Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting firefox


  • This topic is locked This topic is locked
22 replies to this topic

#1 JaRey

JaRey

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 09 January 2013 - 08:46 PM

Thanks for taking the time to help here.
I've tried to find the problem using:
MSE
MBAM
free Kaspersky Virus Removal Tool
TDSSKiller
HitmanPro_x64
HitmanPro-Kickstart

Nothing out of the ordinary has been found

I removed Firefox with REVO and replaced with new and google still redirects some searches to a page I can't close without using the task manager. Any help is greatly appreciated.
James

Here's a C&P of the dds text


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by BlueIce at 18:28:49 on 2013-01-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.12686 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Portrait Displays\PerfectSuite\DTHtml.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun: [DT VSC] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -VSC
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\BlueIce\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 208.71.216.3 64.251.173.40
TCP: Interfaces\{1F475565-8DE6-45C1-8748-57DF8D41ABEA} : DHCPNameServer = 208.71.216.3 64.251.173.40
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BlueIce\AppData\Roaming\Mozilla\Firefox\Profiles\fu7ymict.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-28 56208]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-5-9 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-6-10 21992]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-1-8 108904]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-9 13592]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-5-9 133800]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-9 109168]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-29 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-29 180736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-6-10 128928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-15 216064]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-5-12 16384]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-12 1255736]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2013-01-09 23:56:03 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91762233-14D9-4EEB-8486-8A35C3438B80}\offreg.dll
2013-01-09 16:20:47 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 22:13:43 96816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-01-08 22:10:28 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91762233-14D9-4EEB-8486-8A35C3438B80}\mpengine.dll
2013-01-08 19:35:32 -------- d-----w- C:\Program Files\HitmanPro
2013-01-08 19:32:53 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-07 21:47:26 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 19:14:17 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-07 18:55:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-01-07 15:07:45 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-07 06:58:42 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-01-07 05:01:39 -------- d-----w- C:\Users\BlueIce\AppData\Roaming\Malwarebytes
2013-01-07 05:01:28 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-07 05:00:03 -------- d-----w- C:\Users\BlueIce\AppData\Local\Programs
2012-12-22 05:55:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 05:55:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 05:55:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 05:55:45 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 15:05:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 15:05:16 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 15:05:03 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 15:05:02 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
==================== Find3M ====================
.
2013-01-07 19:14:10 859072 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-01-07 19:14:10 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-28 16:29:58 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-28 16:29:58 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 18:29:00.89 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:53 AM

Posted 09 January 2013 - 08:57 PM

Hello JaRey,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 09 January 2013 - 09:20 PM

Do you have a USB Flash Drive you can use?

Thanks for the welcome
I have a 512Meg flash drive I installed kickstart on.

Will that work?

I haven't made any changes since posting.... Just backing up my T-bird profile now on a DVD

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:53 AM

Posted 09 January 2013 - 10:43 PM

Did you back up your Firefox profile before you uninstalled it and reinstalled it? If so did you use that back up?

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 12:14 AM

Fireman4it

Thanks again for taking the time to help

Did you back up your Firefox profile before you uninstalled it and reinstalled it? If so did you use that back up?

I backed up the firefox profile on the desktop and on the flash drive. I did not restore the profile after I REVO wiped Firefox and installed the new Firefox.

Here's the results of the scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 09-01-2013 21:57:27
Running from L:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [613536 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-09-28] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [694824 2009-03-03] ()
HKLM-x32\...\Run: [DT VSC] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -VSC [86016 2009-06-25] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\BlueIce\...\Run: [AdobeBridge] [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Tcpip\Parameters: [DhcpNameServer] 208.71.216.3 64.251.173.40
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\BlueIce\Start Menu\Programs\Startup\AutorunsDisabled ()

==================== Services (Whitelisted) ===================

2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2009-06-25] ()
3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" [128928 2010-11-11] (Futuremark Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-08-23] ()
1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [14464 2010-08-02] ()
1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [20592 2009-06-23] (Portrait Displays, Inc.)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 MSICDSetup; \??\F:\CDriver64.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-09 17:29 - 2013-01-09 17:29 - 00020921 ____A C:\Users\BlueIce\Desktop\dds.txt
2013-01-09 17:29 - 2013-01-09 17:29 - 00011779 ____A C:\Users\BlueIce\Desktop\attach.txt
2013-01-09 17:21 - 2013-01-09 17:21 - 00688992 ____R (Swearware) C:\Users\BlueIce\Desktop\dds.com
2013-01-09 08:21 - 2013-01-09 08:21 - 00005432 ____A C:\Users\BlueIce\Desktop\HitmanPro_20130109_0921.log
2013-01-09 08:21 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 08:21 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 08:21 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 08:21 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 08:21 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 08:21 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 08:21 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 08:21 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 08:21 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 08:21 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 08:21 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 08:21 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 08:21 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 08:21 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 08:21 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 08:21 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 08:21 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 08:21 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 08:21 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 08:21 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 08:21 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 08:21 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 08:21 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 08:20 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 08:20 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 08:20 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 08:20 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 08:20 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 08:20 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 08:20 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 08:20 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 08:20 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 08:20 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 08:20 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 08:20 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 08:20 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 08:20 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:20 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 08:20 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 08:20 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 08:20 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-08 14:13 - 2013-01-08 14:13 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-01-08 14:13 - 2013-01-08 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-08 14:06 - 2013-01-08 14:06 - 20293080 ____A (Mozilla) C:\Users\BlueIce\Downloads\Firefox Setup 18.0 (1).exe
2013-01-08 14:05 - 2013-01-08 14:05 - 20293080 ____A (Mozilla) C:\Users\BlueIce\Downloads\Firefox Setup 18.0.exe
2013-01-08 13:33 - 2013-01-08 13:33 - 00000000 ____D C:\Users\BlueIce\Desktop\XYZ99rr85h7.default
2013-01-08 11:35 - 2013-01-08 11:35 - 00001897 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-01-08 11:35 - 2013-01-08 11:35 - 00000000 ____D C:\Program Files\HitmanPro
2013-01-08 11:32 - 2013-01-08 11:42 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-08 07:00 - 2013-01-09 20:48 - 00000560 ____A C:\Windows\setupact.log
2013-01-08 07:00 - 2013-01-08 07:00 - 00000000 ____A C:\Windows\setuperr.log
2013-01-07 19:18 - 2013-01-07 19:18 - 00103171 ____A C:\Users\BlueIce\Desktop\paracord.odt
2013-01-07 11:14 - 2013-01-07 11:14 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-01-07 11:14 - 2013-01-07 11:14 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-01-07 11:14 - 2013-01-07 11:14 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-01-07 11:14 - 2013-01-07 11:14 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-07 10:55 - 2013-01-07 10:55 - 00001268 ____A C:\Users\BlueIce\Desktop\Revo Uninstaller.lnk
2013-01-07 10:55 - 2013-01-07 10:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-01-07 10:53 - 2013-01-07 10:54 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\BlueIce\Downloads\revosetup.exe
2013-01-07 07:07 - 2013-01-07 07:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-06 22:58 - 2013-01-06 22:58 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-01-06 21:01 - 2013-01-06 21:01 - 00000000 ____D C:\Users\BlueIce\AppData\Roaming\Malwarebytes
2013-01-06 21:01 - 2013-01-06 21:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-06 20:54 - 2013-01-06 20:54 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\BlueIce\Desktop\cccaaad1.exe
2012-12-30 11:18 - 2013-01-01 18:07 - 00000000 ____D C:\Users\BlueIce\Desktop\BS workbooks
2012-12-23 13:13 - 2012-12-23 13:14 - 00000000 ____D C:\Users\BlueIce\Desktop\awana 2102-13
2012-12-21 21:55 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 21:55 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 21:55 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 21:55 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-16 21:18 - 2012-12-16 21:18 - 00001786 ____A C:\Users\BlueIce\Documents\webelos.txt
2012-12-12 22:06 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 22:06 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 22:06 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 22:06 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 22:06 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 22:06 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 22:06 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 22:06 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 22:06 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 22:06 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 22:06 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 22:06 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 22:06 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 22:06 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 22:06 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 22:06 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 22:06 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 22:06 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 22:06 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 22:06 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 22:06 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 22:06 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 22:06 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 22:06 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 22:06 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 22:06 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 22:06 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 22:06 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 22:06 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 22:06 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 22:06 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 22:06 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 07:05 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-12 07:05 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-12 07:05 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-12 07:05 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll


==================== One Month Modified Files and Folders =======

2013-01-09 20:48 - 2013-01-08 07:00 - 00000560 ____A C:\Windows\setupact.log
2013-01-09 20:48 - 2011-05-09 16:11 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-01-09 20:48 - 2011-05-09 15:04 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-09 20:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-09 20:31 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-09 20:31 - 2009-07-13 20:45 - 00022096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-09 20:30 - 2011-12-12 16:28 - 02088144 ____A C:\Windows\WindowsUpdate.log
2013-01-09 19:58 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-09 17:58 - 2012-12-05 11:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-01-09 17:29 - 2013-01-09 17:29 - 00020921 ____A C:\Users\BlueIce\Desktop\dds.txt
2013-01-09 17:29 - 2013-01-09 17:29 - 00011779 ____A C:\Users\BlueIce\Desktop\attach.txt
2013-01-09 17:21 - 2013-01-09 17:21 - 00688992 ____R (Swearware) C:\Users\BlueIce\Desktop\dds.com
2013-01-09 12:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-09 10:53 - 2009-07-13 20:45 - 04922448 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 10:47 - 2011-05-11 14:12 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 08:21 - 2013-01-09 08:21 - 00005432 ____A C:\Users\BlueIce\Desktop\HitmanPro_20130109_0921.log
2013-01-09 07:13 - 2011-05-09 14:23 - 00000000 ____D C:\Users\BlueIce\AppData\Local\Adobe
2013-01-09 07:02 - 2012-05-04 05:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-08 14:13 - 2013-01-08 14:13 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-01-08 14:13 - 2013-01-08 14:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-08 14:13 - 2011-05-11 14:34 - 00000000 ____D C:\Users\BlueIce\AppData\Roaming\Mozilla
2013-01-08 14:06 - 2013-01-08 14:06 - 20293080 ____A (Mozilla) C:\Users\BlueIce\Downloads\Firefox Setup 18.0 (1).exe
2013-01-08 14:05 - 2013-01-08 14:05 - 20293080 ____A (Mozilla) C:\Users\BlueIce\Downloads\Firefox Setup 18.0.exe
2013-01-08 13:33 - 2013-01-08 13:33 - 00000000 ____D C:\Users\BlueIce\Desktop\XYZ99rr85h7.default
2013-01-08 11:42 - 2013-01-08 11:32 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-08 11:35 - 2013-01-08 11:35 - 00001897 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-01-08 11:35 - 2013-01-08 11:35 - 00000000 ____D C:\Program Files\HitmanPro
2013-01-08 07:00 - 2013-01-08 07:00 - 00000000 ____A C:\Windows\setuperr.log
2013-01-07 19:18 - 2013-01-07 19:18 - 00103171 ____A C:\Users\BlueIce\Desktop\paracord.odt
2013-01-07 11:14 - 2013-01-07 11:14 - 00260528 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-01-07 11:14 - 2013-01-07 11:14 - 00174000 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-01-07 11:14 - 2013-01-07 11:14 - 00173992 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-01-07 11:14 - 2013-01-07 11:14 - 00095184 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-01-07 11:14 - 2012-11-27 07:03 - 00859072 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-01-07 11:14 - 2011-05-12 10:54 - 00000000 ____D C:\Program Files (x86)\Java
2013-01-07 11:14 - 2011-05-12 10:44 - 00779704 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-01-07 10:55 - 2013-01-07 10:55 - 00001268 ____A C:\Users\BlueIce\Desktop\Revo Uninstaller.lnk
2013-01-07 10:55 - 2013-01-07 10:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-01-07 10:54 - 2013-01-07 10:53 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\BlueIce\Downloads\revosetup.exe
2013-01-07 10:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2013-01-07 07:07 - 2013-01-07 07:07 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-01-06 22:58 - 2013-01-06 22:58 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2013-01-06 21:01 - 2013-01-06 21:01 - 00000000 ____D C:\Users\BlueIce\AppData\Roaming\Malwarebytes
2013-01-06 21:01 - 2013-01-06 21:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-06 20:54 - 2013-01-06 20:54 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\BlueIce\Desktop\cccaaad1.exe
2013-01-06 19:43 - 2011-12-18 20:53 - 00000000 ____D C:\Windows\Minidump
2013-01-01 18:07 - 2012-12-30 11:18 - 00000000 ____D C:\Users\BlueIce\Desktop\BS workbooks
2012-12-28 16:28 - 2011-06-08 09:37 - 00000000 ____D C:\Users\BlueIce\Documents\scout projects
2012-12-28 08:29 - 2012-11-19 07:07 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-28 08:29 - 2012-02-11 21:06 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-23 13:20 - 2011-06-21 17:30 - 00000000 ____D C:\HDW21_TMP
2012-12-23 13:14 - 2012-12-23 13:13 - 00000000 ____D C:\Users\BlueIce\Desktop\awana 2102-13
2012-12-16 21:18 - 2012-12-16 21:18 - 00001786 ____A C:\Users\BlueIce\Documents\webelos.txt
2012-12-16 17:28 - 2011-05-20 22:55 - 00000000 ____D C:\Users\BlueIce\AppData\Local\CrashDumps
2012-12-16 09:11 - 2012-12-21 21:55 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 21:55 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 21:55 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 21:55 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-28 14:30:38
Restore point made on: 2013-01-01 14:06:58
Restore point made on: 2013-01-04 14:24:17
Restore point made on: 2013-01-07 10:58:21
Restore point made on: 2013-01-07 10:58:31
Restore point made on: 2013-01-07 11:00:14
Restore point made on: 2013-01-07 11:00:23
Restore point made on: 2013-01-07 11:04:16
Restore point made on: 2013-01-07 11:14:06
Restore point made on: 2013-01-08 13:50:32
Restore point made on: 2013-01-08 14:10:18
Restore point made on: 2013-01-09 10:46:55

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16360.89 MB
Available physical RAM: 15167.91 MB
Total Pagefile: 16359.09 MB
Available Pagefile: 15166.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:98.89 GB) NTFS
2 Drive d: (PviewMediaCacheExports) (Fixed) (Total:1863.02 GB) (Free:1819.98 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
9 Drive l: (HITMANPRO) (Removable) (Total:0.46 GB) (Free:0.39 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (MediaProjects) (Fixed) (Total:1863.02 GB) (Free:1593.47 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 1024 KB
Disk 1 Online 1863 GB 1024 KB
Disk 2 Online 298 GB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 483 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y MediaProjec NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D PviewMediaC NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 297 GB Healthy

=========================================================

Partitions of Disk 7:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 478 MB 31 KB

==================================================================================

Disk: 7
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L HITMANPRO FAT32 Removable 478 MB Healthy

=========================================================

Last Boot: 2013-01-04 10:38

==================== End Of Log =============================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:53 AM

Posted 10 January 2013 - 11:44 AM

Hello,

Nothing stands out as showing an active infection. we will run a couple of tools and see if they find anything. If they dont we will go ahead and uninstall Firefox the conventional way and not using Revo.


1.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

3.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

Things to include in your next reply::
Combofix.txt
Yorkyt log
AdwCleaner log.
Still redirecting? if so where to? Is it only in Firefox or is it in IE and Chrome also?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 12:30 PM

[*]Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Do I need to disable the firewall as well?

#8 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 03:48 PM

I disabled the firewall for combo fix then turned it on to download and run the others then turned MSE back on, restarted and browsed in firefox and IExplorer. both sites redirected when I clicked on a google result on the leatherworker.net forum page that was linked to one of the threads. before I showed up here on bleep/comp, I first asked one of the regulars on leatherworker that does computer consulting and he said he or anyone else never had this problem. He had me try the scans in my original post FlagFox extension shows that leatherworker is hosted in Canada. Not sure if that matters. I tried clicking on several other searches and didn't get redirected. when it does get redirected, the tab says URL4SHORT.INFO, but the windows can be different.

I don't have chrome.

Any possibility of something stuck in my router or dsl modem?



ComboFix 13-01-08.01 - BlueIce 01/10/2013 11:38:48.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16361.14095 [GMT -7:00]
Running from: c:\users\BlueIce\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 18:41 . 2013-01-10 18:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-10 18:41 . 2013-01-10 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 05:57 . 2013-01-10 05:57 -------- d-----w- C:\FRST
2013-01-10 05:14 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30B8DBFC-9D60-4772-83B8-0A16223CB3B2}\mpengine.dll
2013-01-09 16:20 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-08 22:10 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-08 19:35 . 2013-01-08 19:35 -------- d-----w- c:\program files\HitmanPro
2013-01-08 19:32 . 2013-01-08 19:42 -------- d-----w- c:\programdata\HitmanPro
2013-01-07 19:14 . 2013-01-07 19:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-07 19:14 . 2013-01-07 19:14 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-07 18:55 . 2013-01-07 18:55 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-01-07 15:07 . 2013-01-07 15:07 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-07 06:58 . 2013-01-07 06:58 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-07 05:01 . 2013-01-07 05:01 -------- d-----w- c:\users\BlueIce\AppData\Roaming\Malwarebytes
2013-01-07 05:01 . 2013-01-07 05:01 -------- d-----w- c:\programdata\Malwarebytes
2013-01-07 05:00 . 2013-01-07 05:00 -------- d-----w- c:\users\BlueIce\AppData\Local\Programs
2012-12-22 05:55 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 05:55 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 05:55 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 05:55 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 15:05 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 15:05 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 15:05 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 15:05 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 18:47 . 2011-05-11 22:12 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-07 19:14 . 2012-11-27 15:03 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-07 19:14 . 2011-05-12 18:44 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-28 16:29 . 2012-11-19 15:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-28 16:29 . 2012-02-12 05:06 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:45 . 2013-01-09 16:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-28 23:31 . 2012-11-28 23:31 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA81B6F7-9CFB-4CFE-822C-25F28BFA806C}\gapaengine.dll
2012-10-21 21:45 . 2012-10-21 21:45 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 14:49 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 14:49 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 14:49 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2009-03-03 694824]
"DT VSC"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-06-25 86016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\BlueIce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-6-21 308640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-06-23 109168]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 208.71.216.3 64.251.173.40
FF - ProfilePath - c:\users\BlueIce\AppData\Roaming\Mozilla\Firefox\Profiles\fu7ymict.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ee,04,71,75,c2,2d,2a,87,41,49,69,94,a5,e6,2c,56,68,ea,9a,e5,38,
8d,f1,4c,07,6f,a9,4f,48,4e,27,14,48,65,15,28,49,b5,1e,4d,b0,f2,9b,15,03,db,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ee,04,71,75,c2,2d,2a,87,41,49,69,94,a5,e6,2c,56,68,ea,9a,e5,38,
8d,f1,4c,07,6f,a9,4f,48,4e,27,14,48,65,15,28,49,b5,1e,4d,b0,f2,9b,15,03,db,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-10 11:42:31
ComboFix-quarantined-files.txt 2013-01-10 18:42
.
Pre-Run: 105,787,912,192 bytes free
Post-Run: 105,480,409,088 bytes free
.
- - End Of File - - 2AA633794580C9C66C6D2AA0BC4AD946







2013-01-10 12:08:47: ****************************************************
2013-01-10 12:08:47: Starting UP ... v 0.0.0.220
2013-01-10 12:08:47: ****************************************************
2013-01-10 12:08:47: Stop TPSRV returns: 2
2013-01-10 12:09:02: Listing processes...
2013-01-10 12:09:02: :[System Process]:0
2013-01-10 12:09:02: :System:4
2013-01-10 12:09:02: :smss.exe:404
2013-01-10 12:09:02: :csrss.exe:592
2013-01-10 12:09:02: :wininit.exe:668
2013-01-10 12:09:02: :csrss.exe:692
2013-01-10 12:09:02: :services.exe:732
2013-01-10 12:09:02: :lsass.exe:748
2013-01-10 12:09:02: :lsm.exe:756
2013-01-10 12:09:02: :svchost.exe:864
2013-01-10 12:09:02: :nvvsvc.exe:924
2013-01-10 12:09:02: :nvSCPAPISvr.exe:952
2013-01-10 12:09:02: :svchost.exe:996
2013-01-10 12:09:02: :MsMpEng.exe:380
2013-01-10 12:09:02: :winlogon.exe:452
2013-01-10 12:09:02: :svchost.exe:1060
2013-01-10 12:09:02: :svchost.exe:1096
2013-01-10 12:09:02: :svchost.exe:1128
2013-01-10 12:09:02: :svchost.exe:1284
2013-01-10 12:09:02: :NvXDSync.exe:1412
2013-01-10 12:09:02: :nvvsvc.exe:1424
2013-01-10 12:09:02: :svchost.exe:1644
2013-01-10 12:09:02: :spoolsv.exe:1800
2013-01-10 12:09:02: :svchost.exe:1832
2013-01-10 12:09:02: :PhotoshopElementsFileAgent.exe:1928
2013-01-10 12:09:02: :armsvc.exe:2016
2013-01-10 12:09:02: :atkexComSvc.exe:2040
2013-01-10 12:09:02: :taskhost.exe:1664
2013-01-10 12:09:02: :taskeng.exe:1252
2013-01-10 12:09:02: :VRMHelp.exe:1952
2013-01-10 12:09:02: :AsRoutineController.exe:1192
2013-01-10 12:09:02: :aaHMSvc.exe:2080
2013-01-10 12:09:02: :AsSysCtrlService.exe:2172
2013-01-10 12:09:02: :AdminService.exe:2208
2013-01-10 12:09:02: :BCUService.exe:2388
2013-01-10 12:09:02: :bgsvcgen.exe:2408
2013-01-10 12:09:02: :IPROSetMonitor.exe:2496
2013-01-10 12:09:02: :pdisrvc.exe:2556
2013-01-10 12:09:02: :svchost.exe:2604
2013-01-10 12:09:02: :pnSvc.exe:2948
2013-01-10 12:09:02: :TurboVHelp.exe:1584
2013-01-10 12:09:02: :dwm.exe:1600
2013-01-10 12:09:02: :explorer.exe:2924
2013-01-10 12:09:02: :svchost.exe:2204
2013-01-10 12:09:02: :svchost.exe:2356
2013-01-10 12:09:02: :EPUHelp.exe:3816
2013-01-10 12:09:02: :AI Suite II.exe:3580
2013-01-10 12:09:02: :AlertHelper.exe:3244
2013-01-10 12:09:02: :RAVCpl64.exe:3700
2013-01-10 12:09:02: :BtvStack.exe:3708
2013-01-10 12:09:02: :AthBtTray.exe:3764
2013-01-10 12:09:02: :ipoint.exe:3884
2013-01-10 12:09:02: :nvtray.exe:3340
2013-01-10 12:09:02: :SearchIndexer.exe:3628
2013-01-10 12:09:02: :wmpnetwk.exe:4024
2013-01-10 12:09:02: :svchost.exe:3692
2013-01-10 12:09:02: :nusb3mon.exe:4184
2013-01-10 12:09:02: :IAStorIcon.exe:4480
2013-01-10 12:09:02: :BCU.exe:4488
2013-01-10 12:09:02: :wpCtrl.exe:4556
2013-01-10 12:09:02: :Floater.exe:4608
2013-01-10 12:09:02: :AdobeARM.exe:4952
2013-01-10 12:09:02: :acrotray.exe:5000
2013-01-10 12:09:02: :jusched.exe:5012
2013-01-10 12:09:02: :dthtml.exe:4284
2013-01-10 12:09:02: :WmiPrvSE.exe:4676
2013-01-10 12:09:02: :IAStorDataMgrSvc.exe:2692
2013-01-10 12:09:02: :AAM Updates Notifier.exe:436
2013-01-10 12:09:02: :SearchProtocolHost.exe:5116
2013-01-10 12:09:02: :SearchFilterHost.exe:3300
2013-01-10 12:09:02: :yorkyt.exe:1300
2013-01-10 12:09:02:
2013-01-10 12:09:02: Setting restore point
2013-01-10 12:09:08: RUN mode
2013-01-10 12:09:08: Determining autonomous or dropped mode...
2013-01-10 12:09:08: Autonomus mode
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: AeLookupSvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\aelupsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2013-01-10 12:09:08: ServiceDLL: System32\aelupsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: aelupsvc.dll
2013-01-10 12:09:08: Original File Name: aelupsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: AppIDSvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\appidsvc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\appidsvc.dll,-101
2013-01-10 12:09:08: ServiceDLL: System32\appidsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: appidsvc.dll
2013-01-10 12:09:08: Original File Name: appidsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Appinfo
2013-01-10 12:09:08: Real Path: C:\Windows\System32\appinfo.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\appinfo.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\appinfo.dll,-101
2013-01-10 12:09:08: ServiceDLL: System32\appinfo.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: appinfo.dll
2013-01-10 12:09:08: Original File Name: appinfo.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: AppMgmt
2013-01-10 12:09:08: Real Path: C:\Windows\System32\appmgmts.dll
2013-01-10 12:09:08: Display Name: @appmgmts.dll,-3250
2013-01-10 12:09:08: Description: @appmgmts.dll,-3251
2013-01-10 12:09:08: ServiceDLL: System32\appmgmts.dll
2013-01-10 12:09:08: File size: 149504
2013-01-10 12:09:08: DLL File name: appmgmts.dll
2013-01-10 12:09:08: Original File Name: appmgmts.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20090713181453 20090713163834 20090713163834
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: AudioEndpointBuilder
2013-01-10 12:09:08: Real Path: C:\Windows\System32\Audiosrv.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2013-01-10 12:09:08: ServiceDLL: System32\Audiosrv.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: Audiosrv.dll
2013-01-10 12:09:08: Original File Name: audiosrv.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: AudioSrv
2013-01-10 12:09:08: Real Path: C:\Windows\System32\Audiosrv.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2013-01-10 12:09:08: ServiceDLL: System32\Audiosrv.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: Audiosrv.dll
2013-01-10 12:09:08: Original File Name: audiosrv.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: AxInstSV
2013-01-10 12:09:08: Real Path: C:\Windows\System32\AxInstSV.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2013-01-10 12:09:08: ServiceDLL: System32\AxInstSV.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: AxInstSV.dll
2013-01-10 12:09:08: Original File Name: AxInstSv.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: BDESVC
2013-01-10 12:09:08: Real Path: C:\Windows\System32\bdesvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2013-01-10 12:09:08: ServiceDLL: System32\bdesvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: bdesvc.dll
2013-01-10 12:09:08: Original File Name: BDESVC.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: BFE
2013-01-10 12:09:08: Real Path: C:\Windows\System32\bfe.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\bfe.dll,-1002
2013-01-10 12:09:08: ServiceDLL: System32\bfe.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: bfe.dll
2013-01-10 12:09:08: Original File Name: BFE.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: BITS
2013-01-10 12:09:08: Real Path: C:\Windows\system32\qmgr.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2013-01-10 12:09:08: ServiceDLL: system32\qmgr.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: qmgr.dll
2013-01-10 12:09:08: Original File Name: qmgr.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Browser
2013-01-10 12:09:08: Real Path: C:\Windows\System32\browser.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\browser.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\browser.dll,-101
2013-01-10 12:09:08: ServiceDLL: System32\browser.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: browser.dll
2013-01-10 12:09:08: Original File Name: browser.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: bthserv
2013-01-10 12:09:08: Real Path: C:\Windows\system32\bthserv.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\bthserv.dll,-102
2013-01-10 12:09:08: ServiceDLL: system32\bthserv.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: bthserv.dll
2013-01-10 12:09:08: Original File Name: BTHSERV.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: CertPropSvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\certprop.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\certprop.dll,-12
2013-01-10 12:09:08: ServiceDLL: System32\certprop.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: certprop.dll
2013-01-10 12:09:08: Original File Name: certprop.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: CryptSvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\cryptsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2013-01-10 12:09:08: ServiceDLL: system32\cryptsvc.dll
2013-01-10 12:09:08: File size: 140288
2013-01-10 12:09:08: DLL File name: cryptsvc.dll
2013-01-10 12:09:08: Original File Name: cryptsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20120601213629 20121010062459 20121010062459
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: CscService
2013-01-10 12:09:08: Real Path: C:\Windows\System32\cscsvc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\cscsvc.dll,-200
2013-01-10 12:09:08: Description: @%systemroot%\system32\cscsvc.dll,-201
2013-01-10 12:09:08: ServiceDLL: System32\cscsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: cscsvc.dll
2013-01-10 12:09:08: Original File Name: cscsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: DcomLaunch
2013-01-10 12:09:08: Real Path: C:\Windows\system32\rpcss.dll
2013-01-10 12:09:08: Display Name: @oleres.dll,-5012
2013-01-10 12:09:08: Description: @oleres.dll,-5013
2013-01-10 12:09:08: ServiceDLL: system32\rpcss.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: rpcss.dll
2013-01-10 12:09:08: Original File Name: rpcss.dll
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: defragsvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\defragsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2013-01-10 12:09:08: ServiceDLL: System32\defragsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: defragsvc.dll
2013-01-10 12:09:08: Original File Name: defragsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Dhcp
2013-01-10 12:09:08: Real Path: C:\Windows\system32\dhcpcore.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\dhcpcore.dll
2013-01-10 12:09:08: File size: 254464
2013-01-10 12:09:08: DLL File name: dhcpcore.dll
2013-01-10 12:09:08: Original File Name: dhcpcore.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20101120202409 20101120202409 20101120202409
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Dnscache
2013-01-10 12:09:08: Real Path: C:\Windows\System32\dnsrslvr.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2013-01-10 12:09:08: ServiceDLL: System32\dnsrslvr.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: dnsrslvr.dll
2013-01-10 12:09:08: Original File Name: dnsrslvr.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: dot3svc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\dot3svc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2013-01-10 12:09:08: Description: @%systemroot%\system32\dot3svc.dll,-1103
2013-01-10 12:09:08: ServiceDLL: System32\dot3svc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: dot3svc.dll
2013-01-10 12:09:08: Original File Name: dot3svc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: DPS
2013-01-10 12:09:08: Real Path: C:\Windows\system32\dps.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\dps.dll,-500
2013-01-10 12:09:08: Description: @%systemroot%\system32\dps.dll,-501
2013-01-10 12:09:08: ServiceDLL: system32\dps.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: dps.dll
2013-01-10 12:09:08: Original File Name: dps.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: EapHost
2013-01-10 12:09:08: Real Path: C:\Windows\System32\eapsvc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2013-01-10 12:09:08: Description: @%systemroot%\system32\eapsvc.dll,-2
2013-01-10 12:09:08: ServiceDLL: System32\eapsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: eapsvc.dll
2013-01-10 12:09:08: Original File Name: eapsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: EventSystem
2013-01-10 12:09:08: Real Path: C:\Windows\system32\es.dll
2013-01-10 12:09:08: Display Name: @comres.dll,-2450
2013-01-10 12:09:08: Description: @comres.dll,-2451
2013-01-10 12:09:08: ServiceDLL: system32\es.dll
2013-01-10 12:09:08: File size: 271360
2013-01-10 12:09:08: DLL File name: es.dll
2013-01-10 12:09:08: Original File Name: ES.DLL
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20090713181519 20090713164438 20090713164438
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: fdPHost
2013-01-10 12:09:08: Real Path: C:\Windows\system32\fdPHost.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\fdPHost.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\fdPHost.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: fdPHost.dll
2013-01-10 12:09:08: Original File Name: fdPHost.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: FDResPub
2013-01-10 12:09:08: Real Path: C:\Windows\system32\fdrespub.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\fdrespub.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\fdrespub.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: fdrespub.dll
2013-01-10 12:09:08: Original File Name: FDResPub.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: !!!!!!!
2013-01-10 12:09:08: Found Service: FontCache
2013-01-10 12:09:08: Real Path: C:\Windows\system32\FntCache.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\FntCache.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\FntCache.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\FntCache.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: FntCache.dll
2013-01-10 12:09:08: Original File Name: FontCacheService
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: !!!!!!!!!
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: gpsvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\gpsvc.dll
2013-01-10 12:09:08: Display Name: @gpapi.dll,-112
2013-01-10 12:09:08: Description: @gpapi.dll,-113
2013-01-10 12:09:08: ServiceDLL: System32\gpsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: gpsvc.dll
2013-01-10 12:09:08: Original File Name: gpsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: hidserv
2013-01-10 12:09:08: Real Path: C:\Windows\System32\hidserv.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\hidserv.dll,-102
2013-01-10 12:09:08: ServiceDLL: System32\hidserv.dll
2013-01-10 12:09:08: File size: 49152
2013-01-10 12:09:08: DLL File name: hidserv.dll
2013-01-10 12:09:08: Original File Name: HIDSERV.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20090713181524 20090713165109 20090713165109
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: hkmsvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\kmsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2013-01-10 12:09:08: ServiceDLL: system32\kmsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: kmsvc.dll
2013-01-10 12:09:08: Original File Name: KmSvc.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: HomeGroupListener
2013-01-10 12:09:08: Real Path: C:\Windows\system32\ListSvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\ListSvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: ListSvc.dll
2013-01-10 12:09:08: Original File Name: ListSvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: HomeGroupProvider
2013-01-10 12:09:08: Real Path: C:\Windows\system32\provsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\provsvc.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\provsvc.dll
2013-01-10 12:09:08: File size: 165376
2013-01-10 12:09:08: DLL File name: provsvc.dll
2013-01-10 12:09:08: Original File Name: provsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20101120202510 20101120202510 20101120202510
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: IKEEXT
2013-01-10 12:09:08: Real Path: C:\Windows\System32\ikeext.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\ikeext.dll,-502
2013-01-10 12:09:08: ServiceDLL: System32\ikeext.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: ikeext.dll
2013-01-10 12:09:08: Original File Name: IKEEXT.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: IPBusEnum
2013-01-10 12:09:08: Real Path: C:\Windows\system32\ipbusenum.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2013-01-10 12:09:08: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2013-01-10 12:09:08: ServiceDLL: system32\ipbusenum.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: ipbusenum.dll
2013-01-10 12:09:08: Original File Name: IPBusEnum.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: iphlpsvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\iphlpsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2013-01-10 12:09:08: ServiceDLL: System32\iphlpsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: iphlpsvc.dll
2013-01-10 12:09:08: Original File Name: iphlpsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: KtmRm
2013-01-10 12:09:08: Real Path: C:\Windows\system32\msdtckrm.dll
2013-01-10 12:09:08: Display Name: @comres.dll,-2946
2013-01-10 12:09:08: Description: @comres.dll,-2947
2013-01-10 12:09:08: ServiceDLL: system32\msdtckrm.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: msdtckrm.dll
2013-01-10 12:09:08: Original File Name: MSDTCKRM.DLL
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: LanmanServer
2013-01-10 12:09:08: Real Path: C:\Windows\System32\srvsvc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\srvsvc.dll,-101
2013-01-10 12:09:08: ServiceDLL: System32\srvsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: srvsvc.dll
2013-01-10 12:09:08: Original File Name: SRVSVC.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: LanmanWorkstation
2013-01-10 12:09:08: Real Path: C:\Windows\System32\wkssvc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\wkssvc.dll,-101
2013-01-10 12:09:08: ServiceDLL: System32\wkssvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: wkssvc.dll
2013-01-10 12:09:08: Original File Name: WKSSVC.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: lltdsvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\lltdsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\lltdres.dll,-2
2013-01-10 12:09:08: ServiceDLL: System32\lltdsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: lltdsvc.dll
2013-01-10 12:09:08: Original File Name: LLTDSVC.DLL
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: lmhosts
2013-01-10 12:09:08: Real Path: C:\Windows\System32\lmhsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2013-01-10 12:09:08: ServiceDLL: System32\lmhsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: lmhsvc.dll
2013-01-10 12:09:08: Original File Name: lmhsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Mcx2Svc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\Mcx2Svc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2013-01-10 12:09:08: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2013-01-10 12:09:08: ServiceDLL: system32\Mcx2Svc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: Mcx2Svc.dll
2013-01-10 12:09:08: Original File Name: Mcx2Svc.dll
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: MMCSS
2013-01-10 12:09:08: Real Path: C:\Windows\system32\mmcss.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\mmcss.dll,-100
2013-01-10 12:09:08: Description: @%systemroot%\system32\mmcss.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\mmcss.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: mmcss.dll
2013-01-10 12:09:08: Original File Name: mmcss.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: MpsSvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\mpssvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2013-01-10 12:09:08: ServiceDLL: system32\mpssvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: mpssvc.dll
2013-01-10 12:09:08: Original File Name: mpssvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: MSiSCSI
2013-01-10 12:09:08: Real Path: C:\Windows\system32\iscsiexe.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2013-01-10 12:09:08: ServiceDLL: system32\iscsiexe.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: iscsiexe.dll
2013-01-10 12:09:08: Original File Name: iscsiexe.exe.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: napagent
2013-01-10 12:09:08: Real Path: C:\Windows\system32\qagentRT.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2013-01-10 12:09:08: ServiceDLL: system32\qagentRT.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: qagentRT.dll
2013-01-10 12:09:08: Original File Name: QAgentRT.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Netman
2013-01-10 12:09:08: Real Path: C:\Windows\System32\netman.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\netman.dll,-109
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\netman.dll,-110
2013-01-10 12:09:08: ServiceDLL: System32\netman.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: netman.dll
2013-01-10 12:09:08: Original File Name: netman.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: netprofm
2013-01-10 12:09:08: Real Path: C:\Windows\System32\netprofm.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\netprofm.dll,-203
2013-01-10 12:09:08: ServiceDLL: System32\netprofm.dll
2013-01-10 12:09:08: File size: 360448
2013-01-10 12:09:08: DLL File name: netprofm.dll
2013-01-10 12:09:08: Original File Name: netprofm.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20090713181603 20090713165658 20090713165658
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: NlaSvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\nlasvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2013-01-10 12:09:08: ServiceDLL: System32\nlasvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: nlasvc.dll
2013-01-10 12:09:08: Original File Name: nlasvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: nsi
2013-01-10 12:09:08: Real Path: C:\Windows\system32\nsisvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2013-01-10 12:09:08: ServiceDLL: system32\nsisvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: nsisvc.dll
2013-01-10 12:09:08: Original File Name: nsisvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: p2pimsvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\pnrpsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2013-01-10 12:09:08: ServiceDLL: system32\pnrpsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: pnrpsvc.dll
2013-01-10 12:09:08: Original File Name: pnrpsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: p2psvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\p2psvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2013-01-10 12:09:08: ServiceDLL: system32\p2psvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: p2psvc.dll
2013-01-10 12:09:08: Original File Name: p2psvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: !!!!!!!
2013-01-10 12:09:08: Found Service: PcaSvc
2013-01-10 12:09:08: Real Path: C:\Windows\System32\pcasvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2013-01-10 12:09:08: ServiceDLL: System32\pcasvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: pcasvc.dll
2013-01-10 12:09:08: Original File Name:
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: !!!!!!!!!
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: PeerDistSvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\peerdistsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
2013-01-10 12:09:08: ServiceDLL: system32\peerdistsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: peerdistsvc.dll
2013-01-10 12:09:08: Original File Name: PeerDistSvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: pla
2013-01-10 12:09:08: Real Path: C:\Windows\system32\pla.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\pla.dll,-500
2013-01-10 12:09:08: Description: @%systemroot%\system32\pla.dll,-501
2013-01-10 12:09:08: ServiceDLL: system32\pla.dll
2013-01-10 12:09:08: File size: 1508864
2013-01-10 12:09:08: DLL File name: pla.dll
2013-01-10 12:09:08: Original File Name: PLA.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20101120202408 20101120202408 20101120202408
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: PlugPlay
2013-01-10 12:09:08: Real Path: C:\Windows\system32\umpnpmgr.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\umpnpmgr.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: umpnpmgr.dll
2013-01-10 12:09:08: Original File Name: Umpnpmgr.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: PNRPAutoReg
2013-01-10 12:09:08: Real Path: C:\Windows\system32\pnrpauto.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2013-01-10 12:09:08: ServiceDLL: system32\pnrpauto.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: pnrpauto.dll
2013-01-10 12:09:08: Original File Name: pnrpauto.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: PNRPsvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\pnrpsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2013-01-10 12:09:08: ServiceDLL: system32\pnrpsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: pnrpsvc.dll
2013-01-10 12:09:08: Original File Name: pnrpsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: PolicyAgent
2013-01-10 12:09:08: Real Path: C:\Windows\System32\ipsecsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\polstore.dll,-5011
2013-01-10 12:09:08: ServiceDLL: System32\ipsecsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: ipsecsvc.dll
2013-01-10 12:09:08: Original File Name: ipsecsvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Power
2013-01-10 12:09:08: Real Path: C:\Windows\system32\umpo.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\umpo.dll,-101
2013-01-10 12:09:08: ServiceDLL: system32\umpo.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: umpo.dll
2013-01-10 12:09:08: Original File Name: Umpo.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: ProfSvc
2013-01-10 12:09:08: Real Path: C:\Windows\system32\profsvc.dll
2013-01-10 12:09:08: Display Name: @%systemroot%\system32\profsvc.dll,-300
2013-01-10 12:09:08: Description: @%systemroot%\system32\profsvc.dll,-301
2013-01-10 12:09:08: ServiceDLL: system32\profsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: profsvc.dll
2013-01-10 12:09:08: Original File Name: ProfSvc.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: QWAVE
2013-01-10 12:09:08: Real Path: C:\Windows\system32\qwave.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\qwave.dll,-2
2013-01-10 12:09:08: ServiceDLL: system32\qwave.dll
2013-01-10 12:09:08: File size: 210944
2013-01-10 12:09:08: DLL File name: qwave.dll
2013-01-10 12:09:08: Original File Name: qwave.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20090713181612 20090713165415 20090713165415
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: RasAuto
2013-01-10 12:09:08: Real Path: C:\Windows\System32\rasauto.dll
2013-01-10 12:09:08: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2013-01-10 12:09:08: Description: @%Systemroot%\system32\rasauto.dll,-201
2013-01-10 12:09:08: ServiceDLL: System32\rasauto.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: rasauto.dll
2013-01-10 12:09:08: Original File Name: rasauto.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: RasMan
2013-01-10 12:09:08: Real Path: C:\Windows\System32\rasmans.dll
2013-01-10 12:09:08: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2013-01-10 12:09:08: Description: @%Systemroot%\system32\rasmans.dll,-201
2013-01-10 12:09:08: ServiceDLL: System32\rasmans.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: rasmans.dll
2013-01-10 12:09:08: Original File Name: Rasmans.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: RemoteAccess
2013-01-10 12:09:08: Real Path: C:\Windows\System32\mprdim.dll
2013-01-10 12:09:08: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2013-01-10 12:09:08: Description: @%Systemroot%\system32\mprdim.dll,-201
2013-01-10 12:09:08: ServiceDLL: System32\mprdim.dll
2013-01-10 12:09:08: File size: 75264
2013-01-10 12:09:08: DLL File name: mprdim.dll
2013-01-10 12:09:08: Original File Name: MPRDIM.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time: 20090713181541 20090713165426 20090713165426
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: RemoteRegistry
2013-01-10 12:09:08: Real Path: C:\Windows\system32\regsvc.dll
2013-01-10 12:09:08: Display Name: @regsvc.dll,-1
2013-01-10 12:09:08: Description: @regsvc.dll,-2
2013-01-10 12:09:08: ServiceDLL: system32\regsvc.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: regsvc.dll
2013-01-10 12:09:08: Original File Name: REGSVC.DLL.MUI
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: RpcEptMapper
2013-01-10 12:09:08: Real Path: C:\Windows\System32\RpcEpMap.dll
2013-01-10 12:09:08: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2013-01-10 12:09:08: Description: @%windir%\system32\RpcEpMap.dll,-1002
2013-01-10 12:09:08: ServiceDLL: System32\RpcEpMap.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: RpcEpMap.dll
2013-01-10 12:09:08: Original File Name: RpcEpMap.dll.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: RpcSs
2013-01-10 12:09:08: Real Path: C:\Windows\system32\rpcss.dll
2013-01-10 12:09:08: Display Name: @oleres.dll,-5010
2013-01-10 12:09:08: Description: @oleres.dll,-5011
2013-01-10 12:09:08: ServiceDLL: system32\rpcss.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: rpcss.dll
2013-01-10 12:09:08: Original File Name: rpcss.dll
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: SCardSvr
2013-01-10 12:09:08: Real Path: C:\Windows\System32\SCardSvr.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2013-01-10 12:09:08: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2013-01-10 12:09:08: ServiceDLL: System32\SCardSvr.dll
2013-01-10 12:09:08: File size: 0
2013-01-10 12:09:08: DLL File name: SCardSvr.dll
2013-01-10 12:09:08: Original File Name: SCardSvr.exe.mui
2013-01-10 12:09:08: Company:
2013-01-10 12:09:08: Mod/Cre/Acc time:
2013-01-10 12:09:08: ---------------------------------------------------------------------
2013-01-10 12:09:08: Found Service: Schedule
2013-01-10 12:09:08: Real Path: C:\Windows\system32\schedsvc.dll
2013-01-10 12:09:08: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2013-01-10 12:09:08: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2013-01-10 12:09:09: ServiceDLL: system32\schedsvc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: schedsvc.dll
2013-01-10 12:09:09: Original File Name: schedsvc.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SCPolicySvc
2013-01-10 12:09:09: Real Path: C:\Windows\System32\certprop.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\certprop.dll,-14
2013-01-10 12:09:09: ServiceDLL: System32\certprop.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: certprop.dll
2013-01-10 12:09:09: Original File Name: certprop.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SDRSVC
2013-01-10 12:09:09: Real Path: C:\Windows\System32\SDRSVC.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2013-01-10 12:09:09: ServiceDLL: System32\SDRSVC.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: SDRSVC.dll
2013-01-10 12:09:09: Original File Name: SDRSVC.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: seclogon
2013-01-10 12:09:09: Real Path: C:\Windows\system32\seclogon.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2013-01-10 12:09:09: ServiceDLL: system32\seclogon.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: seclogon.dll
2013-01-10 12:09:09: Original File Name: SECLOGON.EXE.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SENS
2013-01-10 12:09:09: Real Path: C:\Windows\system32\sens.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\Sens.dll,-201
2013-01-10 12:09:09: ServiceDLL: system32\sens.dll
2013-01-10 12:09:09: File size: 49664
2013-01-10 12:09:09: DLL File name: sens.dll
2013-01-10 12:09:09: Original File Name: sens.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time: 20090713181613 20090713162158 20090713162158
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SensrSvc
2013-01-10 12:09:09: Real Path: C:\Windows\system32\sensrsvc.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2013-01-10 12:09:09: ServiceDLL: system32\sensrsvc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: sensrsvc.dll
2013-01-10 12:09:09: Original File Name: sensrsvc.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SessionEnv
2013-01-10 12:09:09: Real Path: C:\Windows\system32\sessenv.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2013-01-10 12:09:09: ServiceDLL: system32\sessenv.dll
2013-01-10 12:09:09: File size: 113664
2013-01-10 12:09:09: DLL File name: sessenv.dll
2013-01-10 12:09:09: Original File Name: SessEnv.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time: 20101120202355 20101120202355 20101120202355
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SharedAccess
2013-01-10 12:09:09: Real Path: C:\Windows\System32\ipnathlp.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2013-01-10 12:09:09: ServiceDLL: System32\ipnathlp.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: ipnathlp.dll
2013-01-10 12:09:09: Original File Name: IPNATHLP.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: ShellHWDetection
2013-01-10 12:09:09: Real Path: C:\Windows\System32\shsvcs.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2013-01-10 12:09:09: ServiceDLL: System32\shsvcs.dll
2013-01-10 12:09:09: File size: 328192
2013-01-10 12:09:09: DLL File name: shsvcs.dll
2013-01-10 12:09:09: Original File Name: SHSVCS.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time: 20101120202403 20101120202403 20101120202403
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: sppuinotify
2013-01-10 12:09:09: Real Path: C:\Windows\system32\sppuinotify.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2013-01-10 12:09:09: ServiceDLL: system32\sppuinotify.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: sppuinotify.dll
2013-01-10 12:09:09: Original File Name: sppuinotify.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SSDPSRV
2013-01-10 12:09:09: Real Path: C:\Windows\System32\ssdpsrv.dll
2013-01-10 12:09:09: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2013-01-10 12:09:09: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2013-01-10 12:09:09: ServiceDLL: System32\ssdpsrv.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: ssdpsrv.dll
2013-01-10 12:09:09: Original File Name: ssdpsrv.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SstpSvc
2013-01-10 12:09:09: Real Path: C:\Windows\system32\sstpsvc.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2013-01-10 12:09:09: ServiceDLL: system32\sstpsvc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: sstpsvc.dll
2013-01-10 12:09:09: Original File Name: sstpsvc.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: stisvc
2013-01-10 12:09:09: Real Path: C:\Windows\System32\wiaservc.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2013-01-10 12:09:09: ServiceDLL: System32\wiaservc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: wiaservc.dll
2013-01-10 12:09:09: Original File Name: WIASERVC.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: StorSvc
2013-01-10 12:09:09: Real Path: C:\Windows\system32\storsvc.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\StorSvc.dll,-100
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\StorSvc.dll,-101
2013-01-10 12:09:09: ServiceDLL: system32\storsvc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: storsvc.dll
2013-01-10 12:09:09: Original File Name: StorSvc.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: swprv
2013-01-10 12:09:09: Real Path: C:\Windows\System32\swprv.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\swprv.dll,-102
2013-01-10 12:09:09: ServiceDLL: System32\swprv.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: swprv.dll
2013-01-10 12:09:09: Original File Name: SWPRV.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: SysMain
2013-01-10 12:09:09: Real Path: C:\Windows\system32\sysmain.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2013-01-10 12:09:09: ServiceDLL: system32\sysmain.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: sysmain.dll
2013-01-10 12:09:09: Original File Name: sysmain.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: TabletInputService
2013-01-10 12:09:09: Real Path: C:\Windows\System32\TabSvc.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2013-01-10 12:09:09: ServiceDLL: System32\TabSvc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: TabSvc.dll
2013-01-10 12:09:09: Original File Name: TabSvc.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: TapiSrv
2013-01-10 12:09:09: Real Path: C:\Windows\System32\tapisrv.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2013-01-10 12:09:09: ServiceDLL: System32\tapisrv.dll
2013-01-10 12:09:09: File size: 242176
2013-01-10 12:09:09: DLL File name: tapisrv.dll
2013-01-10 12:09:09: Original File Name: TAPISRV.EXE.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time: 20101120202400 20101120202400 20101120202400
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: TBS
2013-01-10 12:09:09: Real Path: C:\Windows\System32\tbssvc.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2013-01-10 12:09:09: ServiceDLL: System32\tbssvc.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: tbssvc.dll
2013-01-10 12:09:09: Original File Name: TBSSVC.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: TermService
2013-01-10 12:09:09: Real Path: C:\Windows\System32\termsrv.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\termsrv.dll,-267
2013-01-10 12:09:09: ServiceDLL: System32\termsrv.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: termsrv.dll
2013-01-10 12:09:09: Original File Name: termsrv.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: Themes
2013-01-10 12:09:09: Real Path: C:\Windows\system32\themeservice.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2013-01-10 12:09:09: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2013-01-10 12:09:09: ServiceDLL: system32\themeservice.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: themeservice.dll
2013-01-10 12:09:09: Original File Name: THEMESERVICE.DLL.MUI
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: THREADORDER
2013-01-10 12:09:09: Real Path: C:\Windows\system32\mmcss.dll
2013-01-10 12:09:09: Display Name: @%systemroot%\system32\mmcss.dll,-102
2013-01-10 12:09:09: Description: @%systemroot%\system32\mmcss.dll,-103
2013-01-10 12:09:09: ServiceDLL: system32\mmcss.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: mmcss.dll
2013-01-10 12:09:09: Original File Name: mmcss.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: TrkWks
2013-01-10 12:09:09: Real Path: C:\Windows\System32\trkwks.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\trkwks.dll,-2
2013-01-10 12:09:09: ServiceDLL: System32\trkwks.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: trkwks.dll
2013-01-10 12:09:09: Original File Name: trkwks.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: UmRdpService
2013-01-10 12:09:09: Real Path: C:\Windows\System32\umrdp.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\umrdp.dll,-1001
2013-01-10 12:09:09: ServiceDLL: System32\umrdp.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: umrdp.dll
2013-01-10 12:09:09: Original File Name: umrdp.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: !!!!!!!
2013-01-10 12:09:09: Found Service: upnphost
2013-01-10 12:09:09: Real Path: C:\Windows\System32\upnphost.dll
2013-01-10 12:09:09: Display Name: @%systemroot%\system32\upnphost.dll,-213
2013-01-10 12:09:09: Description: @%systemroot%\system32\upnphost.dll,-214
2013-01-10 12:09:09: ServiceDLL: System32\upnphost.dll
2013-01-10 12:09:09: File size: 266752
2013-01-10 12:09:09: DLL File name: upnphost.dll
2013-01-10 12:09:09: Original File Name: unpnhost.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time: 20090713181617 20090713165541 20090713165541
2013-01-10 12:09:09: !!!!!!!!!
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: UxSms
2013-01-10 12:09:09: Real Path: C:\Windows\System32\uxsms.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\dwm.exe,-2001
2013-01-10 12:09:09: ServiceDLL: System32\uxsms.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: uxsms.dll
2013-01-10 12:09:09: Original File Name: UxSms.dll
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:09: ---------------------------------------------------------------------
2013-01-10 12:09:09: Found Service: W32Time
2013-01-10 12:09:09: Real Path: C:\Windows\system32\w32time.dll
2013-01-10 12:09:09: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2013-01-10 12:09:09: Description: @%SystemRoot%\system32\w32time.dll,-201
2013-01-10 12:09:09: ServiceDLL: system32\w32time.dll
2013-01-10 12:09:09: File size: 0
2013-01-10 12:09:09: DLL File name: w32time.dll
2013-01-10 12:09:09: Original File Name: w32time.dll.mui
2013-01-10 12:09:09: Company:
2013-01-10 12:09:09: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WbioSrvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\wbiosrvc.dll
2013-01-10 12:09:10: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2013-01-10 12:09:10: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2013-01-10 12:09:10: ServiceDLL: System32\wbiosrvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wbiosrvc.dll
2013-01-10 12:09:10: Original File Name: wbiosrvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: wcncsvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\wcncsvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2013-01-10 12:09:10: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2013-01-10 12:09:10: ServiceDLL: System32\wcncsvc.dll
2013-01-10 12:09:10: File size: 276992
2013-01-10 12:09:10: DLL File name: wcncsvc.dll
2013-01-10 12:09:10: Original File Name: WCNCSVC.DLL.MUI
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20101120202449 20101120202449 20101120202449
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WcsPlugInService
2013-01-10 12:09:10: Real Path: C:\Windows\System32\WcsPlugInService.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2013-01-10 12:09:10: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2013-01-10 12:09:10: ServiceDLL: System32\WcsPlugInService.dll
2013-01-10 12:09:10: File size: 32768
2013-01-10 12:09:10: DLL File name: WcsPlugInService.dll
2013-01-10 12:09:10: Original File Name: WcsPlugInService.DLL.MUI
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20090713181618 20090713162513 20090713162513
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WdiServiceHost
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wdi.dll
2013-01-10 12:09:10: Display Name: @%systemroot%\system32\wdi.dll,-502
2013-01-10 12:09:10: Description: @%systemroot%\system32\wdi.dll,-503
2013-01-10 12:09:10: ServiceDLL: system32\wdi.dll
2013-01-10 12:09:10: File size: 76288
2013-01-10 12:09:10: DLL File name: wdi.dll
2013-01-10 12:09:10: Original File Name: wdi.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20090713181618 20090713161947 20090713161947
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WdiSystemHost
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wdi.dll
2013-01-10 12:09:10: Display Name: @%systemroot%\system32\wdi.dll,-500
2013-01-10 12:09:10: Description: @%systemroot%\system32\wdi.dll,-501
2013-01-10 12:09:10: ServiceDLL: system32\wdi.dll
2013-01-10 12:09:10: File size: 76288
2013-01-10 12:09:10: DLL File name: wdi.dll
2013-01-10 12:09:10: Original File Name: wdi.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20090713181618 20090713161947 20090713161947
2013-01-10 12:09:10: !!!!!!!
2013-01-10 12:09:10: Found Service: WebClient
2013-01-10 12:09:10: Real Path: C:\Windows\System32\webclnt.dll
2013-01-10 12:09:10: Display Name: @%systemroot%\system32\webclnt.dll,-100
2013-01-10 12:09:10: Description: @%systemroot%\system32\webclnt.dll,-101
2013-01-10 12:09:10: ServiceDLL: System32\webclnt.dll
2013-01-10 12:09:10: File size: 204800
2013-01-10 12:09:10: DLL File name: webclnt.dll
2013-01-10 12:09:10: Original File Name: davsvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20101120202449 20101120202449 20101120202449
2013-01-10 12:09:10: !!!!!!!!!
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: Wecsvc
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wecsvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2013-01-10 12:09:10: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2013-01-10 12:09:10: ServiceDLL: system32\wecsvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wecsvc.dll
2013-01-10 12:09:10: Original File Name: wecsvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: !!!!!!!
2013-01-10 12:09:10: Found Service: wercplsupport
2013-01-10 12:09:10: Real Path: C:\Windows\System32\wercplsupport.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2013-01-10 12:09:10: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2013-01-10 12:09:10: ServiceDLL: System32\wercplsupport.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wercplsupport.dll
2013-01-10 12:09:10: Original File Name: ERC
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: !!!!!!!!!
2013-01-10 12:09:10: !!!!!!!
2013-01-10 12:09:10: Found Service: WerSvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\WerSvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2013-01-10 12:09:10: Description: @%SystemRoot%\System32\wersvc.dll,-101
2013-01-10 12:09:10: ServiceDLL: System32\WerSvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: WerSvc.dll
2013-01-10 12:09:10: Original File Name: wersvc
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: !!!!!!!!!
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: Winmgmt
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2013-01-10 12:09:10: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2013-01-10 12:09:10: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2013-01-10 12:09:10: ServiceDLL: system32\wbem\WMIsvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: WMIsvc.dll
2013-01-10 12:09:10: Original File Name: wmisvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WinRM
2013-01-10 12:09:10: Real Path: C:\Windows\system32\WsmSvc.dll
2013-01-10 12:09:10: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2013-01-10 12:09:10: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2013-01-10 12:09:10: ServiceDLL: system32\WsmSvc.dll
2013-01-10 12:09:10: File size: 1175040
2013-01-10 12:09:10: DLL File name: WsmSvc.dll
2013-01-10 12:09:10: Original File Name: WsmSvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20101120202432 20101120202432 20101120202432
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: Wlansvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\wlansvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2013-01-10 12:09:10: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2013-01-10 12:09:10: ServiceDLL: System32\wlansvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wlansvc.dll
2013-01-10 12:09:10: Original File Name: wlansvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WPCSvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\wpcsvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2013-01-10 12:09:10: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2013-01-10 12:09:10: ServiceDLL: System32\wpcsvc.dll
2013-01-10 12:09:10: File size: 10752
2013-01-10 12:09:10: DLL File name: wpcsvc.dll
2013-01-10 12:09:10: Original File Name: wpcsvc.exe.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time: 20090713181620 20090713164010 20090713164010
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WPDBusEnum
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wpdbusenum.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2013-01-10 12:09:10: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2013-01-10 12:09:10: ServiceDLL: system32\wpdbusenum.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wpdbusenum.dll
2013-01-10 12:09:10: Original File Name: WpdBusEnum.DLL.MUI
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: wscsvc
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wscsvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2013-01-10 12:09:10: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2013-01-10 12:09:10: ServiceDLL: system32\wscsvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wscsvc.dll
2013-01-10 12:09:10: Original File Name: wscsvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: wuauserv
2013-01-10 12:09:10: Real Path: C:\Windows\system32\wuaueng.dll
2013-01-10 12:09:10: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2013-01-10 12:09:10: Description: @%systemroot%\system32\wuaueng.dll,-106
2013-01-10 12:09:10: ServiceDLL: system32\wuaueng.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wuaueng.dll
2013-01-10 12:09:10: Original File Name: wuaueng.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: wudfsvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\WUDFSvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2013-01-10 12:09:10: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2013-01-10 12:09:10: ServiceDLL: System32\WUDFSvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: WUDFSvc.dll
2013-01-10 12:09:10: Original File Name: WUDFSvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10: ---------------------------------------------------------------------
2013-01-10 12:09:10: Found Service: WwanSvc
2013-01-10 12:09:10: Real Path: C:\Windows\System32\wwansvc.dll
2013-01-10 12:09:10: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2013-01-10 12:09:10: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2013-01-10 12:09:10: ServiceDLL: System32\wwansvc.dll
2013-01-10 12:09:10: File size: 0
2013-01-10 12:09:10: DLL File name: wwansvc.dll
2013-01-10 12:09:10: Original File Name: WwanSvc.dll.mui
2013-01-10 12:09:10: Company:
2013-01-10 12:09:10: Mod/Cre/Acc time:
2013-01-10 12:09:10:
2013-01-10 12:09:10: Looking for SHELL key
2013-01-10 12:09:10: Now looking for bad DLL files in system32
2013-01-10 12:09:49: Folder: GAC
2013-01-10 12:09:49: Folder: GAC_32
2013-01-10 12:09:49: Folder: GAC_64
2013-01-10 12:09:49: Folder: GAC_MSIL
2013-01-10 12:09:49: Folder: NativeImages_v2.0.50727_32
2013-01-10 12:09:49: Folder: NativeImages_v2.0.50727_64
2013-01-10 12:09:49: Folder: NativeImages_v4.0.30319_32
2013-01-10 12:09:49: Folder: NativeImages_v4.0.30319_64
2013-01-10 12:09:49: Folder: temp
2013-01-10 12:09:49: Folder: tmp
2013-01-10 12:09:49: Checking for bad folder
2013-01-10 12:09:49: Found 1 folders.
2013-01-10 12:09:49: Checking C:\Windows\assembly\tmp
2013-01-10 12:09:49: ... Folder test returns: 1
2013-01-10 12:09:49: Done with folder list in C:\Windows\assembly\ tmp
2013-01-10 12:09:49: Autonomous mode, clearing out yt folder
2013-01-10 12:09:49: cmd.exe /c start "C:\Users\BlueIce\Desktop\yorkyt.exe"
2013-01-10 12:09:58: Restarting...
2013-01-10 12:12:10: ****************************************************
2013-01-10 12:12:10: Starting UP ... v 0.0.0.220
2013-01-10 12:12:10: ****************************************************
2013-01-10 12:12:13: Stop TPSRV returns: 2
2013-01-10 12:12:29: Listing processes...
2013-01-10 12:12:29: :[System Process]:0
2013-01-10 12:12:29: :System:4
2013-01-10 12:12:29: :smss.exe:404
2013-01-10 12:12:29: :csrss.exe:592
2013-01-10 12:12:29: :wininit.exe:668
2013-01-10 12:12:29: :csrss.exe:688
2013-01-10 12:12:29: :services.exe:732
2013-01-10 12:12:29: :lsass.exe:748
2013-01-10 12:12:29: :lsm.exe:760
2013-01-10 12:12:29: :svchost.exe:872
2013-01-10 12:12:29: :winlogon.exe:932
2013-01-10 12:12:29: :nvvsvc.exe:964
2013-01-10 12:12:29: :nvSCPAPISvr.exe:988
2013-01-10 12:12:29: :svchost.exe:140
2013-01-10 12:12:29: :MsMpEng.exe:460
2013-01-10 12:12:29: :svchost.exe:1032
2013-01-10 12:12:29: :svchost.exe:1112
2013-01-10 12:12:29: :svchost.exe:1140
2013-01-10 12:12:29: :audiodg.exe:1212
2013-01-10 12:12:29: :svchost.exe:1288
2013-01-10 12:12:29: :NvXDSync.exe:1408
2013-01-10 12:12:29: :nvvsvc.exe:1420
2013-01-10 12:12:29: :svchost.exe:1500
2013-01-10 12:12:29: :spoolsv.exe:1724
2013-01-10 12:12:29: :svchost.exe:1784
2013-01-10 12:12:29: :PhotoshopElementsFileAgent.exe:1880
2013-01-10 12:12:29: :taskhost.exe:2024
2013-01-10 12:12:29: :taskeng.exe:2040
2013-01-10 12:12:29: :VRMHelp.exe:1700
2013-01-10 12:12:29: :AsRoutineController.exe:1804
2013-01-10 12:12:29: :dwm.exe:1960
2013-01-10 12:12:29: :explorer.exe:1996
2013-01-10 12:12:29: :armsvc.exe:2112
2013-01-10 12:12:29: :atkexComSvc.exe:2176
2013-01-10 12:12:29: :aaHMSvc.exe:2228
2013-01-10 12:12:29: :yorkyt.exe:2340
2013-01-10 12:12:29: :AsSysCtrlService.exe:2424
2013-01-10 12:12:29: :AdminService.exe:2448
2013-01-10 12:12:29: :RAVCpl64.exe:2508
2013-01-10 12:12:29: :BtvStack.exe:2516
2013-01-10 12:12:29: :AthBtTray.exe:2596
2013-01-10 12:12:29: :ipoint.exe:2616
2013-01-10 12:12:29: :msseces.exe:2624
2013-01-10 12:12:29: :BCUService.exe:2692
2013-01-10 12:12:29: :nusb3mon.exe:2748
2013-01-10 12:12:29: :bgsvcgen.exe:2940
2013-01-10 12:12:29: :DTSRVC.exe:3000
2013-01-10 12:12:29: :IPROSetMonitor.exe:3028
2013-01-10 12:12:29: :IAStorIcon.exe:3036
2013-01-10 12:12:29: :BCU.exe:3060
2013-01-10 12:12:29: :AsShellProcess.exe:2128
2013-01-10 12:12:29: :wpCtrl.exe:1708
2013-01-10 12:12:29: :reader_sl.exe:2148
2013-01-10 12:12:29: :AdobeARM.exe:2132
2013-01-10 12:12:29: :acrobat_sl.exe:1748
2013-01-10 12:12:29: :Floater.exe:2244
2013-01-10 12:12:29: :acrotray.exe:2272
2013-01-10 12:12:29: :jusched.exe:2284
2013-01-10 12:12:29: :dthtml.exe:1872
2013-01-10 12:12:29: :acrodist.exe:2324
2013-01-10 12:12:29: :pdisrvc.exe:2888
2013-01-10 12:12:29: :svchost.exe:2640
2013-01-10 12:12:29: :TurboVHelp.exe:2796
2013-01-10 12:12:29: :pnSvc.exe:3692
2013-01-10 12:12:29: :EC Simulator.exe:3700
2013-01-10 12:12:29: :WmiPrvSE.exe:3788
2013-01-10 12:12:29: :SearchIndexer.exe:3992
2013-01-10 12:12:29: :EPUHelp.exe:4064
2013-01-10 12:12:29: :nvtray.exe:3396
2013-01-10 12:12:29: :AI Suite II.exe:2368
2013-01-10 12:12:29: :svchost.exe:3884
2013-01-10 12:12:29: :svchost.exe:3468
2013-01-10 12:12:29: :dllhost.exe:2268
2013-01-10 12:12:29: :wmpnetwk.exe:4120
2013-01-10 12:12:29: :svchost.exe:4296
2013-01-10 12:12:29:
2013-01-10 12:12:29: Starting cleanup mode...
2013-01-10 12:13:32: ... Done with files, now folders
2013-01-10 12:14:09: All DONE






# AdwCleaner v2.105 - Logfile created 01/10/2013 at 12:18:50
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : BlueIce - BLUEICE-PC
# Boot Mode : Normal
# Running from : C:\Users\BlueIce\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\BlueIce\AppData\Roaming\Mozilla\Firefox\Profiles\fu7ymict.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [675 octets] - [10/01/2013 12:18:50]

########## EOF - C:\AdwCleaner[R1].txt - [734 octets] ##########

#9 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 04:57 PM

I just tried my laptop that's running XP and got redirected when clicking on a leatherworker.net forum page that's in a google search result. Just before this, my wife was browsing with the laptop for a half hour and never had any redirects. I haven't swapped any files lately between these 2 computers. I do have a reasonable password on my router, but it is or was saved in firefox before I uninstalled it.

Router is a Linksys WRT54G

Modem is Paradyne model no. 6211-12-200

My son plugged a flash drive into my HP Office Jet Pro8500 that has also been plugged into a computer at school. This printer is run though the router listed above.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:53 AM

Posted 10 January 2013 - 05:15 PM

leatherworker.net forum page that's in a google search result

This seems to be something on there end, If it only redirecting when you click on something from their forum or site. There site may have been infected or exploited. You need to tell them what it is doing and that Bleeping Computer is telling you your machine is clean. We can reset the router and see if that helps. I'm just not finding anything that would suggest an infection. Everything is pointing to there end.

Our forums had been exploited though a security hole in Invision Power Board

Im also finding this alot when searching for URL4SHORT.INFO

How to reset the router.

  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Edited by fireman4it, 10 January 2013 - 05:26 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 05:40 PM

[*]Download RogueKiller on the desktop
[*]Close all the running processes

Do you mean end all processes in the task manager? :o
or just close any programs.
MSEssentials or firewall?

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:53 AM

Posted 10 January 2013 - 09:46 PM

Do you mean end all processes in the task manager? :o
or just close any programs.
MSEssentials or firewall?


Just close any open programs. MSSE and the firewall shouldn't matter.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 10:37 PM

I talked to my ISP and they helped me confirm my DNS#s. There is a primary and secondary. It was set to auto. These now show up on network connections details along with another one that they couldn't explain. When I google the third one it comes up as my ISP. It shows up on the stats on my website after I visit it.

Here's the last scan. I didn't do anything except scan.

Still redirecting.

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BlueIce [Admin rights]
Mode : Scan -- Date : 01/10/2013 20:18:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][SUSP PATH] {A970EDE5-89AF-41F0-BF2D-97E105951D72} : C:\Users\BlueIce\Desktop\DownLoads\dvdmenu.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MediaProjects +++++
--- User ---
[MBR] c3fea93983f6babcee3a90e0d2f964c8
[BSP] c00949bafb9c73ddcc86d52c1e239b39 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: PvuMCacheExport +++++
--- User ---
[MBR] 3f4513f9edab5b69497b55568a6a56f6
[BSP] bc2b503aeeba72ab7bcfd9ebb5db84b1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: SAMSUNG HD322GJ +++++
--- User ---
[MBR] 1ca199fa0120dfd26476bc3cc964a3a8
[BSP] 9f60d02dc9f22ab698d02afbbe4c012e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01102013_02d2018.txt >>
RKreport[1]_S_01102013_02d2018.txt

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:53 AM

Posted 10 January 2013 - 10:42 PM

1.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

Is it still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 JaRey

JaRey
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 10 January 2013 - 11:44 PM

It still redirects

Now when I right click on my Local Area Connections shortcut to try and disable, the screen dimms and a small window labeled "user account control" asks me "do you want to allow the following changes?"

I've never seen this before or told it to change the user account. The task manager is limited as well and when I click on "show processes from all users" the same dimming and little window pop up. I haven't clicked on this window.

Did the RogueKiller deleting do this?

Here's the last scan with delete log

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : BlueIce [Admin rights]
Mode : Remove -- Date : 01/10/2013 20:56:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] {A970EDE5-89AF-41F0-BF2D-97E105951D72} : C:\Users\BlueIce\Desktop\DownLoads\dvdmenu.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MediaProjects +++++
--- User ---
[MBR] c3fea93983f6babcee3a90e0d2f964c8
[BSP] c00949bafb9c73ddcc86d52c1e239b39 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: PvuMCacheExport +++++
--- User ---
[MBR] 3f4513f9edab5b69497b55568a6a56f6
[BSP] bc2b503aeeba72ab7bcfd9ebb5db84b1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907731 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: SAMSUNG HD322GJ +++++
--- User ---
[MBR] 1ca199fa0120dfd26476bc3cc964a3a8
[BSP] 9f60d02dc9f22ab698d02afbbe4c012e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_01102013_02d2056.txt >>
RKreport[1]_S_01102013_02d2018.txt ; RKreport[2]_S_01102013_02d2056.txt ; RKreport[3]_D_01102013_02d2056.txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users