26:11: :igfxtray.exe:1492
2012-09-17 09:26:11: :hkcmd.exe:1360
2012-09-17 09:26:11: :igfxpers.exe:2956
2012-09-17 09:26:11: :SUPERANTISPYWARE.EXE:2784
2012-09-17 09:26:11: :nusb3mon.exe:3924
2012-09-17 09:26:11: :SynTPHelper.exe:3080
2012-09-17 09:26:11: :IAStorIcon.exe:3112
2012-09-17 09:26:11: :AdobeARM.exe:3408
2012-09-17 09:26:11: :ACDaemon.exe:3496
2012-09-17 09:26:11: :ArcMonitor.exe:3592
2012-09-17 09:26:11: :jusched.exe:3740
2012-09-17 09:26:11: :ArcCon.ac:3888
2012-09-17 09:26:11: :SearchIndexer.exe:3504
2012-09-17 09:26:11: :unsecapp.exe:4020
2012-09-17 09:26:11: :svchost.exe:3704
2012-09-17 09:26:11: :IAStorDataMgrSvc.exe:3172
2012-09-17 09:26:11: :wmpnetwk.exe:3472
2012-09-17 09:26:11: :notepad.exe:3280
2012-09-17 09:26:11: :TrustedInstaller.exe:4064
2012-09-17 09:26:11: :wuauclt.exe:3212
2012-09-17 09:26:11: :taskeng.exe:188
2012-09-17 09:26:11: :audiodg.exe:4048
2012-09-17 09:26:11: :SearchProtocolHost.exe:2852
2012-09-17 09:26:11: :SearchFilterHost.exe:1432
2012-09-17 09:26:11: :iexplore.exe:3048
2012-09-17 09:26:11: :iexplore.exe:3700
2012-09-17 09:26:11: :FlashUtil32_11_3_300_271_ActiveX.exe:3776
2012-09-17 09:26:11: :iexplore.exe:2264
2012-09-17 09:26:11: :yorkyt.exe:1344
2012-09-17 09:26:11: :WmiPrvSE.exe:2576
2012-09-17 09:26:11:
2012-09-17 09:26:11: Setting restore point
2012-09-17 09:26:22: RUN mode
2012-09-17 09:26:22: Determining autonomous or dropped mode...
2012-09-17 09:26:22: Autonomus mode
2012-09-17 09:26:22: ---------------------------------------------------------------------
2012-09-17 09:26:22: Found Service: AeLookupSvc
2012-09-17 09:26:22: Real Path: C:\Windows\System32\aelupsvc.dll
2012-09-17 09:26:22: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-09-17 09:26:22: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-09-17 09:26:22: ServiceDLL: System32\aelupsvc.dll
2012-09-17 09:26:22: File size: 0
2012-09-17 09:26:22: DLL File name: aelupsvc.dll
2012-09-17 09:26:22: Original File Name: aelupsvc.dll.mui
2012-09-17 09:26:22: Company:
2012-09-17 09:26:22: Mod/Cre/Acc time:
2012-09-17 09:26:22: ---------------------------------------------------------------------
2012-09-17 09:26:22: Found Service: AppIDSvc
2012-09-17 09:26:22: Real Path: C:\Windows\System32\appidsvc.dll
2012-09-17 09:26:22: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-09-17 09:26:22: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-09-17 09:26:22: ServiceDLL: System32\appidsvc.dll
2012-09-17 09:26:22: File size: 0
2012-09-17 09:26:22: DLL File name: appidsvc.dll
2012-09-17 09:26:22: Original File Name: appidsvc.dll.mui
2012-09-17 09:26:22: Company:
2012-09-17 09:26:22: Mod/Cre/Acc time:
2012-09-17 09:26:22: ---------------------------------------------------------------------
2012-09-17 09:26:22: Found Service: Appinfo
2012-09-17 09:26:22: Real Path: C:\Windows\System32\appinfo.dll
2012-09-17 09:26:22: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-09-17 09:26:22: Description: @%systemroot%\system32\appinfo.dll,-101
2012-09-17 09:26:22: ServiceDLL: System32\appinfo.dll
2012-09-17 09:26:22: File size: 0
2012-09-17 09:26:22: DLL File name: appinfo.dll
2012-09-17 09:26:22: Original File Name: appinfo.dll.mui
2012-09-17 09:26:22: Company:
2012-09-17 09:26:22: Mod/Cre/Acc time:
2012-09-17 09:26:22: ---------------------------------------------------------------------
2012-09-17 09:26:22: Found Service: AppMgmt
2012-09-17 09:26:22: Real Path: C:\Windows\System32\appmgmts.dll
2012-09-17 09:26:22: Display Name: @appmgmts.dll,-3250
2012-09-17 09:26:22: Description: @appmgmts.dll,-3251
2012-09-17 09:26:22: ServiceDLL: System32\appmgmts.dll
2012-09-17 09:26:22: File size: 149504
2012-09-17 09:26:22: DLL File name: appmgmts.dll
2012-09-17 09:26:22: Original File Name: appmgmts.dll.mui
2012-09-17 09:26:22: Company:
2012-09-17 09:26:22: Mod/Cre/Acc time: 20090713211453 20090713193834 20090713193834
2012-09-17 09:26:22: ---------------------------------------------------------------------
2012-09-17 09:26:22: Found Service: AudioEndpointBuilder
2012-09-17 09:26:22: Real Path: C:\Windows\System32\Audiosrv.dll
2012-09-17 09:26:22: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-09-17 09:26:22: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-09-17 09:26:22: ServiceDLL: System32\Audiosrv.dll
2012-09-17 09:26:22: File size: 0
2012-09-17 09:26:22: DLL File name: Audiosrv.dll
2012-09-17 09:26:23: Original File Name: audiosrv.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: AudioSrv
2012-09-17 09:26:23: Real Path: C:\Windows\System32\Audiosrv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-09-17 09:26:23: ServiceDLL: System32\Audiosrv.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: Audiosrv.dll
2012-09-17 09:26:23: Original File Name: audiosrv.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: AxInstSV
2012-09-17 09:26:23: Real Path: C:\Windows\System32\AxInstSV.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-09-17 09:26:23: ServiceDLL: System32\AxInstSV.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: AxInstSV.dll
2012-09-17 09:26:23: Original File Name: AxInstSv.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: BDESVC
2012-09-17 09:26:23: Real Path: C:\Windows\System32\bdesvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\bdesvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: bdesvc.dll
2012-09-17 09:26:23: Original File Name: BDESVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: BFE
2012-09-17 09:26:23: Real Path: C:\Windows\System32\bfe.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-09-17 09:26:23: ServiceDLL: System32\bfe.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: bfe.dll
2012-09-17 09:26:23: Original File Name: BFE.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: BITS
2012-09-17 09:26:23: Real Path: C:\Windows\system32\qmgr.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-09-17 09:26:23: ServiceDLL: system32\qmgr.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: qmgr.dll
2012-09-17 09:26:23: Original File Name: qmgr.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Browser
2012-09-17 09:26:23: Real Path: C:\Windows\System32\browser.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\browser.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\browser.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\browser.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: browser.dll
2012-09-17 09:26:23: Original File Name: browser.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: bthserv
2012-09-17 09:26:23: Real Path: C:\Windows\system32\bthserv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-09-17 09:26:23: ServiceDLL: system32\bthserv.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: bthserv.dll
2012-09-17 09:26:23: Original File Name: BTHSERV.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: CertPropSvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\certprop.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-09-17 09:26:23: ServiceDLL: System32\certprop.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: certprop.dll
2012-09-17 09:26:23: Original File Name: certprop.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: CryptSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\cryptsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-09-17 09:26:23: ServiceDLL: system32\cryptsvc.dll
2012-09-17 09:26:23: File size: 139264
2012-09-17 09:26:23: DLL File name: cryptsvc.dll
2012-09-17 09:26:23: Original File Name: cryptsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20120424004704 20120617205950 20120617205950
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: CscService
2012-09-17 09:26:23: Real Path: C:\Windows\System32\cscsvc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2012-09-17 09:26:23: Description: @%systemroot%\system32\cscsvc.dll,-201
2012-09-17 09:26:23: ServiceDLL: System32\cscsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: cscsvc.dll
2012-09-17 09:26:23: Original File Name: cscsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: DcomLaunch
2012-09-17 09:26:23: Real Path: C:\Windows\system32\rpcss.dll
2012-09-17 09:26:23: Display Name: @oleres.dll,-5012
2012-09-17 09:26:23: Description: @oleres.dll,-5013
2012-09-17 09:26:23: ServiceDLL: system32\rpcss.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: rpcss.dll
2012-09-17 09:26:23: Original File Name: rpcss.dll
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: defragsvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\defragsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-09-17 09:26:23: ServiceDLL: System32\defragsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: defragsvc.dll
2012-09-17 09:26:23: Original File Name: defragsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Dhcp
2012-09-17 09:26:23: Real Path: C:\Windows\system32\dhcpcore.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\dhcpcore.dll
2012-09-17 09:26:23: File size: 253440
2012-09-17 09:26:23: DLL File name: dhcpcore.dll
2012-09-17 09:26:23: Original File Name: dhcpcore.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Dnscache
2012-09-17 09:26:23: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-09-17 09:26:23: ServiceDLL: System32\dnsrslvr.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: dnsrslvr.dll
2012-09-17 09:26:23: Original File Name: dnsrslvr.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: dot3svc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\dot3svc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-09-17 09:26:23: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-09-17 09:26:23: ServiceDLL: System32\dot3svc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: dot3svc.dll
2012-09-17 09:26:23: Original File Name: dot3svc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: DPS
2012-09-17 09:26:23: Real Path: C:\Windows\system32\dps.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\dps.dll,-500
2012-09-17 09:26:23: Description: @%systemroot%\system32\dps.dll,-501
2012-09-17 09:26:23: ServiceDLL: system32\dps.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: dps.dll
2012-09-17 09:26:23: Original File Name: dps.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: EapHost
2012-09-17 09:26:23: Real Path: C:\Windows\System32\eapsvc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-09-17 09:26:23: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-09-17 09:26:23: ServiceDLL: System32\eapsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: eapsvc.dll
2012-09-17 09:26:23: Original File Name: eapsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: EventSystem
2012-09-17 09:26:23: Real Path: C:\Windows\system32\es.dll
2012-09-17 09:26:23: Display Name: @comres.dll,-2450
2012-09-17 09:26:23: Description: @comres.dll,-2451
2012-09-17 09:26:23: ServiceDLL: system32\es.dll
2012-09-17 09:26:23: File size: 271360
2012-09-17 09:26:23: DLL File name: es.dll
2012-09-17 09:26:23: Original File Name: ES.DLL
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: fdPHost
2012-09-17 09:26:23: Real Path: C:\Windows\system32\fdPHost.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\fdPHost.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: fdPHost.dll
2012-09-17 09:26:23: Original File Name: fdPHost.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: FDResPub
2012-09-17 09:26:23: Real Path: C:\Windows\system32\fdrespub.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\fdrespub.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: fdrespub.dll
2012-09-17 09:26:23: Original File Name: FDResPub.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: !!!!!!!
2012-09-17 09:26:23: Found Service: FontCache
2012-09-17 09:26:23: Real Path: C:\Windows\system32\FntCache.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\FntCache.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\FntCache.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: FntCache.dll
2012-09-17 09:26:23: Original File Name: FontCacheService
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: !!!!!!!!!
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: gpsvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\gpsvc.dll
2012-09-17 09:26:23: Display Name: @gpapi.dll,-112
2012-09-17 09:26:23: Description: @gpapi.dll,-113
2012-09-17 09:26:23: ServiceDLL: System32\gpsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: gpsvc.dll
2012-09-17 09:26:23: Original File Name: gpsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: hidserv
2012-09-17 09:26:23: Real Path: C:\Windows\System32\hidserv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-09-17 09:26:23: ServiceDLL: System32\hidserv.dll
2012-09-17 09:26:23: File size: 49152
2012-09-17 09:26:23: DLL File name: hidserv.dll
2012-09-17 09:26:23: Original File Name: HIDSERV.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: hkmsvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\kmsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-09-17 09:26:23: ServiceDLL: system32\kmsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: kmsvc.dll
2012-09-17 09:26:23: Original File Name: KmSvc.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: HomeGroupListener
2012-09-17 09:26:23: Real Path: C:\Windows\system32\ListSvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\ListSvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: ListSvc.dll
2012-09-17 09:26:23: Original File Name: ListSvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: HomeGroupProvider
2012-09-17 09:26:23: Real Path: C:\Windows\system32\provsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\provsvc.dll
2012-09-17 09:26:23: File size: 165376
2012-09-17 09:26:23: DLL File name: provsvc.dll
2012-09-17 09:26:23: Original File Name: provsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: IKEEXT
2012-09-17 09:26:23: Real Path: C:\Windows\System32\ikeext.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-09-17 09:26:23: ServiceDLL: System32\ikeext.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: ikeext.dll
2012-09-17 09:26:23: Original File Name: IKEEXT.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: IPBusEnum
2012-09-17 09:26:23: Real Path: C:\Windows\system32\ipbusenum.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-09-17 09:26:23: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-09-17 09:26:23: ServiceDLL: system32\ipbusenum.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: ipbusenum.dll
2012-09-17 09:26:23: Original File Name: IPBusEnum.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: iphlpsvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-09-17 09:26:23: ServiceDLL: System32\iphlpsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: iphlpsvc.dll
2012-09-17 09:26:23: Original File Name: iphlpsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: KtmRm
2012-09-17 09:26:23: Real Path: C:\Windows\system32\msdtckrm.dll
2012-09-17 09:26:23: Display Name: @comres.dll,-2946
2012-09-17 09:26:23: Description: @comres.dll,-2947
2012-09-17 09:26:23: ServiceDLL: system32\msdtckrm.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: msdtckrm.dll
2012-09-17 09:26:23: Original File Name: MSDTCKRM.DLL
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: LanmanServer
2012-09-17 09:26:23: Real Path: C:\Windows\System32\srvsvc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\srvsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: srvsvc.dll
2012-09-17 09:26:23: Original File Name: SRVSVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: LanmanWorkstation
2012-09-17 09:26:23: Real Path: C:\Windows\System32\wkssvc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\wkssvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: wkssvc.dll
2012-09-17 09:26:23: Original File Name: WKSSVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: lltdsvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\lltdsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-09-17 09:26:23: ServiceDLL: System32\lltdsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: lltdsvc.dll
2012-09-17 09:26:23: Original File Name: LLTDSVC.DLL
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: lmhosts
2012-09-17 09:26:23: Real Path: C:\Windows\System32\lmhsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-09-17 09:26:23: ServiceDLL: System32\lmhsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: lmhsvc.dll
2012-09-17 09:26:23: Original File Name: lmhsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Mcx2Svc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-09-17 09:26:23: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-09-17 09:26:23: ServiceDLL: system32\Mcx2Svc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: Mcx2Svc.dll
2012-09-17 09:26:23: Original File Name: Mcx2Svc.dll
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: MMCSS
2012-09-17 09:26:23: Real Path: C:\Windows\system32\mmcss.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\mmcss.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\mmcss.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: mmcss.dll
2012-09-17 09:26:23: Original File Name: mmcss.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: MpsSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\mpssvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-09-17 09:26:23: ServiceDLL: system32\mpssvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: mpssvc.dll
2012-09-17 09:26:23: Original File Name: mpssvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: MSiSCSI
2012-09-17 09:26:23: Real Path: C:\Windows\system32\iscsiexe.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-09-17 09:26:23: ServiceDLL: system32\iscsiexe.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: iscsiexe.dll
2012-09-17 09:26:23: Original File Name: iscsiexe.exe.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: napagent
2012-09-17 09:26:23: Real Path: C:\Windows\system32\qagentRT.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-09-17 09:26:23: ServiceDLL: system32\qagentRT.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: qagentRT.dll
2012-09-17 09:26:23: Original File Name: QAgentRT.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Netman
2012-09-17 09:26:23: Real Path: C:\Windows\System32\netman.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\netman.dll,-110
2012-09-17 09:26:23: ServiceDLL: System32\netman.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: netman.dll
2012-09-17 09:26:23: Original File Name: netman.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: netprofm
2012-09-17 09:26:23: Real Path: C:\Windows\System32\netprofm.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-09-17 09:26:23: ServiceDLL: System32\netprofm.dll
2012-09-17 09:26:23: File size: 360448
2012-09-17 09:26:23: DLL File name: netprofm.dll
2012-09-17 09:26:23: Original File Name: netprofm.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: NlaSvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\nlasvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-09-17 09:26:23: ServiceDLL: System32\nlasvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: nlasvc.dll
2012-09-17 09:26:23: Original File Name: nlasvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: nsi
2012-09-17 09:26:23: Real Path: C:\Windows\system32\nsisvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-09-17 09:26:23: ServiceDLL: system32\nsisvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: nsisvc.dll
2012-09-17 09:26:23: Original File Name: nsisvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: p2pimsvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-09-17 09:26:23: ServiceDLL: system32\pnrpsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: pnrpsvc.dll
2012-09-17 09:26:23: Original File Name: pnrpsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: p2psvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\p2psvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-09-17 09:26:23: ServiceDLL: system32\p2psvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: p2psvc.dll
2012-09-17 09:26:23: Original File Name: p2psvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: !!!!!!!
2012-09-17 09:26:23: Found Service: PcaSvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\pcasvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-09-17 09:26:23: ServiceDLL: System32\pcasvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: pcasvc.dll
2012-09-17 09:26:23: Original File Name:
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: !!!!!!!!!
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: PeerDistSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\peerdistsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2012-09-17 09:26:23: ServiceDLL: system32\peerdistsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: peerdistsvc.dll
2012-09-17 09:26:23: Original File Name: PeerDistSvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: pla
2012-09-17 09:26:23: Real Path: C:\Windows\system32\pla.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\pla.dll,-500
2012-09-17 09:26:23: Description: @%systemroot%\system32\pla.dll,-501
2012-09-17 09:26:23: ServiceDLL: system32\pla.dll
2012-09-17 09:26:23: File size: 1508864
2012-09-17 09:26:23: DLL File name: pla.dll
2012-09-17 09:26:23: Original File Name: PLA.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: PlugPlay
2012-09-17 09:26:23: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\umpnpmgr.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: umpnpmgr.dll
2012-09-17 09:26:23: Original File Name: Umpnpmgr.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: PNRPAutoReg
2012-09-17 09:26:23: Real Path: C:\Windows\system32\pnrpauto.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-09-17 09:26:23: ServiceDLL: system32\pnrpauto.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: pnrpauto.dll
2012-09-17 09:26:23: Original File Name: pnrpauto.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: PNRPsvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-09-17 09:26:23: ServiceDLL: system32\pnrpsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: pnrpsvc.dll
2012-09-17 09:26:23: Original File Name: pnrpsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: PolicyAgent
2012-09-17 09:26:23: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-09-17 09:26:23: ServiceDLL: System32\ipsecsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: ipsecsvc.dll
2012-09-17 09:26:23: Original File Name: ipsecsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Power
2012-09-17 09:26:23: Real Path: C:\Windows\system32\umpo.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\umpo.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: umpo.dll
2012-09-17 09:26:23: Original File Name: Umpo.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: ProfSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\profsvc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-09-17 09:26:23: Description: @%systemroot%\system32\profsvc.dll,-301
2012-09-17 09:26:23: ServiceDLL: system32\profsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: profsvc.dll
2012-09-17 09:26:23: Original File Name: ProfSvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: QWAVE
2012-09-17 09:26:23: Real Path: C:\Windows\system32\qwave.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-09-17 09:26:23: ServiceDLL: system32\qwave.dll
2012-09-17 09:26:23: File size: 210944
2012-09-17 09:26:23: DLL File name: qwave.dll
2012-09-17 09:26:23: Original File Name: qwave.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: RasAuto
2012-09-17 09:26:23: Real Path: C:\Windows\System32\rasauto.dll
2012-09-17 09:26:23: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-09-17 09:26:23: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-09-17 09:26:23: ServiceDLL: System32\rasauto.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: rasauto.dll
2012-09-17 09:26:23: Original File Name: rasauto.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: RasMan
2012-09-17 09:26:23: Real Path: C:\Windows\System32\rasmans.dll
2012-09-17 09:26:23: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-09-17 09:26:23: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-09-17 09:26:23: ServiceDLL: System32\rasmans.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: rasmans.dll
2012-09-17 09:26:23: Original File Name: Rasmans.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: RemoteAccess
2012-09-17 09:26:23: Real Path: C:\Windows\System32\mprdim.dll
2012-09-17 09:26:23: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-09-17 09:26:23: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-09-17 09:26:23: ServiceDLL: System32\mprdim.dll
2012-09-17 09:26:23: File size: 75264
2012-09-17 09:26:23: DLL File name: mprdim.dll
2012-09-17 09:26:23: Original File Name: MPRDIM.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: RemoteRegistry
2012-09-17 09:26:23: Real Path: C:\Windows\system32\regsvc.dll
2012-09-17 09:26:23: Display Name: @regsvc.dll,-1
2012-09-17 09:26:23: Description: @regsvc.dll,-2
2012-09-17 09:26:23: ServiceDLL: system32\regsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: regsvc.dll
2012-09-17 09:26:23: Original File Name: REGSVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: RpcEptMapper
2012-09-17 09:26:23: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-09-17 09:26:23: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-09-17 09:26:23: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-09-17 09:26:23: ServiceDLL: System32\RpcEpMap.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: RpcEpMap.dll
2012-09-17 09:26:23: Original File Name: RpcEpMap.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: RpcSs
2012-09-17 09:26:23: Real Path: C:\Windows\system32\rpcss.dll
2012-09-17 09:26:23: Display Name: @oleres.dll,-5010
2012-09-17 09:26:23: Description: @oleres.dll,-5011
2012-09-17 09:26:23: ServiceDLL: system32\rpcss.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: rpcss.dll
2012-09-17 09:26:23: Original File Name: rpcss.dll
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SCardSvr
2012-09-17 09:26:23: Real Path: C:\Windows\System32\SCardSvr.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-09-17 09:26:23: ServiceDLL: System32\SCardSvr.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: SCardSvr.dll
2012-09-17 09:26:23: Original File Name: SCardSvr.exe.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Schedule
2012-09-17 09:26:23: Real Path: C:\Windows\system32\schedsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\schedsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: schedsvc.dll
2012-09-17 09:26:23: Original File Name: schedsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SCPolicySvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\certprop.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-09-17 09:26:23: ServiceDLL: System32\certprop.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: certprop.dll
2012-09-17 09:26:23: Original File Name: certprop.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SDRSVC
2012-09-17 09:26:23: Real Path: C:\Windows\System32\SDRSVC.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-09-17 09:26:23: ServiceDLL: System32\SDRSVC.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: SDRSVC.dll
2012-09-17 09:26:23: Original File Name: SDRSVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: seclogon
2012-09-17 09:26:23: Real Path: C:\Windows\system32\seclogon.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-09-17 09:26:23: ServiceDLL: system32\seclogon.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: seclogon.dll
2012-09-17 09:26:23: Original File Name: SECLOGON.EXE.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SENS
2012-09-17 09:26:23: Real Path: C:\Windows\system32\sens.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-09-17 09:26:23: ServiceDLL: system32\sens.dll
2012-09-17 09:26:23: File size: 49664
2012-09-17 09:26:23: DLL File name: sens.dll
2012-09-17 09:26:23: Original File Name: sens.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SensrSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\sensrsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-09-17 09:26:23: ServiceDLL: system32\sensrsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: sensrsvc.dll
2012-09-17 09:26:23: Original File Name: sensrsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SessionEnv
2012-09-17 09:26:23: Real Path: C:\Windows\system32\sessenv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-09-17 09:26:23: ServiceDLL: system32\sessenv.dll
2012-09-17 09:26:23: File size: 99328
2012-09-17 09:26:23: DLL File name: sessenv.dll
2012-09-17 09:26:23: Original File Name: SessEnv.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SharedAccess
2012-09-17 09:26:23: Real Path: C:\Windows\System32\ipnathlp.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-09-17 09:26:23: ServiceDLL: System32\ipnathlp.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: ipnathlp.dll
2012-09-17 09:26:23: Original File Name: IPNATHLP.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: ShellHWDetection
2012-09-17 09:26:23: Real Path: C:\Windows\System32\shsvcs.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-09-17 09:26:23: ServiceDLL: System32\shsvcs.dll
2012-09-17 09:26:23: File size: 328192
2012-09-17 09:26:23: DLL File name: shsvcs.dll
2012-09-17 09:26:23: Original File Name: SHSVCS.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: sppuinotify
2012-09-17 09:26:23: Real Path: C:\Windows\system32\sppuinotify.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-09-17 09:26:23: ServiceDLL: system32\sppuinotify.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: sppuinotify.dll
2012-09-17 09:26:23: Original File Name: sppuinotify.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SSDPSRV
2012-09-17 09:26:23: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\ssdpsrv.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: ssdpsrv.dll
2012-09-17 09:26:23: Original File Name: ssdpsrv.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SstpSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\sstpsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-09-17 09:26:23: ServiceDLL: system32\sstpsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: sstpsvc.dll
2012-09-17 09:26:23: Original File Name: sstpsvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: stisvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\wiaservc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-09-17 09:26:23: ServiceDLL: System32\wiaservc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: wiaservc.dll
2012-09-17 09:26:23: Original File Name: WIASERVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: StorSvc
2012-09-17 09:26:23: Real Path: C:\Windows\system32\storsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\StorSvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\StorSvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: system32\storsvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: storsvc.dll
2012-09-17 09:26:23: Original File Name: StorSvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: swprv
2012-09-17 09:26:23: Real Path: C:\Windows\System32\swprv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-09-17 09:26:23: ServiceDLL: System32\swprv.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: swprv.dll
2012-09-17 09:26:23: Original File Name: SWPRV.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: SysMain
2012-09-17 09:26:23: Real Path: C:\Windows\system32\sysmain.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-09-17 09:26:23: ServiceDLL: system32\sysmain.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: sysmain.dll
2012-09-17 09:26:23: Original File Name: sysmain.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: TabletInputService
2012-09-17 09:26:23: Real Path: C:\Windows\System32\TabSvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\TabSvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: TabSvc.dll
2012-09-17 09:26:23: Original File Name: TabSvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: TapiSrv
2012-09-17 09:26:23: Real Path: C:\Windows\System32\tapisrv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-09-17 09:26:23: ServiceDLL: System32\tapisrv.dll
2012-09-17 09:26:23: File size: 241664
2012-09-17 09:26:23: DLL File name: tapisrv.dll
2012-09-17 09:26:23: Original File Name: TAPISRV.EXE.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: TBS
2012-09-17 09:26:23: Real Path: C:\Windows\System32\tbssvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\tbssvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: tbssvc.dll
2012-09-17 09:26:23: Original File Name: TBSSVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: TermService
2012-09-17 09:26:23: Real Path: C:\Windows\System32\termsrv.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-09-17 09:26:23: ServiceDLL: System32\termsrv.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: termsrv.dll
2012-09-17 09:26:23: Original File Name: termsrv.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: Themes
2012-09-17 09:26:23: Real Path: C:\Windows\system32\themeservice.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-09-17 09:26:23: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-09-17 09:26:23: ServiceDLL: system32\themeservice.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: themeservice.dll
2012-09-17 09:26:23: Original File Name: THEMESERVICE.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: THREADORDER
2012-09-17 09:26:23: Real Path: C:\Windows\system32\mmcss.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-09-17 09:26:23: Description: @%systemroot%\system32\mmcss.dll,-103
2012-09-17 09:26:23: ServiceDLL: system32\mmcss.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: mmcss.dll
2012-09-17 09:26:23: Original File Name: mmcss.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: TrkWks
2012-09-17 09:26:23: Real Path: C:\Windows\System32\trkwks.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-09-17 09:26:23: ServiceDLL: System32\trkwks.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: trkwks.dll
2012-09-17 09:26:23: Original File Name: trkwks.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: UmRdpService
2012-09-17 09:26:23: Real Path: C:\Windows\System32\umrdp.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2012-09-17 09:26:23: ServiceDLL: System32\umrdp.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: umrdp.dll
2012-09-17 09:26:23: Original File Name: umrdp.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: !!!!!!!
2012-09-17 09:26:23: Found Service: upnphost
2012-09-17 09:26:23: Real Path: C:\Windows\System32\upnphost.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-09-17 09:26:23: Description: @%systemroot%\system32\upnphost.dll,-214
2012-09-17 09:26:23: ServiceDLL: System32\upnphost.dll
2012-09-17 09:26:23: File size: 266752
2012-09-17 09:26:23: DLL File name: upnphost.dll
2012-09-17 09:26:23: Original File Name: unpnhost.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
2012-09-17 09:26:23: !!!!!!!!!
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: UxSms
2012-09-17 09:26:23: Real Path: C:\Windows\System32\uxsms.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-09-17 09:26:23: ServiceDLL: System32\uxsms.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: uxsms.dll
2012-09-17 09:26:23: Original File Name: UxSms.dll
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: W32Time
2012-09-17 09:26:23: Real Path: C:\Windows\system32\w32time.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-09-17 09:26:23: ServiceDLL: system32\w32time.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: w32time.dll
2012-09-17 09:26:23: Original File Name: w32time.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: WbioSrvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-09-17 09:26:23: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-09-17 09:26:23: ServiceDLL: System32\wbiosrvc.dll
2012-09-17 09:26:23: File size: 0
2012-09-17 09:26:23: DLL File name: wbiosrvc.dll
2012-09-17 09:26:23: Original File Name: wbiosrvc.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time:
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: wcncsvc
2012-09-17 09:26:23: Real Path: C:\Windows\System32\wcncsvc.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-09-17 09:26:23: ServiceDLL: System32\wcncsvc.dll
2012-09-17 09:26:23: File size: 276992
2012-09-17 09:26:23: DLL File name: wcncsvc.dll
2012-09-17 09:26:23: Original File Name: WCNCSVC.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20100914020714 20110923161048 20110923161048
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: WcsPlugInService
2012-09-17 09:26:23: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-09-17 09:26:23: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-09-17 09:26:23: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-09-17 09:26:23: ServiceDLL: System32\WcsPlugInService.dll
2012-09-17 09:26:23: File size: 32768
2012-09-17 09:26:23: DLL File name: WcsPlugInService.dll
2012-09-17 09:26:23: Original File Name: WcsPlugInService.DLL.MUI
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: WdiServiceHost
2012-09-17 09:26:23: Real Path: C:\Windows\system32\wdi.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-09-17 09:26:23: Description: @%systemroot%\system32\wdi.dll,-503
2012-09-17 09:26:23: ServiceDLL: system32\wdi.dll
2012-09-17 09:26:23: File size: 76288
2012-09-17 09:26:23: DLL File name: wdi.dll
2012-09-17 09:26:23: Original File Name: wdi.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-09-17 09:26:23: ---------------------------------------------------------------------
2012-09-17 09:26:23: Found Service: WdiSystemHost
2012-09-17 09:26:23: Real Path: C:\Windows\system32\wdi.dll
2012-09-17 09:26:23: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-09-17 09:26:23: Description: @%systemroot%\system32\wdi.dll,-501
2012-09-17 09:26:23: ServiceDLL: system32\wdi.dll
2012-09-17 09:26:23: File size: 76288
2012-09-17 09:26:23: DLL File name: wdi.dll
2012-09-17 09:26:23: Original File Name: wdi.dll.mui
2012-09-17 09:26:23: Company:
2012-09-17 09:26:23: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-09-17 09:26:23: !!!!!!!
2012-09-17 09:26:23: Found Service: WebClient
2012-09-17 09:26:23: Real Path: C:\Windows\System32\webclnt.dll
2012-09-17 09:26:24: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-09-17 09:26:24: Description: @%systemroot%\system32\webclnt.dll,-101
2012-09-17 09:26:24: ServiceDLL: System32\webclnt.dll
2012-09-17 09:26:24: File size: 204800
2012-09-17 09:26:24: DLL File name: webclnt.dll
2012-09-17 09:26:24: Original File Name: davsvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time: 20101221013821 20110919141505 20110919141505
2012-09-17 09:26:24: !!!!!!!!!
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: Wecsvc
2012-09-17 09:26:24: Real Path: C:\Windows\system32\wecsvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-09-17 09:26:24: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-09-17 09:26:24: ServiceDLL: system32\wecsvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wecsvc.dll
2012-09-17 09:26:24: Original File Name: wecsvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: !!!!!!!
2012-09-17 09:26:24: Found Service: wercplsupport
2012-09-17 09:26:24: Real Path: C:\Windows\System32\wercplsupport.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-09-17 09:26:24: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-09-17 09:26:24: ServiceDLL: System32\wercplsupport.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wercplsupport.dll
2012-09-17 09:26:24: Original File Name: ERC
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: !!!!!!!!!
2012-09-17 09:26:24: !!!!!!!
2012-09-17 09:26:24: Found Service: WerSvc
2012-09-17 09:26:24: Real Path: C:\Windows\System32\WerSvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-09-17 09:26:24: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-09-17 09:26:24: ServiceDLL: System32\WerSvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: WerSvc.dll
2012-09-17 09:26:24: Original File Name: wersvc
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: !!!!!!!!!
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: Winmgmt
2012-09-17 09:26:24: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-09-17 09:26:24: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-09-17 09:26:24: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-09-17 09:26:24: ServiceDLL: system32\wbem\WMIsvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: WMIsvc.dll
2012-09-17 09:26:24: Original File Name: wmisvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: WinRM
2012-09-17 09:26:24: Real Path: C:\Windows\system32\WsmSvc.dll
2012-09-17 09:26:24: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-09-17 09:26:24: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-09-17 09:26:24: ServiceDLL: system32\WsmSvc.dll
2012-09-17 09:26:24: File size: 1175040
2012-09-17 09:26:24: DLL File name: WsmSvc.dll
2012-09-17 09:26:24: Original File Name: WsmSvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: Wlansvc
2012-09-17 09:26:24: Real Path: C:\Windows\System32\wlansvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-09-17 09:26:24: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-09-17 09:26:24: ServiceDLL: System32\wlansvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wlansvc.dll
2012-09-17 09:26:24: Original File Name: wlansvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: WPCSvc
2012-09-17 09:26:24: Real Path: C:\Windows\System32\wpcsvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-09-17 09:26:24: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-09-17 09:26:24: ServiceDLL: System32\wpcsvc.dll
2012-09-17 09:26:24: File size: 10752
2012-09-17 09:26:24: DLL File name: wpcsvc.dll
2012-09-17 09:26:24: Original File Name: wpcsvc.exe.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: WPDBusEnum
2012-09-17 09:26:24: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-09-17 09:26:24: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-09-17 09:26:24: ServiceDLL: system32\wpdbusenum.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wpdbusenum.dll
2012-09-17 09:26:24: Original File Name: WpdBusEnum.DLL.MUI
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: wscsvc
2012-09-17 09:26:24: Real Path: C:\Windows\system32\wscsvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-09-17 09:26:24: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-09-17 09:26:24: ServiceDLL: system32\wscsvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wscsvc.dll
2012-09-17 09:26:24: Original File Name: wscsvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: wuauserv
2012-09-17 09:26:24: Real Path: C:\Windows\system32\wuaueng.dll
2012-09-17 09:26:24: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-09-17 09:26:24: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-09-17 09:26:24: ServiceDLL: system32\wuaueng.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wuaueng.dll
2012-09-17 09:26:24: Original File Name: wuaueng.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: wudfsvc
2012-09-17 09:26:24: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-09-17 09:26:24: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-09-17 09:26:24: ServiceDLL: System32\WUDFSvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: WUDFSvc.dll
2012-09-17 09:26:24: Original File Name: WUDFSvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24: ---------------------------------------------------------------------
2012-09-17 09:26:24: Found Service: WwanSvc
2012-09-17 09:26:24: Real Path: C:\Windows\System32\wwansvc.dll
2012-09-17 09:26:24: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-09-17 09:26:24: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-09-17 09:26:24: ServiceDLL: System32\wwansvc.dll
2012-09-17 09:26:24: File size: 0
2012-09-17 09:26:24: DLL File name: wwansvc.dll
2012-09-17 09:26:24: Original File Name: WwanSvc.dll.mui
2012-09-17 09:26:24: Company:
2012-09-17 09:26:24: Mod/Cre/Acc time:
2012-09-17 09:26:24:
2012-09-17 09:26:24: Looking for SHELL key
2012-09-17 09:26:24: Now looking for bad DLL files in system32
2012-09-17 09:27:14: Folder: GAC
2012-09-17 09:27:14: Folder: GAC_32
2012-09-17 09:27:14: Folder: GAC_64
2012-09-17 09:27:14: Folder: GAC_MSIL
2012-09-17 09:27:14: Folder: NativeImages_v2.0.50727_32
2012-09-17 09:27:14: Folder: NativeImages_v2.0.50727_64
2012-09-17 09:27:14: Folder: NativeImages_v4.0.30319_32
2012-09-17 09:27:14: Folder: NativeImages_v4.0.30319_64
2012-09-17 09:27:14: Folder: temp
2012-09-17 09:27:14: Folder: tmp
2012-09-17 09:27:14: Checking for bad folder
2012-09-17 09:27:14: Found 1 folders.
2012-09-17 09:27:14: Checking C:\Windows\assembly\tmp
2012-09-17 09:27:14: ... Folder test returns: 1
2012-09-17 09:27:14: Done with folder list in C:\Windows\assembly\ tmp
2012-09-17 09:27:14: Autonomous mode, clearing out yt folder
2012-09-17 09:27:14: cmd.exe /c start "C:\Users\Kirk\Desktop\yorkyt.exe"
2012-09-17 09:41:07: Restarting...
2012-09-17 09:42:17: ****************************************************
2012-09-17 09:42:17: Starting UP ... v 0.0.0.220
2012-09-17 09:42:17: ****************************************************
2012-09-17 09:42:18: Stop TPSRV returns: 2
2012-09-17 09:42:33: Listing processes...
2012-09-17 09:42:33: :[System Process]:0
2012-09-17 09:42:33: :System:4
2012-09-17 09:42:33: :smss.exe:316
2012-09-17 09:42:33: :csrss.exe:440
2012-09-17 09:42:33: :wininit.exe:556
2012-09-17 09:42:33: :csrss.exe:592
2012-09-17 09:42:33: :Services.exe:632
2012-09-17 09:42:33: :lsass.exe:640
2012-09-17 09:42:33: :lsm.exe:648
2012-09-17 09:42:33: :winlogon.exe:704
2012-09-17 09:42:33: :svchost.exe:792
2012-09-17 09:42:33: :svchost.exe:872
2012-09-17 09:42:33: :atiesrxx.exe:932
2012-09-17 09:42:33: :svchost.exe:1004
2012-09-17 09:42:33: :svchost.exe:128
2012-09-17 09:42:33: :svchost.exe:452
2012-09-17 09:42:33: :audiodg.exe:432
2012-09-17 09:42:33: :svchost.exe:644
2012-09-17 09:42:33: :hpservice.exe:1076
2012-09-17 09:42:33: :WUDFHost.exe:1152
2012-09-17 09:42:33: :atieclxx.exe:1236
2012-09-17 09:42:33: :dwm.exe:1456
2012-09-17 09:42:33: :explorer.exe:1504
2012-09-17 09:42:33: :svchost.exe:1528
2012-09-17 09:42:33: :wlanext.exe:1632
2012-09-17 09:42:33: :conhost.exe:1640
2012-09-17 09:42:33: :spoolsv.exe:1716
2012-09-17 09:42:33: :taskhost.exe:1744
2012-09-17 09:42:33: :svchost.exe:1768
2012-09-17 09:42:33: :SASCORE64.EXE:2004
2012-09-17 09:42:33: :taskeng.exe:2032
2012-09-17 09:42:33: :ACService.exe:1264
2012-09-17 09:42:33: :EvtEng.exe:1288
2012-09-17 09:42:33: :mbamscheduler.exe:1608
2012-09-17 09:42:33: :mbamservice.exe:1564
2012-09-17 09:42:33: :svchost.exe:1644
2012-09-17 09:42:33: :RegSrvc.exe:2064
2012-09-17 09:42:33: :svchost.exe:2096
2012-09-17 09:42:33: :svchost.exe:2136
2012-09-17 09:42:33: :mbamgui.exe:2220
2012-09-17 09:42:33: :unsecapp.exe:2448
2012-09-17 09:42:33: :WmiPrvSE.exe:2632
2012-09-17 09:42:33: :rundll32.exe:2896
2012-09-17 09:42:33: :yorkyt.exe:2732
2012-09-17 09:42:33: :WiMAXCU.exe:2696
2012-09-17 09:42:33: :iFrmewrk.exe:2000
2012-09-17 09:42:33: :SynTPEnh.exe:2984
2012-09-17 09:42:33: :igfxtray.exe:2948
2012-09-17 09:42:33: :hkcmd.exe:2924
2012-09-17 09:42:33: :igfxpers.exe:3048
2012-09-17 09:42:33: :SUPERANTISPYWARE.EXE:1900
2012-09-17 09:42:33: :nusb3mon.exe:3644
2012-09-17 09:42:33: :CLIStart.exe:3732
2012-09-17 09:42:33: :IAStorIcon.exe:3848
2012-09-17 09:42:33: :reader_sl.exe:4004
2012-09-17 09:42:33: :AdobeARM.exe:3128
2012-09-17 09:42:33: :ACDaemon.exe:3256
2012-09-17 09:42:33: :ArcMonitor.exe:3460
2012-09-17 09:42:33: :SynTPHelper.exe:3592
2012-09-17 09:42:33: :ArcCon.ac:3700
2012-09-17 09:42:33: :jusched.exe:3768
2012-09-17 09:42:33: :WmiPrvSE.exe:996
2012-09-17 09:42:33: :svchost.exe:3152
2012-09-17 09:42:33: :unsecapp.exe:3300
2012-09-17 09:42:33: :SearchIndexer.exe:3424
2012-09-17 09:42:33: :SearchProtocolHost.exe:3720
2012-09-17 09:42:33: :SearchFilterHost.exe:3968
2012-09-17 09:42:33:
2012-09-17 09:42:33: Starting cleanup mode...
2012-09-17 09:42:52: ... Done with files, now folders
2012-09-17 09:42:56: All DONE
2012-09-17 09:43:51: ****************************************************
2012-09-17 09:43:51: Starting UP ... v 0.0.0.220
2012-09-17 09:43:51: ****************************************************
2012-09-17 09:43:51: Stop TPSRV returns: 2
2012-09-17 09:44:07: Listing processes...
2012-09-17 09:44:07: :[System Process]:0
2012-09-17 09:44:07: :System:4
2012-09-17 09:44:07: :smss.exe:316
2012-09-17 09:44:07: :csrss.exe:440
2012-09-17 09:44:07: :wininit.exe:556
2012-09-17 09:44:07: :csrss.exe:592
2012-09-17 09:44:07: :Services.exe:632
2012-09-17 09:44:07: :lsass.exe:640
2012-09-17 09:44:07: :lsm.exe:648
2012-09-17 09:44:07: :winlogon.exe:704
2012-09-17 09:44:07: :svchost.exe:792
2012-09-17 09:44:07: :svchost.exe:872
2012-09-17 09:44:07: :atiesrxx.exe:932
2012-09-17 09:44:07: :svchost.exe:1004
2012-09-17 09:44:07: :svchost.exe:128
2012-09-17 09:44:07: :svchost.exe:452
2012-09-17 09:44:07: :audiodg.exe:432
2012-09-17 09:44:07: :svchost.exe:644
2012-09-17 09:44:07: :hpservice.exe:1076
2012-09-17 09:44:07: :WUDFHost.exe:1152
2012-09-17 09:44:07: :atieclxx.exe:1236
2012-09-17 09:44:07: :dwm.exe:1456
2012-09-17 09:44:07: :explorer.exe:1504
2012-09-17 09:44:07: :svchost.exe:1528
2012-09-17 09:44:07: :wlanext.exe:1632
2012-09-17 09:44:07: :conhost.exe:1640
2012-09-17 09:44:07: :spoolsv.exe:1716
2012-09-17 09:44:07: :taskhost.exe:1744
2012-09-17 09:44:07: :svchost.exe:1768
2012-09-17 09:44:07: :SASCORE64.EXE:2004
2012-09-17 09:44:07: :taskeng.exe:2032
2012-09-17 09:44:07: :ACService.exe:1264
2012-09-17 09:44:07: :EvtEng.exe:1288
2012-09-17 09:44:07: :mbamscheduler.exe:1608
2012-09-17 09:44:07: :svchost.exe:1644
2012-09-17 09:44:07: :RegSrvc.exe:2064
2012-09-17 09:44:07: :svchost.exe:2096
2012-09-17 09:44:07: :svchost.exe:2136
2012-09-17 09:44:07: :unsecapp.exe:2448
2012-09-17 09:44:07: :WmiPrvSE.exe:2632
2012-09-17 09:44:07: :rundll32.exe:2896
2012-09-17 09:44:07: :WiMAXCU.exe:2696
2012-09-17 09:44:07: :iFrmewrk.exe:2000
2012-09-17 09:44:07: :SynTPEnh.exe:2984
2012-09-17 09:44:07: :igfxtray.exe:2948
2012-09-17 09:44:07: :hkcmd.exe:2924
2012-09-17 09:44:07: :igfxpers.exe:3048
2012-09-17 09:44:07: :nusb3mon.exe:3644
2012-09-17 09:44:07: :IAStorIcon.exe:3848
2012-09-17 09:44:07: :reader_sl.exe:4004
2012-09-17 09:44:07: :AdobeARM.exe:3128
2012-09-17 09:44:07: :ACDaemon.exe:3256
2012-09-17 09:44:07: :ArcMonitor.exe:3460
2012-09-17 09:44:07: :SynTPHelper.exe:3592
2012-09-17 09:44:07: :ArcCon.ac:3700
2012-09-17 09:44:07: :jusched.exe:3768
2012-09-17 09:44:07: :WmiPrvSE.exe:996
2012-09-17 09:44:07: :svchost.exe:3152
2012-09-17 09:44:07: :unsecapp.exe:3300
2012-09-17 09:44:07: :SearchIndexer.exe:3424
2012-09-17 09:44:07: :SearchProtocolHost.exe:3720
2012-09-17 09:44:07: :SearchFilterHost.exe:3968
2012-09-17 09:44:07: :VSSVC.exe:3548
2012-09-17 09:44:07: :svchost.exe:3952
2012-09-17 09:44:07: :MOM.exe:4788
2012-09-17 09:44:07: :CCC.exe:4340
2012-09-17 09:44:07: :yorkyt.exe:2900
2012-09-17 09:44:07: :IAStorDataMgrSvc.exe:2372
2012-09-17 09:44:07: :sppsvc.exe:4824
2012-09-17 09:44:07: :wmpnetwk.exe:4868
2012-09-17 09:44:07:
2012-09-17 09:44:07: Setting restore point
2012-09-17 09:44:13: RUN mode
2012-09-17 09:44:13: Determining autonomous or dropped mode...
2012-09-17 09:44:13: Autonomus mode
2012-09-17 09:44:13: ---------------------------------------------------------------------
2012-09-17 09:44:13: Found Service: AeLookupSvc
2012-09-17 09:44:13: Real Path: C:\Windows\System32\aelupsvc.dll
2012-09-17 09:44:13: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-09-17 09:44:13: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-09-17 09:44:13: ServiceDLL: System32\aelupsvc.dll
2012-09-17 09:44:13: File size: 0
2012-09-17 09:44:13: DLL File name: aelupsvc.dll
2012-09-17 09:44:13: Original File Name: aelupsvc.dll.mui
2012-09-17 09:44:13: Company:
2012-09-17 09:44:13: Mod/Cre/Acc time:
2012-09-17 09:44:13: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: AppIDSvc
2012-09-17 09:44:14: Real Path: C:\Windows\System32\appidsvc.dll
2012-09-17 09:44:14: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-09-17 09:44:14: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-09-17 09:44:14: ServiceDLL: System32\appidsvc.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: appidsvc.dll
2012-09-17 09:44:14: Original File Name: appidsvc.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: Appinfo
2012-09-17 09:44:14: Real Path: C:\Windows\System32\appinfo.dll
2012-09-17 09:44:14: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-09-17 09:44:14: Description: @%systemroot%\system32\appinfo.dll,-101
2012-09-17 09:44:14: ServiceDLL: System32\appinfo.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: appinfo.dll
2012-09-17 09:44:14: Original File Name: appinfo.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: AppMgmt
2012-09-17 09:44:14: Real Path: C:\Windows\System32\appmgmts.dll
2012-09-17 09:44:14: Display Name: @appmgmts.dll,-3250
2012-09-17 09:44:14: Description: @appmgmts.dll,-3251
2012-09-17 09:44:14: ServiceDLL: System32\appmgmts.dll
2012-09-17 09:44:14: File size: 149504
2012-09-17 09:44:14: DLL File name: appmgmts.dll
2012-09-17 09:44:14: Original File Name: appmgmts.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time: 20090713211453 20090713193834 20090713193834
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: AudioEndpointBuilder
2012-09-17 09:44:14: Real Path: C:\Windows\System32\Audiosrv.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-09-17 09:44:14: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-09-17 09:44:14: ServiceDLL: System32\Audiosrv.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: Audiosrv.dll
2012-09-17 09:44:14: Original File Name: audiosrv.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: AudioSrv
2012-09-17 09:44:14: Real Path: C:\Windows\System32\Audiosrv.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-09-17 09:44:14: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-09-17 09:44:14: ServiceDLL: System32\Audiosrv.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: Audiosrv.dll
2012-09-17 09:44:14: Original File Name: audiosrv.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: AxInstSV
2012-09-17 09:44:14: Real Path: C:\Windows\System32\AxInstSV.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-09-17 09:44:14: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-09-17 09:44:14: ServiceDLL: System32\AxInstSV.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: AxInstSV.dll
2012-09-17 09:44:14: Original File Name: AxInstSv.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: BDESVC
2012-09-17 09:44:14: Real Path: C:\Windows\System32\bdesvc.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-09-17 09:44:14: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-09-17 09:44:14: ServiceDLL: System32\bdesvc.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: bdesvc.dll
2012-09-17 09:44:14: Original File Name: BDESVC.DLL.MUI
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: BFE
2012-09-17 09:44:14: Real Path: C:\Windows\System32\bfe.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-09-17 09:44:14: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-09-17 09:44:14: ServiceDLL: System32\bfe.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: bfe.dll
2012-09-17 09:44:14: Original File Name: BFE.DLL.MUI
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: BITS
2012-09-17 09:44:14: Real Path: C:\Windows\system32\qmgr.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-09-17 09:44:14: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-09-17 09:44:14: ServiceDLL: system32\qmgr.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: qmgr.dll
2012-09-17 09:44:14: Original File Name: qmgr.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: Browser
2012-09-17 09:44:14: Real Path: C:\Windows\System32\browser.dll
2012-09-17 09:44:14: Display Name: @%systemroot%\system32\browser.dll,-100
2012-09-17 09:44:14: Description: @%systemroot%\system32\browser.dll,-101
2012-09-17 09:44:14: ServiceDLL: System32\browser.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: browser.dll
2012-09-17 09:44:14: Original File Name: browser.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: bthserv
2012-09-17 09:44:14: Real Path: C:\Windows\system32\bthserv.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-09-17 09:44:14: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-09-17 09:44:14: ServiceDLL: system32\bthserv.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: bthserv.dll
2012-09-17 09:44:14: Original File Name: BTHSERV.DLL.MUI
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: CertPropSvc
2012-09-17 09:44:14: Real Path: C:\Windows\System32\certprop.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-09-17 09:44:14: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-09-17 09:44:14: ServiceDLL: System32\certprop.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: certprop.dll
2012-09-17 09:44:14: Original File Name: certprop.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: CryptSvc
2012-09-17 09:44:14: Real Path: C:\Windows\system32\cryptsvc.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-09-17 09:44:14: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-09-17 09:44:14: ServiceDLL: system32\cryptsvc.dll
2012-09-17 09:44:14: File size: 139264
2012-09-17 09:44:14: DLL File name: cryptsvc.dll
2012-09-17 09:44:14: Original File Name: cryptsvc.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time: 20120424004704 20120617205950 20120617205950
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: CscService
2012-09-17 09:44:14: Real Path: C:\Windows\System32\cscsvc.dll
2012-09-17 09:44:14: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2012-09-17 09:44:14: Description: @%systemroot%\system32\cscsvc.dll,-201
2012-09-17 09:44:14: ServiceDLL: System32\cscsvc.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: cscsvc.dll
2012-09-17 09:44:14: Original File Name: cscsvc.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: DcomLaunch
2012-09-17 09:44:14: Real Path: C:\Windows\system32\rpcss.dll
2012-09-17 09:44:14: Display Name: @oleres.dll,-5012
2012-09-17 09:44:14: Description: @oleres.dll,-5013
2012-09-17 09:44:14: ServiceDLL: system32\rpcss.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: rpcss.dll
2012-09-17 09:44:14: Original File Name: rpcss.dll
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:14: ---------------------------------------------------------------------
2012-09-17 09:44:14: Found Service: defragsvc
2012-09-17 09:44:14: Real Path: C:\Windows\System32\defragsvc.dll
2012-09-17 09:44:14: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-09-17 09:44:14: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-09-17 09:44:14: ServiceDLL: System32\defragsvc.dll
2012-09-17 09:44:14: File size: 0
2012-09-17 09:44:14: DLL File name: defragsvc.dll
2012-09-17 09:44:14: Original File Name: defragsvc.dll.mui
2012-09-17 09:44:14: Company:
2012-09-17 09:44:14: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: Dhcp
2012-09-17 09:44:15: Real Path: C:\Windows\system32\dhcpcore.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-09-17 09:44:15: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\dhcpcore.dll
2012-09-17 09:44:15: File size: 253440
2012-09-17 09:44:15: DLL File name: dhcpcore.dll
2012-09-17 09:44:15: Original File Name: dhcpcore.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: Dnscache
2012-09-17 09:44:15: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-09-17 09:44:15: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-09-17 09:44:15: ServiceDLL: System32\dnsrslvr.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: dnsrslvr.dll
2012-09-17 09:44:15: Original File Name: dnsrslvr.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: dot3svc
2012-09-17 09:44:15: Real Path: C:\Windows\System32\dot3svc.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-09-17 09:44:15: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-09-17 09:44:15: ServiceDLL: System32\dot3svc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: dot3svc.dll
2012-09-17 09:44:15: Original File Name: dot3svc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: DPS
2012-09-17 09:44:15: Real Path: C:\Windows\system32\dps.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\dps.dll,-500
2012-09-17 09:44:15: Description: @%systemroot%\system32\dps.dll,-501
2012-09-17 09:44:15: ServiceDLL: system32\dps.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: dps.dll
2012-09-17 09:44:15: Original File Name: dps.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: EapHost
2012-09-17 09:44:15: Real Path: C:\Windows\System32\eapsvc.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-09-17 09:44:15: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-09-17 09:44:15: ServiceDLL: System32\eapsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: eapsvc.dll
2012-09-17 09:44:15: Original File Name: eapsvc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: EventSystem
2012-09-17 09:44:15: Real Path: C:\Windows\system32\es.dll
2012-09-17 09:44:15: Display Name: @comres.dll,-2450
2012-09-17 09:44:15: Description: @comres.dll,-2451
2012-09-17 09:44:15: ServiceDLL: system32\es.dll
2012-09-17 09:44:15: File size: 271360
2012-09-17 09:44:15: DLL File name: es.dll
2012-09-17 09:44:15: Original File Name: ES.DLL
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: fdPHost
2012-09-17 09:44:15: Real Path: C:\Windows\system32\fdPHost.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-09-17 09:44:15: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\fdPHost.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: fdPHost.dll
2012-09-17 09:44:15: Original File Name: fdPHost.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: FDResPub
2012-09-17 09:44:15: Real Path: C:\Windows\system32\fdrespub.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-09-17 09:44:15: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\fdrespub.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: fdrespub.dll
2012-09-17 09:44:15: Original File Name: FDResPub.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: !!!!!!!
2012-09-17 09:44:15: Found Service: FontCache
2012-09-17 09:44:15: Real Path: C:\Windows\system32\FntCache.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-09-17 09:44:15: Description: @%systemroot%\system32\FntCache.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\FntCache.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: FntCache.dll
2012-09-17 09:44:15: Original File Name: FontCacheService
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: !!!!!!!!!
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: gpsvc
2012-09-17 09:44:15: Real Path: C:\Windows\System32\gpsvc.dll
2012-09-17 09:44:15: Display Name: @gpapi.dll,-112
2012-09-17 09:44:15: Description: @gpapi.dll,-113
2012-09-17 09:44:15: ServiceDLL: System32\gpsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: gpsvc.dll
2012-09-17 09:44:15: Original File Name: gpsvc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: hidserv
2012-09-17 09:44:15: Real Path: C:\Windows\System32\hidserv.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-09-17 09:44:15: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-09-17 09:44:15: ServiceDLL: System32\hidserv.dll
2012-09-17 09:44:15: File size: 49152
2012-09-17 09:44:15: DLL File name: hidserv.dll
2012-09-17 09:44:15: Original File Name: HIDSERV.DLL.MUI
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: hkmsvc
2012-09-17 09:44:15: Real Path: C:\Windows\system32\kmsvc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-09-17 09:44:15: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-09-17 09:44:15: ServiceDLL: system32\kmsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: kmsvc.dll
2012-09-17 09:44:15: Original File Name: KmSvc.DLL.MUI
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: HomeGroupListener
2012-09-17 09:44:15: Real Path: C:\Windows\system32\ListSvc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-09-17 09:44:15: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\ListSvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: ListSvc.dll
2012-09-17 09:44:15: Original File Name: ListSvc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: HomeGroupProvider
2012-09-17 09:44:15: Real Path: C:\Windows\system32\provsvc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-09-17 09:44:15: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\provsvc.dll
2012-09-17 09:44:15: File size: 165376
2012-09-17 09:44:15: DLL File name: provsvc.dll
2012-09-17 09:44:15: Original File Name: provsvc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: IKEEXT
2012-09-17 09:44:15: Real Path: C:\Windows\System32\ikeext.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-09-17 09:44:15: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-09-17 09:44:15: ServiceDLL: System32\ikeext.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: ikeext.dll
2012-09-17 09:44:15: Original File Name: IKEEXT.DLL.MUI
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: IPBusEnum
2012-09-17 09:44:15: Real Path: C:\Windows\system32\ipbusenum.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-09-17 09:44:15: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-09-17 09:44:15: ServiceDLL: system32\ipbusenum.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: ipbusenum.dll
2012-09-17 09:44:15: Original File Name: IPBusEnum.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: iphlpsvc
2012-09-17 09:44:15: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-09-17 09:44:15: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-09-17 09:44:15: ServiceDLL: System32\iphlpsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: iphlpsvc.dll
2012-09-17 09:44:15: Original File Name: iphlpsvc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: KtmRm
2012-09-17 09:44:15: Real Path: C:\Windows\system32\msdtckrm.dll
2012-09-17 09:44:15: Display Name: @comres.dll,-2946
2012-09-17 09:44:15: Description: @comres.dll,-2947
2012-09-17 09:44:15: ServiceDLL: system32\msdtckrm.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: msdtckrm.dll
2012-09-17 09:44:15: Original File Name: MSDTCKRM.DLL
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: LanmanServer
2012-09-17 09:44:15: Real Path: C:\Windows\System32\srvsvc.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-09-17 09:44:15: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-09-17 09:44:15: ServiceDLL: System32\srvsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: srvsvc.dll
2012-09-17 09:44:15: Original File Name: SRVSVC.DLL.MUI
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: LanmanWorkstation
2012-09-17 09:44:15: Real Path: C:\Windows\System32\wkssvc.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-09-17 09:44:15: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-09-17 09:44:15: ServiceDLL: System32\wkssvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: wkssvc.dll
2012-09-17 09:44:15: Original File Name: WKSSVC.DLL.MUI
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: lltdsvc
2012-09-17 09:44:15: Real Path: C:\Windows\System32\lltdsvc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-09-17 09:44:15: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-09-17 09:44:15: ServiceDLL: System32\lltdsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: lltdsvc.dll
2012-09-17 09:44:15: Original File Name: LLTDSVC.DLL
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: lmhosts
2012-09-17 09:44:15: Real Path: C:\Windows\System32\lmhsvc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-09-17 09:44:15: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-09-17 09:44:15: ServiceDLL: System32\lmhsvc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: lmhsvc.dll
2012-09-17 09:44:15: Original File Name: lmhsvc.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: Mcx2Svc
2012-09-17 09:44:15: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-09-17 09:44:15: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-09-17 09:44:15: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-09-17 09:44:15: ServiceDLL: system32\Mcx2Svc.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: Mcx2Svc.dll
2012-09-17 09:44:15: Original File Name: Mcx2Svc.dll
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:15: ---------------------------------------------------------------------
2012-09-17 09:44:15: Found Service: MMCSS
2012-09-17 09:44:15: Real Path: C:\Windows\system32\mmcss.dll
2012-09-17 09:44:15: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-09-17 09:44:15: Description: @%systemroot%\system32\mmcss.dll,-101
2012-09-17 09:44:15: ServiceDLL: system32\mmcss.dll
2012-09-17 09:44:15: File size: 0
2012-09-17 09:44:15: DLL File name: mmcss.dll
2012-09-17 09:44:15: Original File Name: mmcss.dll.mui
2012-09-17 09:44:15: Company:
2012-09-17 09:44:15: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: MpsSvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\mpssvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-09-17 09:44:16: ServiceDLL: system32\mpssvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: mpssvc.dll
2012-09-17 09:44:16: Original File Name: mpssvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: MSiSCSI
2012-09-17 09:44:16: Real Path: C:\Windows\system32\iscsiexe.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-09-17 09:44:16: ServiceDLL: system32\iscsiexe.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: iscsiexe.dll
2012-09-17 09:44:16: Original File Name: iscsiexe.exe.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: napagent
2012-09-17 09:44:16: Real Path: C:\Windows\system32\qagentRT.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-09-17 09:44:16: ServiceDLL: system32\qagentRT.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: qagentRT.dll
2012-09-17 09:44:16: Original File Name: QAgentRT.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: Netman
2012-09-17 09:44:16: Real Path: C:\Windows\System32\netman.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\netman.dll,-110
2012-09-17 09:44:16: ServiceDLL: System32\netman.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: netman.dll
2012-09-17 09:44:16: Original File Name: netman.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: netprofm
2012-09-17 09:44:16: Real Path: C:\Windows\System32\netprofm.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-09-17 09:44:16: ServiceDLL: System32\netprofm.dll
2012-09-17 09:44:16: File size: 360448
2012-09-17 09:44:16: DLL File name: netprofm.dll
2012-09-17 09:44:16: Original File Name: netprofm.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: NlaSvc
2012-09-17 09:44:16: Real Path: C:\Windows\System32\nlasvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-09-17 09:44:16: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-09-17 09:44:16: ServiceDLL: System32\nlasvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: nlasvc.dll
2012-09-17 09:44:16: Original File Name: nlasvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: nsi
2012-09-17 09:44:16: Real Path: C:\Windows\system32\nsisvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-09-17 09:44:16: ServiceDLL: system32\nsisvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: nsisvc.dll
2012-09-17 09:44:16: Original File Name: nsisvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: p2pimsvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-09-17 09:44:16: ServiceDLL: system32\pnrpsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: pnrpsvc.dll
2012-09-17 09:44:16: Original File Name: pnrpsvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: p2psvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\p2psvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-09-17 09:44:16: ServiceDLL: system32\p2psvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: p2psvc.dll
2012-09-17 09:44:16: Original File Name: p2psvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: !!!!!!!
2012-09-17 09:44:16: Found Service: PcaSvc
2012-09-17 09:44:16: Real Path: C:\Windows\System32\pcasvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-09-17 09:44:16: ServiceDLL: System32\pcasvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: pcasvc.dll
2012-09-17 09:44:16: Original File Name:
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: !!!!!!!!!
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: PeerDistSvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\peerdistsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2012-09-17 09:44:16: ServiceDLL: system32\peerdistsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: peerdistsvc.dll
2012-09-17 09:44:16: Original File Name: PeerDistSvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: pla
2012-09-17 09:44:16: Real Path: C:\Windows\system32\pla.dll
2012-09-17 09:44:16: Display Name: @%systemroot%\system32\pla.dll,-500
2012-09-17 09:44:16: Description: @%systemroot%\system32\pla.dll,-501
2012-09-17 09:44:16: ServiceDLL: system32\pla.dll
2012-09-17 09:44:16: File size: 1508864
2012-09-17 09:44:16: DLL File name: pla.dll
2012-09-17 09:44:16: Original File Name: PLA.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: PlugPlay
2012-09-17 09:44:16: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-09-17 09:44:16: ServiceDLL: system32\umpnpmgr.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: umpnpmgr.dll
2012-09-17 09:44:16: Original File Name: Umpnpmgr.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: PNRPAutoReg
2012-09-17 09:44:16: Real Path: C:\Windows\system32\pnrpauto.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-09-17 09:44:16: ServiceDLL: system32\pnrpauto.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: pnrpauto.dll
2012-09-17 09:44:16: Original File Name: pnrpauto.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: PNRPsvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-09-17 09:44:16: ServiceDLL: system32\pnrpsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: pnrpsvc.dll
2012-09-17 09:44:16: Original File Name: pnrpsvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: PolicyAgent
2012-09-17 09:44:16: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-09-17 09:44:16: ServiceDLL: System32\ipsecsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: ipsecsvc.dll
2012-09-17 09:44:16: Original File Name: ipsecsvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: Power
2012-09-17 09:44:16: Real Path: C:\Windows\system32\umpo.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-09-17 09:44:16: ServiceDLL: system32\umpo.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: umpo.dll
2012-09-17 09:44:16: Original File Name: Umpo.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: ProfSvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\profsvc.dll
2012-09-17 09:44:16: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-09-17 09:44:16: Description: @%systemroot%\system32\profsvc.dll,-301
2012-09-17 09:44:16: ServiceDLL: system32\profsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: profsvc.dll
2012-09-17 09:44:16: Original File Name: ProfSvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: QWAVE
2012-09-17 09:44:16: Real Path: C:\Windows\system32\qwave.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-09-17 09:44:16: ServiceDLL: system32\qwave.dll
2012-09-17 09:44:16: File size: 210944
2012-09-17 09:44:16: DLL File name: qwave.dll
2012-09-17 09:44:16: Original File Name: qwave.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: RasAuto
2012-09-17 09:44:16: Real Path: C:\Windows\System32\rasauto.dll
2012-09-17 09:44:16: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-09-17 09:44:16: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-09-17 09:44:16: ServiceDLL: System32\rasauto.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: rasauto.dll
2012-09-17 09:44:16: Original File Name: rasauto.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: RasMan
2012-09-17 09:44:16: Real Path: C:\Windows\System32\rasmans.dll
2012-09-17 09:44:16: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-09-17 09:44:16: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-09-17 09:44:16: ServiceDLL: System32\rasmans.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: rasmans.dll
2012-09-17 09:44:16: Original File Name: Rasmans.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: RemoteAccess
2012-09-17 09:44:16: Real Path: C:\Windows\System32\mprdim.dll
2012-09-17 09:44:16: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-09-17 09:44:16: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-09-17 09:44:16: ServiceDLL: System32\mprdim.dll
2012-09-17 09:44:16: File size: 75264
2012-09-17 09:44:16: DLL File name: mprdim.dll
2012-09-17 09:44:16: Original File Name: MPRDIM.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: RemoteRegistry
2012-09-17 09:44:16: Real Path: C:\Windows\system32\regsvc.dll
2012-09-17 09:44:16: Display Name: @regsvc.dll,-1
2012-09-17 09:44:16: Description: @regsvc.dll,-2
2012-09-17 09:44:16: ServiceDLL: system32\regsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: regsvc.dll
2012-09-17 09:44:16: Original File Name: REGSVC.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: RpcEptMapper
2012-09-17 09:44:16: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-09-17 09:44:16: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-09-17 09:44:16: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-09-17 09:44:16: ServiceDLL: System32\RpcEpMap.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: RpcEpMap.dll
2012-09-17 09:44:16: Original File Name: RpcEpMap.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: RpcSs
2012-09-17 09:44:16: Real Path: C:\Windows\system32\rpcss.dll
2012-09-17 09:44:16: Display Name: @oleres.dll,-5010
2012-09-17 09:44:16: Description: @oleres.dll,-5011
2012-09-17 09:44:16: ServiceDLL: system32\rpcss.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: rpcss.dll
2012-09-17 09:44:16: Original File Name: rpcss.dll
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SCardSvr
2012-09-17 09:44:16: Real Path: C:\Windows\System32\SCardSvr.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-09-17 09:44:16: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-09-17 09:44:16: ServiceDLL: System32\SCardSvr.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: SCardSvr.dll
2012-09-17 09:44:16: Original File Name: SCardSvr.exe.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: Schedule
2012-09-17 09:44:16: Real Path: C:\Windows\system32\schedsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-09-17 09:44:16: ServiceDLL: system32\schedsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: schedsvc.dll
2012-09-17 09:44:16: Original File Name: schedsvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SCPolicySvc
2012-09-17 09:44:16: Real Path: C:\Windows\System32\certprop.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-09-17 09:44:16: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-09-17 09:44:16: ServiceDLL: System32\certprop.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: certprop.dll
2012-09-17 09:44:16: Original File Name: certprop.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SDRSVC
2012-09-17 09:44:16: Real Path: C:\Windows\System32\SDRSVC.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-09-17 09:44:16: ServiceDLL: System32\SDRSVC.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: SDRSVC.dll
2012-09-17 09:44:16: Original File Name: SDRSVC.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: seclogon
2012-09-17 09:44:16: Real Path: C:\Windows\system32\seclogon.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-09-17 09:44:16: ServiceDLL: system32\seclogon.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: seclogon.dll
2012-09-17 09:44:16: Original File Name: SECLOGON.EXE.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SENS
2012-09-17 09:44:16: Real Path: C:\Windows\system32\sens.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-09-17 09:44:16: ServiceDLL: system32\sens.dll
2012-09-17 09:44:16: File size: 49664
2012-09-17 09:44:16: DLL File name: sens.dll
2012-09-17 09:44:16: Original File Name: sens.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SensrSvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\sensrsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-09-17 09:44:16: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-09-17 09:44:16: ServiceDLL: system32\sensrsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: sensrsvc.dll
2012-09-17 09:44:16: Original File Name: sensrsvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SessionEnv
2012-09-17 09:44:16: Real Path: C:\Windows\system32\sessenv.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-09-17 09:44:16: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-09-17 09:44:16: ServiceDLL: system32\sessenv.dll
2012-09-17 09:44:16: File size: 99328
2012-09-17 09:44:16: DLL File name: sessenv.dll
2012-09-17 09:44:16: Original File Name: SessEnv.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SharedAccess
2012-09-17 09:44:16: Real Path: C:\Windows\System32\ipnathlp.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-09-17 09:44:16: ServiceDLL: System32\ipnathlp.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: ipnathlp.dll
2012-09-17 09:44:16: Original File Name: IPNATHLP.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: ShellHWDetection
2012-09-17 09:44:16: Real Path: C:\Windows\System32\shsvcs.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-09-17 09:44:16: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-09-17 09:44:16: ServiceDLL: System32\shsvcs.dll
2012-09-17 09:44:16: File size: 328192
2012-09-17 09:44:16: DLL File name: shsvcs.dll
2012-09-17 09:44:16: Original File Name: SHSVCS.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: sppuinotify
2012-09-17 09:44:16: Real Path: C:\Windows\system32\sppuinotify.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-09-17 09:44:16: ServiceDLL: system32\sppuinotify.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: sppuinotify.dll
2012-09-17 09:44:16: Original File Name: sppuinotify.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SSDPSRV
2012-09-17 09:44:16: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-09-17 09:44:16: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-09-17 09:44:16: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-09-17 09:44:16: ServiceDLL: System32\ssdpsrv.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: ssdpsrv.dll
2012-09-17 09:44:16: Original File Name: ssdpsrv.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: SstpSvc
2012-09-17 09:44:16: Real Path: C:\Windows\system32\sstpsvc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-09-17 09:44:16: ServiceDLL: system32\sstpsvc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: sstpsvc.dll
2012-09-17 09:44:16: Original File Name: sstpsvc.dll.mui
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:16: ---------------------------------------------------------------------
2012-09-17 09:44:16: Found Service: stisvc
2012-09-17 09:44:16: Real Path: C:\Windows\System32\wiaservc.dll
2012-09-17 09:44:16: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-09-17 09:44:16: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-09-17 09:44:16: ServiceDLL: System32\wiaservc.dll
2012-09-17 09:44:16: File size: 0
2012-09-17 09:44:16: DLL File name: wiaservc.dll
2012-09-17 09:44:16: Original File Name: WIASERVC.DLL.MUI
2012-09-17 09:44:16: Company:
2012-09-17 09:44:16: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: StorSvc
2012-09-17 09:44:17: Real Path: C:\Windows\system32\storsvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\StorSvc.dll,-100
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\StorSvc.dll,-101
2012-09-17 09:44:17: ServiceDLL: system32\storsvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: storsvc.dll
2012-09-17 09:44:17: Original File Name: StorSvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: swprv
2012-09-17 09:44:17: Real Path: C:\Windows\System32\swprv.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-09-17 09:44:17: ServiceDLL: System32\swprv.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: swprv.dll
2012-09-17 09:44:17: Original File Name: SWPRV.DLL.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: SysMain
2012-09-17 09:44:17: Real Path: C:\Windows\system32\sysmain.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-09-17 09:44:17: ServiceDLL: system32\sysmain.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: sysmain.dll
2012-09-17 09:44:17: Original File Name: sysmain.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: TabletInputService
2012-09-17 09:44:17: Real Path: C:\Windows\System32\TabSvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-09-17 09:44:17: ServiceDLL: System32\TabSvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: TabSvc.dll
2012-09-17 09:44:17: Original File Name: TabSvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: TapiSrv
2012-09-17 09:44:17: Real Path: C:\Windows\System32\tapisrv.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-09-17 09:44:17: ServiceDLL: System32\tapisrv.dll
2012-09-17 09:44:17: File size: 241664
2012-09-17 09:44:17: DLL File name: tapisrv.dll
2012-09-17 09:44:17: Original File Name: TAPISRV.EXE.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: TBS
2012-09-17 09:44:17: Real Path: C:\Windows\System32\tbssvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-09-17 09:44:17: ServiceDLL: System32\tbssvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: tbssvc.dll
2012-09-17 09:44:17: Original File Name: TBSSVC.DLL.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: TermService
2012-09-17 09:44:17: Real Path: C:\Windows\System32\termsrv.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-09-17 09:44:17: ServiceDLL: System32\termsrv.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: termsrv.dll
2012-09-17 09:44:17: Original File Name: termsrv.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: Themes
2012-09-17 09:44:17: Real Path: C:\Windows\system32\themeservice.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-09-17 09:44:17: ServiceDLL: system32\themeservice.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: themeservice.dll
2012-09-17 09:44:17: Original File Name: THEMESERVICE.DLL.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: THREADORDER
2012-09-17 09:44:17: Real Path: C:\Windows\system32\mmcss.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-09-17 09:44:17: Description: @%systemroot%\system32\mmcss.dll,-103
2012-09-17 09:44:17: ServiceDLL: system32\mmcss.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: mmcss.dll
2012-09-17 09:44:17: Original File Name: mmcss.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: TrkWks
2012-09-17 09:44:17: Real Path: C:\Windows\System32\trkwks.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-09-17 09:44:17: ServiceDLL: System32\trkwks.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: trkwks.dll
2012-09-17 09:44:17: Original File Name: trkwks.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: UmRdpService
2012-09-17 09:44:17: Real Path: C:\Windows\System32\umrdp.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2012-09-17 09:44:17: ServiceDLL: System32\umrdp.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: umrdp.dll
2012-09-17 09:44:17: Original File Name: umrdp.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: !!!!!!!
2012-09-17 09:44:17: Found Service: upnphost
2012-09-17 09:44:17: Real Path: C:\Windows\System32\upnphost.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-09-17 09:44:17: Description: @%systemroot%\system32\upnphost.dll,-214
2012-09-17 09:44:17: ServiceDLL: System32\upnphost.dll
2012-09-17 09:44:17: File size: 266752
2012-09-17 09:44:17: DLL File name: upnphost.dll
2012-09-17 09:44:17: Original File Name: unpnhost.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
2012-09-17 09:44:17: !!!!!!!!!
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: UxSms
2012-09-17 09:44:17: Real Path: C:\Windows\System32\uxsms.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-09-17 09:44:17: ServiceDLL: System32\uxsms.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: uxsms.dll
2012-09-17 09:44:17: Original File Name: UxSms.dll
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: W32Time
2012-09-17 09:44:17: Real Path: C:\Windows\system32\w32time.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-09-17 09:44:17: ServiceDLL: system32\w32time.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: w32time.dll
2012-09-17 09:44:17: Original File Name: w32time.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WbioSrvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-09-17 09:44:17: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-09-17 09:44:17: ServiceDLL: System32\wbiosrvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wbiosrvc.dll
2012-09-17 09:44:17: Original File Name: wbiosrvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: wcncsvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\wcncsvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-09-17 09:44:17: ServiceDLL: System32\wcncsvc.dll
2012-09-17 09:44:17: File size: 276992
2012-09-17 09:44:17: DLL File name: wcncsvc.dll
2012-09-17 09:44:17: Original File Name: WCNCSVC.DLL.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20100914020714 20110923161048 20110923161048
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WcsPlugInService
2012-09-17 09:44:17: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-09-17 09:44:17: ServiceDLL: System32\WcsPlugInService.dll
2012-09-17 09:44:17: File size: 32768
2012-09-17 09:44:17: DLL File name: WcsPlugInService.dll
2012-09-17 09:44:17: Original File Name: WcsPlugInService.DLL.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WdiServiceHost
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wdi.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-09-17 09:44:17: Description: @%systemroot%\system32\wdi.dll,-503
2012-09-17 09:44:17: ServiceDLL: system32\wdi.dll
2012-09-17 09:44:17: File size: 76288
2012-09-17 09:44:17: DLL File name: wdi.dll
2012-09-17 09:44:17: Original File Name: wdi.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WdiSystemHost
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wdi.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-09-17 09:44:17: Description: @%systemroot%\system32\wdi.dll,-501
2012-09-17 09:44:17: ServiceDLL: system32\wdi.dll
2012-09-17 09:44:17: File size: 76288
2012-09-17 09:44:17: DLL File name: wdi.dll
2012-09-17 09:44:17: Original File Name: wdi.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-09-17 09:44:17: !!!!!!!
2012-09-17 09:44:17: Found Service: WebClient
2012-09-17 09:44:17: Real Path: C:\Windows\System32\webclnt.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-09-17 09:44:17: Description: @%systemroot%\system32\webclnt.dll,-101
2012-09-17 09:44:17: ServiceDLL: System32\webclnt.dll
2012-09-17 09:44:17: File size: 204800
2012-09-17 09:44:17: DLL File name: webclnt.dll
2012-09-17 09:44:17: Original File Name: davsvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20101221013821 20110919141505 20110919141505
2012-09-17 09:44:17: !!!!!!!!!
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: Wecsvc
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wecsvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-09-17 09:44:17: ServiceDLL: system32\wecsvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wecsvc.dll
2012-09-17 09:44:17: Original File Name: wecsvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: !!!!!!!
2012-09-17 09:44:17: Found Service: wercplsupport
2012-09-17 09:44:17: Real Path: C:\Windows\System32\wercplsupport.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-09-17 09:44:17: ServiceDLL: System32\wercplsupport.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wercplsupport.dll
2012-09-17 09:44:17: Original File Name: ERC
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: !!!!!!!!!
2012-09-17 09:44:17: !!!!!!!
2012-09-17 09:44:17: Found Service: WerSvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\WerSvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-09-17 09:44:17: ServiceDLL: System32\WerSvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: WerSvc.dll
2012-09-17 09:44:17: Original File Name: wersvc
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: !!!!!!!!!
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: Winmgmt
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-09-17 09:44:17: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-09-17 09:44:17: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-09-17 09:44:17: ServiceDLL: system32\wbem\WMIsvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: WMIsvc.dll
2012-09-17 09:44:17: Original File Name: wmisvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WinRM
2012-09-17 09:44:17: Real Path: C:\Windows\system32\WsmSvc.dll
2012-09-17 09:44:17: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-09-17 09:44:17: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-09-17 09:44:17: ServiceDLL: system32\WsmSvc.dll
2012-09-17 09:44:17: File size: 1175040
2012-09-17 09:44:17: DLL File name: WsmSvc.dll
2012-09-17 09:44:17: Original File Name: WsmSvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: Wlansvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\wlansvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-09-17 09:44:17: ServiceDLL: System32\wlansvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wlansvc.dll
2012-09-17 09:44:17: Original File Name: wlansvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WPCSvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\wpcsvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-09-17 09:44:17: ServiceDLL: System32\wpcsvc.dll
2012-09-17 09:44:17: File size: 10752
2012-09-17 09:44:17: DLL File name: wpcsvc.dll
2012-09-17 09:44:17: Original File Name: wpcsvc.exe.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WPDBusEnum
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-09-17 09:44:17: ServiceDLL: system32\wpdbusenum.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wpdbusenum.dll
2012-09-17 09:44:17: Original File Name: WpdBusEnum.DLL.MUI
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: wscsvc
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wscsvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-09-17 09:44:17: ServiceDLL: system32\wscsvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wscsvc.dll
2012-09-17 09:44:17: Original File Name: wscsvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: wuauserv
2012-09-17 09:44:17: Real Path: C:\Windows\system32\wuaueng.dll
2012-09-17 09:44:17: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-09-17 09:44:17: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-09-17 09:44:17: ServiceDLL: system32\wuaueng.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wuaueng.dll
2012-09-17 09:44:17: Original File Name: wuaueng.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: wudfsvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-09-17 09:44:17: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-09-17 09:44:17: ServiceDLL: System32\WUDFSvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: WUDFSvc.dll
2012-09-17 09:44:17: Original File Name: WUDFSvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17: ---------------------------------------------------------------------
2012-09-17 09:44:17: Found Service: WwanSvc
2012-09-17 09:44:17: Real Path: C:\Windows\System32\wwansvc.dll
2012-09-17 09:44:17: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-09-17 09:44:17: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-09-17 09:44:17: ServiceDLL: System32\wwansvc.dll
2012-09-17 09:44:17: File size: 0
2012-09-17 09:44:17: DLL File name: wwansvc.dll
2012-09-17 09:44:17: Original File Name: WwanSvc.dll.mui
2012-09-17 09:44:17: Company:
2012-09-17 09:44:17: Mod/Cre/Acc time:
2012-09-17 09:44:17:
2012-09-17 09:44:17: Looking for SHELL key
2012-09-17 09:44:17: Now looking for bad DLL files in system32
2012-09-17 09:45:26: Folder: GAC
2012-09-17 09:45:26: Folder: GAC_32
2012-09-17 09:45:26: Folder: GAC_64
2012-09-17 09:45:26: Folder: GAC_MSIL
2012-09-17 09:45:26: Folder: NativeImages_v2.0.50727_32
2012-09-17 09:45:26: Folder: NativeImages_v2.0.50727_64
2012-09-17 09:45:26: Folder: NativeImages_v4.0.30319_32
2012-09-17 09:45:26: Folder: NativeImages_v4.0.30319_64
2012-09-17 09:45:26: Folder: temp
2012-09-17 09:45:26: Folder: tmp
2012-09-17 09:45:27: Checking for bad folder
2012-09-17 09:45:27: Found 1 folders.
2012-09-17 09:45:27: Checking C:\Windows\assembly\tmp
2012-09-17 09:45:27: ... Folder test returns: 1
2012-09-17 09:45:27: Done with folder list in C:\Windows\assembly\ tmp
2012-09-17 09:45:27: Autonomous mode, clearing out yt folder
2012-09-17 09:45:27: cmd.exe /c start "C:\Users\Kirk\Desktop\yorkyt.exe"
2012-09-17 09:45:39: Restarting...
2012-09-17 09:46:53: ****************************************************
2012-09-17 09:46:53: Starting UP ... v 0.0.0.220
2012-09-17 09:46:53: ****************************************************
2012-09-17 09:46:53: Stop TPSRV returns: 2
2012-09-17 09:47:08: Listing processes...
2012-09-17 09:47:08: :[System Process]:0
2012-09-17 09:47:08: :System:4
2012-09-17 09:47:08: :smss.exe:316
2012-09-17 09:47:08: :csrss.exe:440
2012-09-17 09:47:08: :wininit.exe:556
2012-09-17 09:47:08: :csrss.exe:584
2012-09-17 09:47:08: :Services.exe:628
2012-09-17 09:47:08: :lsass.exe:636
2012-09-17 09:47:08: :lsm.exe:644
2012-09-17 09:47:08: :winlogon.exe:700
2012-09-17 09:47:08: :svchost.exe:792
2012-09-17 09:47:08: :svchost.exe:868
2012-09-17 09:47:08: :atiesrxx.exe:928
2012-09-17 09:47:08: :svchost.exe:1008
2012-09-17 09:47:08: :svchost.exe:296
2012-09-17 09:47:08: :svchost.exe:456
2012-09-17 09:47:08: :audiodg.exe:424
2012-09-17 09:47:08: :svchost.exe:808
2012-09-17 09:47:08: :hpservice.exe:1084
2012-09-17 09:47:08: :WUDFHost.exe:1156
2012-09-17 09:47:08: :atieclxx.exe:1236
2012-09-17 09:47:08: :dwm.exe:1444
2012-09-17 09:47:08: :svchost.exe:1496
2012-09-17 09:47:08: :explorer.exe:1552
2012-09-17 09:47:08: :wlanext.exe:1604
2012-09-17 09:47:08: :conhost.exe:1612
2012-09-17 09:47:08: :spoolsv.exe:1688
2012-09-17 09:47:08: :taskhost.exe:1716
2012-09-17 09:47:08: :svchost.exe:1740
2012-09-17 09:47:08: :taskeng.exe:1900
2012-09-17 09:47:08: :SASCORE64.EXE:1460
2012-09-17 09:47:08: :ACService.exe:1780
2012-09-17 09:47:08: :EvtEng.exe:1288
2012-09-17 09:47:08: :mbamscheduler.exe:1932
2012-09-17 09:47:08: :mbamservice.exe:1096
2012-09-17 09:47:08: :svchost.exe:1384
2012-09-17 09:47:08: :RegSrvc.exe:2060
2012-09-17 09:47:08: :svchost.exe:2092
2012-09-17 09:47:08: :svchost.exe:2136
2012-09-17 09:47:08: :mbamgui.exe:2216
2012-09-17 09:47:08: :unsecapp.exe:2444
2012-09-17 09:47:08: :WmiPrvSE.exe:2644
2012-09-17 09:47:08: :svchost.exe:2996
2012-09-17 09:47:08: :rundll32.exe:2764
2012-09-17 09:47:08: :yorkyt.exe:3060
2012-09-17 09:47:08: :WiMAXCU.exe:2856
2012-09-17 09:47:08: :iFrmewrk.exe:3036
2012-09-17 09:47:08: :SynTPEnh.exe:2964
2012-09-17 09:47:08: :igfxtray.exe:3012
2012-09-17 09:47:08: :hkcmd.exe:2896
2012-09-17 09:47:08: :igfxpers.exe:3008
2012-09-17 09:47:09: :SUPERANTISPYWARE.EXE:2120
2012-09-17 09:47:09: :nusb3mon.exe:3656
2012-09-17 09:47:09: :CLIStart.exe:3680
2012-09-17 09:47:09: :IAStorIcon.exe:3716
2012-09-17 09:47:09: :reader_sl.exe:4004
2012-09-17 09:47:09: :AdobeARM.exe:3100
2012-09-17 09:47:09: :ACDaemon.exe:3248
2012-09-17 09:47:09: :ArcMonitor.exe:3404
2012-09-17 09:47:09: :jusched.exe:3600
2012-09-17 09:47:09: :ArcCon.ac:3632
2012-09-17 09:47:09: :WmiPrvSE.exe:3788
2012-09-17 09:47:09: :SynTPHelper.exe:3092
2012-09-17 09:47:09: :unsecapp.exe:4072
2012-09-17 09:47:09: :SearchIndexer.exe:3412
2012-09-17 09:47:09: :svchost.exe:3864
2012-09-17 09:47:09: :SearchProtocolHost.exe:3588
2012-09-17 09:47:09: :SearchFilterHost.exe:2552
2012-09-17 09:47:09:
2012-09-17 09:47:09: Starting cleanup mode...
2012-09-17 09:47:32: ... Done with files, now folders
2012-09-17 09:47:39: All DONE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users