Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post BSOD ntoskrnl.exe error after FBI Cyberc ...
Go to first new post Trojan virus
Go to first new post cant connect to internet!!
Go to first new post win32.trojan.agent on Ad-Aware
Go to first new post YellowMoxie Redirect
Go to first new post Audio Ads Playing in the Background + Ot ...
Go to first new post Click live search redirect..........Help ...
Go to first new post Blekko Lavasoft search engine removal
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Printer Communication Problem- HKLM Boot ...
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post adminstrator account not working
Go to first new post Help! Everything not responding!
Go to first new post email hacked
Go to first new post Fubar virus?
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: globalroot\systemroot\assembly\temp\U.....


(!)

Reply
Page 1 of 4 1 234
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
09-May-2012, 01:02 PM #1
globalroot\systemroot\assembly\temp\U.....
Greetings All,

First apologies: The computer with the issues is not commected to the net, and therefore I was unable to download the TSG SysInfo tool. Also, Please forgive if this is posted in the incorrect forum, but as I located the post below:

http://forums.techguy.org/virus-other-malware-removal/1021842-norton-system-infected-tidserv-activity.html

(dated: October 12, 2011) in this forum, AND have the following in common with the post:

……when I try to open webpages sometimes, a warning window pops up titled
"Mswinext.exe - Bad image" and it says the following:

\\.\globalroot\systemroot\assembly\tmp\U\80000032.@ is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact yoursystem administrator or the software vendor for support.

I thought this might be the correct place J


I also *thought* Norton was the cause of the problem (as the Warning Window was first noticed when attempting to install Norton from my service provider – Comcast – more about that in paragraph to follow), at which point “Norton_Download_Manager.exe – Bad Image” was contained in the Warning Window header, but as cited above, other programs have appeared in the header as well. For the record, I *believe* the Window Warning header always contains an.”exe” extention, but am not certain.

These issues are occuring on a Compaq notebook, with the “Windows 7 Home Premium”, 64-bit Operating System. Yesterday, I ran a computer scan (via F10 and/or F11…BIOS?) and was declared healthy – but all errors above still remain.

Here’s the more about Comcast part - in their infinite wisdom, they made it next to impossible to download Norton360 alone. They ‘highly recommend’ installation of Norton along with the “Constant Guard” product. In one of my futile attempts to return the computer to a healthy state, I downloaded Revo Uninstaller and attempted to eradicate both Constant Guard and Norton, and re-install only Norton. Having done so, many Norton folders that contained “Viruses found” listings are no available at present, but I do remember Trojan (Gen_2, maybe?) being one of the latest four placed in quarantine.

I’m obviously not the most computer savvy type – but I hope someone will choose to reach out and guide me.

Thanks and blessings to you in advance.

Cindy
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
12-May-2012, 12:08 AM #2
slight update
Hi!

I've been working with Norton tech's and things *seem* pretty good - BUT, from what I've read here about the ZeroAccess virus, I'm scared that other computers on our secure net might be infected

Quick Norton rundown (again, I'm not very computer savvy...sorry) - things that I noticed while watching the Norton tech work remotely (which, btw; I'm not real comfortable about).
  • He said it was ZeroAccess and downloaded a ZeroAccess Fix Tool 1.0.1
  • He noticed "Base Filtering Engine" was missing...and restored it with a boat-load of hexidecimal 'stuff' that he first placed into notepad
  • I *think* it was during Norton scans that I noticed a couple of Trojan.Gen.2 issues and also a Backdoor Trojan (I never saw anything that "said" ZeroAccess
  • Once the Norton tech got Norton working - and I did the first scan - the results mentioned a "proxyhostmirrordisplay' found and deleting of c:\windows\system32\Rlouniv.dll
  • Also mentioned load point keys being repaired
Again, I'm sorry - not too technical, I know.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
12-May-2012, 04:44 AM #3
Hello Cindy and welcome to TSG,

Without logs we have no way of finding out what is wrong with your system. You mention working with a Norton Tech, did the tech come to your house? or was this done online? there is also a reference to the tech downloading specific tools, how was that done if you have no internet connection.

I need to see the following logs before we can progress:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

If this system has no connection you can d/l on a different PC and transfer to the infected one, then save the logs copy to USB stick, CD etc and transfer back and upload that way.

Kevin
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
12-May-2012, 11:02 PM #4
Hi Kevin!

Logs follow....answers to your questions at the bottom

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by brandon at 22:13:48 on 2012-05-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.547 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\taskhost.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [(Default)]
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
2012-05-12 04:30:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-05-12 04:30:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-05-12 04:17:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-05-12 04:17:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-05-12 04:17:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-05-12 04:17:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-05-12 04:17:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-05-12 04:17:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-05-12 04:17:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-05-12 04:17:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-05-12 04:17:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-05-12 04:01:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-12 03:59:59 2326016 ----a-w- C:\Windows\System32\tquery.dll
2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-05-12 03:45:18 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-12 03:44:54 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-12 03:40:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-05-12 03:40:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-05-12 03:40:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-12 03:40:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-12 03:40:19 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-12 03:35:11 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-05-12 03:33:19 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-12 03:33:18 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2012-05-12 03:29:54 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-12 03:18:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-12 03:18:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-12 03:18:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-12 03:15:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-05-12 03:15:56 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-05-12 03:15:54 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-05-12 03:15:54 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-05-12 03:14:20 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-05-12 03:14:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-05-12 03:14:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-05-12 03:14:08 112000 ----a-w- C:\Windows\System32\consent.exe
2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-12 03:12:25 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-12 03:11:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-05-12 03:11:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-05-12 03:11:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-05-12 03:11:21 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 03:02:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-05-12 03:02:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-05-12 02:58:07 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-12 02:58:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-12 02:58:04 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-05-12 02:58:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-12 02:55:19 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-12 02:55:19 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
2012-04-13 23:47:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-10 00:54:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-15 01:29:56 12942400 ----a-w- C:\Users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:17:02.98 ===============.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/18/2011 2:10:26 AM
System Uptime: 5/12/2012 9:47:10 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1604
Processor: AMD V140 Processor | Socket S1G4 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 149.071 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.491 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP37: 5/6/2012 8:54:57 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP39: 5/6/2012 8:55:26 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP41: 5/6/2012 8:58:25 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP43: 5/6/2012 8:59:32 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP45: 5/6/2012 11:40:46 PM - Revo Uninstaller Pro's restore point - Norton Security Suite
RP47: 5/6/2012 11:44:27 PM - Revo Uninstaller Pro's restore point - Norton Online Backup
RP48: 5/6/2012 11:44:52 PM - Removed Norton Online Backup
RP50: 5/7/2012 12:11:26 AM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
RP52: 5/7/2012 12:14:46 AM - Revo Uninstaller Pro's restore point - norton
RP54: 5/8/2012 10:34:20 PM - Revo Uninstaller Pro's restore point - Norton Online Backup
RP55: 5/8/2012 10:35:57 PM - Removed Norton Online Backup
RP57: 5/8/2012 10:48:46 PM - Revo Uninstaller Pro's restore point -
RP59: 5/8/2012 11:03:03 PM - Revo Uninstaller Pro's restore point -
RP61: 5/8/2012 11:04:31 PM - Revo Uninstaller Pro's restore point -
RP63: 5/8/2012 11:09:54 PM - Revo Uninstaller Pro's restore point -
RP65: 5/8/2012 11:32:19 PM - Revo Uninstaller Pro's restore point -
RP67: 5/9/2012 12:49:02 AM - Revo Uninstaller Pro's restore point - Norton Download Manager
RP69: 5/9/2012 12:49:59 AM - Revo Uninstaller Pro's restore point - Norton Download Manager
RP70: 5/11/2012 10:13:08 PM - HPSF Restore Point
RP71: 5/11/2012 10:24:43 PM - HPSF Restore Point
RP72: 5/11/2012 10:28:13 PM - HPSF Restore Point
RP73: 5/11/2012 10:59:58 PM - Windows Update
RP74: 5/11/2012 11:14:09 PM - Windows Update
RP75: 5/11/2012 11:30:44 PM - Windows Update
RP76: 5/12/2012 12:14:22 AM - Windows Update
RP77: 5/12/2012 1:30:12 AM - Removed HP Deskjet 3050A J611 series Basic Device Software
RP79: 5/12/2012 1:42:12 AM - Revo Uninstaller Pro's restore point -
RP81: 5/12/2012 1:44:15 AM - Revo Uninstaller Pro's restore point - HP Deskjet 3050A J611 series Basic Device Software
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Reader 9.3 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Ask Toolbar
Ask Toolbar Updater
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Blackhawk Striker 2
Build-a-lot 2
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
erLT
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
FrostWire 5.0.8
GuardedID
H&R Block Deluxe + Efile + State 2011
H&R Block New Jersey 2011
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050A J611 series Help
HP Documentation
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Suite
ooVoo
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:44:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/9/2012 8:44:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/6/2012 9:05:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
5/6/2012 8:31:58 PM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/6/2012 7:55:01 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
5/6/2012 7:54:55 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The pipe has been ended.
5/6/2012 4:34:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/6/2012 4:26:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 3:43:54 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/6/2012 3:30:04 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/6/2012 2:00:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/6/2012 11:21:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/6/2012 11:20:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/6/2012 11:20:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/6/2012 11:20:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2012 11:20:54 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
5/6/2012 11:20:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/6/2012 11:20:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
5/6/2012 11:20:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/5/2012 1:25:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
5/5/2012 1:25:50 AM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/12/2012 9:48:27 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
5/12/2012 9:48:06 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/12/2012 9:48:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/12/2012 12:42:18 AM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================

Hope I did that correctly :-) Now, the promised answers:


The day I typed the first post, I was not at a location from which the infected computer could gain internet access, and I didn't think of your suggestion. For the most part, the internet connection (when available) has been consistent with the infected computer.

The work done by the Norton Tech was done remotely, via the internet, which allowed him to download the tools.

Lastly, I apologize for the delay....was cutting down trees all day. THANK YOU KEVIN for your patience and help
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-May-2012, 06:32 AM #5
Thankyou for the logs and update, don`t worry about reply times it is no big issue with me. Just post back when you have the time...

OK the logs do indicate ZeroAccess rootkit infection, do the following:

Step 1

Download Yorkyt.exe and save to your Desktop.


Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"





Select Yes to restart at the prompt.





Let it restart again when prompted.





Be patient as the tool is working after the 2nd reboot.





When you see the above, test to see if browser redirects are present or not.

Attach the Yorkyt.exe.log to your next message (it should be on your desktop)

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Let me see those two logs in next reply..

Kevin
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
13-May-2012, 03:11 PM #6
What a kind soul you are Kevin Thanks to both you and your lovely mother (assuming you celebrate Mother's Day in the UK) for your time today

Logs follow:



2012-05-13 14:15:11: ****************************************************
2012-05-13 14:15:11: Starting UP ... v 0.0.0.220
2012-05-13 14:15:11: ****************************************************
2012-05-13 14:15:11: Stop TPSRV returns: 2
2012-05-13 14:15:27: Listing processes...
2012-05-13 14:15:27: :[System Process]:0
2012-05-13 14:15:27: :System:4
2012-05-13 14:15:27: :smss.exe:276
2012-05-13 14:15:27: :csrss.exe:400
2012-05-13 14:15:27: :wininit.exe:460
2012-05-13 14:15:27: :csrss.exe:472
2012-05-13 14:15:27: :services.exe:520
2012-05-13 14:15:27: :lsass.exe:532
2012-05-13 14:15:27: :lsm.exe:540
2012-05-13 14:15:27: :winlogon.exe:568
2012-05-13 14:15:27: :svchost.exe:692
2012-05-13 14:15:27: :svchost.exe:752
2012-05-13 14:15:27: :atiesrxx.exe:800
2012-05-13 14:15:27: :svchost.exe:892
2012-05-13 14:15:27: :svchost.exe:924
2012-05-13 14:15:27: :svchost.exe:952
2012-05-13 14:15:27: :audiodg.exe:312
2012-05-13 14:15:27: :TrustedInstaller.exe:396
2012-05-13 14:15:27: :svchost.exe:652
2012-05-13 14:15:27: :svchost.exe:1140
2012-05-13 14:15:27: :wlanext.exe:1208
2012-05-13 14:15:27: :conhost.exe:1216
2012-05-13 14:15:27: :spoolsv.exe:1316
2012-05-13 14:15:27: :svchost.exe:1344
2012-05-13 14:15:27: :svchost.exe:1504
2012-05-13 14:15:27: :AERTSr64.exe:1536
2012-05-13 14:15:27: :CinemaNowSvc.exe:1556
2012-05-13 14:15:27: :PresentationFontCache.exe:1624
2012-05-13 14:15:27: :HPDrvMntSvc.exe:1704
2012-05-13 14:15:27: :HPWMISVC.exe:1740
2012-05-13 14:15:27: :ccsvchst.exe:1776
2012-05-13 14:15:27: :svchost.exe:1824
2012-05-13 14:15:27: :SeaPort.exe:1880
2012-05-13 14:15:27: :svchost.exe:1912
2012-05-13 14:15:27: :WLIDSVC.EXE:1988
2012-05-13 14:15:27: :SearchIndexer.exe:1588
2012-05-13 14:15:27: :WLIDSVCM.EXE:1008
2012-05-13 14:15:27: :WmiPrvSE.exe:2236
2012-05-13 14:15:27: :atieclxx.exe:1688
2012-05-13 14:15:27: :HPSA_Service.exe:1804
2012-05-13 14:15:27: :HPWA_Service.exe:1948
2012-05-13 14:15:27: :RtVOsdService.exe:2160
2012-05-13 14:15:27: :RtVOsd.exe:2144
2012-05-13 14:15:27: :WmiPrvSE.exe:2684
2012-05-13 14:15:27: :hpqWmiEx.exe:2780
2012-05-13 14:15:27: :wmpnetwk.exe:2808
2012-05-13 14:15:27: :ccsvchst.exe:188
2012-05-13 14:15:27: :taskhost.exe:3096
2012-05-13 14:15:27: :dwm.exe:3192
2012-05-13 14:15:27: :explorer.exe:3236
2012-05-13 14:15:27: :SynTPEnh.exe:3540
2012-05-13 14:15:27: :rundll32.exe:3588
2012-05-13 14:15:27: :SynTPHelper.exe:3888
2012-05-13 14:15:27: :taskeng.exe:3016
2012-05-13 14:15:27: :svchost.exe:3520
2012-05-13 14:15:27: :taskeng.exe:1124
2012-05-13 14:15:27: :taskeng.exe:2108
2012-05-13 14:15:27: :jusched.exe:3616
2012-05-13 14:15:27: :iexplore.exe:1384
2012-05-13 14:15:27: :iexplore.exe:4068
2012-05-13 14:15:27: :mswinext.exe:2292
2012-05-13 14:15:27: :SCServer.exe:3028
2012-05-13 14:15:27: :FlashUtil32_11_2_202_235_ActiveX.exe:1356
2012-05-13 14:15:27: :iexplore.exe:4780
2012-05-13 14:15:27: :SearchProtocolHost.exe:5092
2012-05-13 14:15:27: :SearchFilterHost.exe:5112
2012-05-13 14:15:27: :yorkyt.exe:4592
2012-05-13 14:15:27:
2012-05-13 14:15:27: Setting restore point
2012-05-13 14:16:19: RUN mode
2012-05-13 14:16:19: Determining autonomous or dropped mode...
2012-05-13 14:16:19: Autonomus mode
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AeLookupSvc
2012-05-13 14:16:19: Real Path: C:\Windows\System32\aelupsvc.dll
2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-05-13 14:16:19: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-05-13 14:16:19: ServiceDLL: System32\aelupsvc.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: aelupsvc.dll
2012-05-13 14:16:19: Original File Name: aelupsvc.dll.mui
2012-05-13 14:16:19: Company:
2012-05-13 14:16:19: Mod/Cre/Acc time:
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AppIDSvc
2012-05-13 14:16:19: Real Path: C:\Windows\System32\appidsvc.dll
2012-05-13 14:16:19: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-05-13 14:16:19: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-05-13 14:16:19: ServiceDLL: System32\appidsvc.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: appidsvc.dll
2012-05-13 14:16:19: Original File Name: appidsvc.dll.mui
2012-05-13 14:16:19: Company:
2012-05-13 14:16:19: Mod/Cre/Acc time:
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: Appinfo
2012-05-13 14:16:19: Real Path: C:\Windows\System32\appinfo.dll
2012-05-13 14:16:19: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-05-13 14:16:19: Description: @%systemroot%\system32\appinfo.dll,-101
2012-05-13 14:16:19: ServiceDLL: System32\appinfo.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: appinfo.dll
2012-05-13 14:16:19: Original File Name: appinfo.dll.mui
2012-05-13 14:16:19: Company:
2012-05-13 14:16:19: Mod/Cre/Acc time:
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AudioEndpointBuilder
2012-05-13 14:16:19: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-05-13 14:16:19: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-05-13 14:16:19: ServiceDLL: System32\Audiosrv.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: Audiosrv.dll
2012-05-13 14:16:19: Original File Name: audiosrv.dll.mui
2012-05-13 14:16:19: Company:
2012-05-13 14:16:19: Mod/Cre/Acc time:
2012-05-13 14:16:19: ---------------------------------------------------------------------
2012-05-13 14:16:19: Found Service: AudioSrv
2012-05-13 14:16:19: Real Path: C:\Windows\System32\Audiosrv.dll
2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-05-13 14:16:19: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-05-13 14:16:19: ServiceDLL: System32\Audiosrv.dll
2012-05-13 14:16:19: File size: 0
2012-05-13 14:16:19: DLL File name: Audiosrv.dll
2012-05-13 14:16:19: Original File Name: audiosrv.dll.mui
2012-05-13 14:16:19: Company:
2012-05-13 14:16:19: Mod/Cre/Acc time:
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: AxInstSV
2012-05-13 14:16:20: Real Path: C:\Windows\System32\AxInstSV.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-05-13 14:16:20: ServiceDLL: System32\AxInstSV.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: AxInstSV.dll
2012-05-13 14:16:20: Original File Name: AxInstSv.dll.mui
2012-05-13 14:16:20: Company:
2012-05-13 14:16:20: Mod/Cre/Acc time:
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: BDESVC
2012-05-13 14:16:20: Real Path: C:\Windows\System32\bdesvc.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-05-13 14:16:20: ServiceDLL: System32\bdesvc.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: bdesvc.dll
2012-05-13 14:16:20: Original File Name: BDESVC.DLL.MUI
2012-05-13 14:16:20: Company:
2012-05-13 14:16:20: Mod/Cre/Acc time:
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: BFE
2012-05-13 14:16:20: Real Path: C:\Windows\System32\bfe.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-05-13 14:16:20: ServiceDLL: System32\bfe.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: bfe.dll
2012-05-13 14:16:20: Original File Name: BFE.DLL.MUI
2012-05-13 14:16:20: Company:
2012-05-13 14:16:20: Mod/Cre/Acc time:
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: BITS
2012-05-13 14:16:20: Real Path: C:\Windows\System32\qmgr.dll
2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-05-13 14:16:20: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-05-13 14:16:20: ServiceDLL: System32\qmgr.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: qmgr.dll
2012-05-13 14:16:20: Original File Name: qmgr.dll.mui
2012-05-13 14:16:20: Company:
2012-05-13 14:16:20: Mod/Cre/Acc time:
2012-05-13 14:16:20: ---------------------------------------------------------------------
2012-05-13 14:16:20: Found Service: Browser
2012-05-13 14:16:20: Real Path: C:\Windows\System32\browser.dll
2012-05-13 14:16:20: Display Name: @%systemroot%\system32\browser.dll,-100
2012-05-13 14:16:20: Description: @%systemroot%\system32\browser.dll,-101
2012-05-13 14:16:20: ServiceDLL: System32\browser.dll
2012-05-13 14:16:20: File size: 0
2012-05-13 14:16:20: DLL File name: browser.dll
2012-05-13 14:16:20: Original File Name: browser.dll.mui
2012-05-13 14:16:20: Company:
2012-05-13 14:16:20: Mod/Cre/Acc time:
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: bthserv
2012-05-13 14:16:21: Real Path: C:\Windows\system32\bthserv.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-05-13 14:16:21: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-05-13 14:16:21: ServiceDLL: system32\bthserv.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: bthserv.dll
2012-05-13 14:16:21: Original File Name: BTHSERV.DLL.MUI
2012-05-13 14:16:21: Company:
2012-05-13 14:16:21: Mod/Cre/Acc time:
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: CertPropSvc
2012-05-13 14:16:21: Real Path: C:\Windows\System32\certprop.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-05-13 14:16:21: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-05-13 14:16:21: ServiceDLL: System32\certprop.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: certprop.dll
2012-05-13 14:16:21: Original File Name: certprop.dll.mui
2012-05-13 14:16:21: Company:
2012-05-13 14:16:21: Mod/Cre/Acc time:
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: CryptSvc
2012-05-13 14:16:21: Real Path: C:\Windows\system32\cryptsvc.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-05-13 14:16:21: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-05-13 14:16:21: ServiceDLL: system32\cryptsvc.dll
2012-05-13 14:16:21: File size: 135680
2012-05-13 14:16:21: DLL File name: cryptsvc.dll
2012-05-13 14:16:21: Original File Name: cryptsvc.dll.mui
2012-05-13 14:16:21: Company:
2012-05-13 14:16:21: Mod/Cre/Acc time: 20090713211507 20090713193303 20090713193303
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: DcomLaunch
2012-05-13 14:16:21: Real Path: C:\Windows\system32\rpcss.dll
2012-05-13 14:16:21: Display Name: @oleres.dll,-5012
2012-05-13 14:16:21: Description: @oleres.dll,-5013
2012-05-13 14:16:21: ServiceDLL: system32\rpcss.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: rpcss.dll
2012-05-13 14:16:21: Original File Name: rpcss.dll
2012-05-13 14:16:21: Company:
2012-05-13 14:16:21: Mod/Cre/Acc time:
2012-05-13 14:16:21: ---------------------------------------------------------------------
2012-05-13 14:16:21: Found Service: defragsvc
2012-05-13 14:16:21: Real Path: C:\Windows\System32\defragsvc.dll
2012-05-13 14:16:21: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-05-13 14:16:21: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-05-13 14:16:21: ServiceDLL: System32\defragsvc.dll
2012-05-13 14:16:21: File size: 0
2012-05-13 14:16:21: DLL File name: defragsvc.dll
2012-05-13 14:16:21: Original File Name: defragsvc.dll.mui
2012-05-13 14:16:21: Company:
2012-05-13 14:16:21: Mod/Cre/Acc time:
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: Dhcp
2012-05-13 14:16:22: Real Path: C:\Windows\system32\dhcpcore.dll
2012-05-13 14:16:22: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-05-13 14:16:22: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\dhcpcore.dll
2012-05-13 14:16:22: File size: 253440
2012-05-13 14:16:22: DLL File name: dhcpcore.dll
2012-05-13 14:16:22: Original File Name: dhcpcore.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: Dnscache
2012-05-13 14:16:22: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-05-13 14:16:22: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-05-13 14:16:22: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-05-13 14:16:22: ServiceDLL: System32\dnsrslvr.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: dnsrslvr.dll
2012-05-13 14:16:22: Original File Name: dnsrslvr.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: dot3svc
2012-05-13 14:16:22: Real Path: C:\Windows\System32\dot3svc.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-05-13 14:16:22: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-05-13 14:16:22: ServiceDLL: System32\dot3svc.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: dot3svc.dll
2012-05-13 14:16:22: Original File Name: dot3svc.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: DPS
2012-05-13 14:16:22: Real Path: C:\Windows\system32\dps.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\dps.dll,-500
2012-05-13 14:16:22: Description: @%systemroot%\system32\dps.dll,-501
2012-05-13 14:16:22: ServiceDLL: system32\dps.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: dps.dll
2012-05-13 14:16:22: Original File Name: dps.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: EapHost
2012-05-13 14:16:22: Real Path: C:\Windows\System32\eapsvc.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-05-13 14:16:22: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-05-13 14:16:22: ServiceDLL: System32\eapsvc.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: eapsvc.dll
2012-05-13 14:16:22: Original File Name: eapsvc.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: EventSystem
2012-05-13 14:16:22: Real Path: C:\Windows\system32\es.dll
2012-05-13 14:16:22: Display Name: @comres.dll,-2450
2012-05-13 14:16:22: Description: @comres.dll,-2451
2012-05-13 14:16:22: ServiceDLL: system32\es.dll
2012-05-13 14:16:22: File size: 271360
2012-05-13 14:16:22: DLL File name: es.dll
2012-05-13 14:16:22: Original File Name: ES.DLL
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: fdPHost
2012-05-13 14:16:22: Real Path: C:\Windows\system32\fdPHost.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-05-13 14:16:22: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\fdPHost.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: fdPHost.dll
2012-05-13 14:16:22: Original File Name: fdPHost.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: ---------------------------------------------------------------------
2012-05-13 14:16:22: Found Service: FDResPub
2012-05-13 14:16:22: Real Path: C:\Windows\system32\fdrespub.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-05-13 14:16:22: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\fdrespub.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: fdrespub.dll
2012-05-13 14:16:22: Original File Name: FDResPub.dll.mui
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: !!!!!!!
2012-05-13 14:16:22: Found Service: FontCache
2012-05-13 14:16:22: Real Path: C:\Windows\system32\FntCache.dll
2012-05-13 14:16:22: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-05-13 14:16:22: Description: @%systemroot%\system32\FntCache.dll,-101
2012-05-13 14:16:22: ServiceDLL: system32\FntCache.dll
2012-05-13 14:16:22: File size: 0
2012-05-13 14:16:22: DLL File name: FntCache.dll
2012-05-13 14:16:22: Original File Name: FontCacheService
2012-05-13 14:16:22: Company:
2012-05-13 14:16:22: Mod/Cre/Acc time:
2012-05-13 14:16:22: !!!!!!!!!
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: gpsvc
2012-05-13 14:16:23: Real Path: C:\Windows\System32\gpsvc.dll
2012-05-13 14:16:23: Display Name: @gpapi.dll,-112
2012-05-13 14:16:23: Description: @gpapi.dll,-113
2012-05-13 14:16:23: ServiceDLL: System32\gpsvc.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: gpsvc.dll
2012-05-13 14:16:23: Original File Name: gpsvc.dll.mui
2012-05-13 14:16:23: Company:
2012-05-13 14:16:23: Mod/Cre/Acc time:
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: hidserv
2012-05-13 14:16:23: Real Path: C:\Windows\system32\hidserv.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-05-13 14:16:23: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-05-13 14:16:23: ServiceDLL: system32\hidserv.dll
2012-05-13 14:16:23: File size: 49152
2012-05-13 14:16:23: DLL File name: hidserv.dll
2012-05-13 14:16:23: Original File Name: HIDSERV.DLL.MUI
2012-05-13 14:16:23: Company:
2012-05-13 14:16:23: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: hkmsvc
2012-05-13 14:16:23: Real Path: C:\Windows\system32\kmsvc.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-05-13 14:16:23: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-05-13 14:16:23: ServiceDLL: system32\kmsvc.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: kmsvc.dll
2012-05-13 14:16:23: Original File Name: KmSvc.DLL.MUI
2012-05-13 14:16:23: Company:
2012-05-13 14:16:23: Mod/Cre/Acc time:
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: HomeGroupListener
2012-05-13 14:16:23: Real Path: C:\Windows\system32\ListSvc.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-05-13 14:16:23: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-05-13 14:16:23: ServiceDLL: system32\ListSvc.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: ListSvc.dll
2012-05-13 14:16:23: Original File Name: ListSvc.dll.mui
2012-05-13 14:16:23: Company:
2012-05-13 14:16:23: Mod/Cre/Acc time:
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: HomeGroupProvider
2012-05-13 14:16:23: Real Path: C:\Windows\system32\provsvc.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-05-13 14:16:23: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-05-13 14:16:23: ServiceDLL: system32\provsvc.dll
2012-05-13 14:16:23: File size: 165376
2012-05-13 14:16:23: DLL File name: provsvc.dll
2012-05-13 14:16:23: Original File Name: provsvc.dll.mui
2012-05-13 14:16:23: Company:
2012-05-13 14:16:23: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941
2012-05-13 14:16:23: ---------------------------------------------------------------------
2012-05-13 14:16:23: Found Service: IKEEXT
2012-05-13 14:16:23: Real Path: C:\Windows\System32\ikeext.dll
2012-05-13 14:16:23: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-05-13 14:16:23: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-05-13 14:16:23: ServiceDLL: System32\ikeext.dll
2012-05-13 14:16:23: File size: 0
2012-05-13 14:16:23: DLL File name: ikeext.dll
2012-05-13 14:16:23: Original File Name: IKEEXT.DLL.MUI
2012-05-13 14:16:23: Company:
2012-05-13 14:16:23: Mod/Cre/Acc time:
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: IPBusEnum
2012-05-13 14:16:24: Real Path: C:\Windows\system32\ipbusenum.dll
2012-05-13 14:16:24: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-05-13 14:16:24: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-05-13 14:16:24: ServiceDLL: system32\ipbusenum.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: ipbusenum.dll
2012-05-13 14:16:24: Original File Name: IPBusEnum.dll.mui
2012-05-13 14:16:24: Company:
2012-05-13 14:16:24: Mod/Cre/Acc time:
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: KtmRm
2012-05-13 14:16:24: Real Path: C:\Windows\system32\msdtckrm.dll
2012-05-13 14:16:24: Display Name: @comres.dll,-2946
2012-05-13 14:16:24: Description: @comres.dll,-2947
2012-05-13 14:16:24: ServiceDLL: system32\msdtckrm.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: msdtckrm.dll
2012-05-13 14:16:24: Original File Name: MSDTCKRM.DLL
2012-05-13 14:16:24: Company:
2012-05-13 14:16:24: Mod/Cre/Acc time:
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: LanmanServer
2012-05-13 14:16:24: Real Path: C:\Windows\system32\srvsvc.dll
2012-05-13 14:16:24: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-05-13 14:16:24: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-05-13 14:16:24: ServiceDLL: system32\srvsvc.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: srvsvc.dll
2012-05-13 14:16:24: Original File Name: SRVSVC.DLL.MUI
2012-05-13 14:16:24: Company:
2012-05-13 14:16:24: Mod/Cre/Acc time:
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: LanmanWorkstation
2012-05-13 14:16:24: Real Path: C:\Windows\System32\wkssvc.dll
2012-05-13 14:16:24: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-05-13 14:16:24: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-05-13 14:16:24: ServiceDLL: System32\wkssvc.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: wkssvc.dll
2012-05-13 14:16:24: Original File Name: WKSSVC.DLL.MUI
2012-05-13 14:16:24: Company:
2012-05-13 14:16:24: Mod/Cre/Acc time:
2012-05-13 14:16:24: ---------------------------------------------------------------------
2012-05-13 14:16:24: Found Service: lltdsvc
2012-05-13 14:16:24: Real Path: C:\Windows\System32\lltdsvc.dll
2012-05-13 14:16:24: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-05-13 14:16:24: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-05-13 14:16:24: ServiceDLL: System32\lltdsvc.dll
2012-05-13 14:16:24: File size: 0
2012-05-13 14:16:24: DLL File name: lltdsvc.dll
2012-05-13 14:16:24: Original File Name: LLTDSVC.DLL
2012-05-13 14:16:24: Company:
2012-05-13 14:16:24: Mod/Cre/Acc time:
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: lmhosts
2012-05-13 14:16:25: Real Path: C:\Windows\System32\lmhsvc.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-05-13 14:16:25: ServiceDLL: System32\lmhsvc.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: lmhsvc.dll
2012-05-13 14:16:25: Original File Name: lmhsvc.dll.mui
2012-05-13 14:16:25: Company:
2012-05-13 14:16:25: Mod/Cre/Acc time:
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: Mcx2Svc
2012-05-13 14:16:25: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-05-13 14:16:25: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-05-13 14:16:25: ServiceDLL: system32\Mcx2Svc.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: Mcx2Svc.dll
2012-05-13 14:16:25: Original File Name: Mcx2Svc.dll
2012-05-13 14:16:25: Company:
2012-05-13 14:16:25: Mod/Cre/Acc time:
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: MMCSS
2012-05-13 14:16:25: Real Path: C:\Windows\system32\mmcss.dll
2012-05-13 14:16:25: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-05-13 14:16:25: Description: @%systemroot%\system32\mmcss.dll,-101
2012-05-13 14:16:25: ServiceDLL: system32\mmcss.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: mmcss.dll
2012-05-13 14:16:25: Original File Name: mmcss.dll.mui
2012-05-13 14:16:25: Company:
2012-05-13 14:16:25: Mod/Cre/Acc time:
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: MSiSCSI
2012-05-13 14:16:25: Real Path: C:\Windows\system32\iscsiexe.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-05-13 14:16:25: ServiceDLL: system32\iscsiexe.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: iscsiexe.dll
2012-05-13 14:16:25: Original File Name: iscsiexe.exe.mui
2012-05-13 14:16:25: Company:
2012-05-13 14:16:25: Mod/Cre/Acc time:
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: napagent
2012-05-13 14:16:25: Real Path: C:\Windows\system32\qagentRT.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-05-13 14:16:25: ServiceDLL: system32\qagentRT.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: qagentRT.dll
2012-05-13 14:16:25: Original File Name: QAgentRT.DLL.MUI
2012-05-13 14:16:25: Company:
2012-05-13 14:16:25: Mod/Cre/Acc time:
2012-05-13 14:16:25: ---------------------------------------------------------------------
2012-05-13 14:16:25: Found Service: Netman
2012-05-13 14:16:25: Real Path: C:\Windows\System32\netman.dll
2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-05-13 14:16:25: Description: @%SystemRoot%\system32\netman.dll,-110
2012-05-13 14:16:25: ServiceDLL: System32\netman.dll
2012-05-13 14:16:25: File size: 0
2012-05-13 14:16:25: DLL File name: netman.dll
2012-05-13 14:16:25: Original File Name: netman.dll.mui
2012-05-13 14:16:25: Company:
2012-05-13 14:16:25: Mod/Cre/Acc time:
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: netprofm
2012-05-13 14:16:26: Real Path: C:\Windows\System32\netprofm.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-05-13 14:16:26: ServiceDLL: System32\netprofm.dll
2012-05-13 14:16:26: File size: 360448
2012-05-13 14:16:26: DLL File name: netprofm.dll
2012-05-13 14:16:26: Original File Name: netprofm.dll.mui
2012-05-13 14:16:26: Company:
2012-05-13 14:16:26: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: NlaSvc
2012-05-13 14:16:26: Real Path: C:\Windows\System32\nlasvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-05-13 14:16:26: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-05-13 14:16:26: ServiceDLL: System32\nlasvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: nlasvc.dll
2012-05-13 14:16:26: Original File Name: nlasvc.dll.mui
2012-05-13 14:16:26: Company:
2012-05-13 14:16:26: Mod/Cre/Acc time:
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: nsi
2012-05-13 14:16:26: Real Path: C:\Windows\system32\nsisvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-05-13 14:16:26: ServiceDLL: system32\nsisvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: nsisvc.dll
2012-05-13 14:16:26: Original File Name: nsisvc.dll.mui
2012-05-13 14:16:26: Company:
2012-05-13 14:16:26: Mod/Cre/Acc time:
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: p2pimsvc
2012-05-13 14:16:26: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-05-13 14:16:26: ServiceDLL: system32\pnrpsvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: pnrpsvc.dll
2012-05-13 14:16:26: Original File Name: pnrpsvc.dll.mui
2012-05-13 14:16:26: Company:
2012-05-13 14:16:26: Mod/Cre/Acc time:
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:26: Found Service: p2psvc
2012-05-13 14:16:26: Real Path: C:\Windows\system32\p2psvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-05-13 14:16:26: ServiceDLL: system32\p2psvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: p2psvc.dll
2012-05-13 14:16:26: Original File Name: p2psvc.dll.mui
2012-05-13 14:16:26: Company:
2012-05-13 14:16:26: Mod/Cre/Acc time:
2012-05-13 14:16:26: !!!!!!!
2012-05-13 14:16:26: Found Service: PcaSvc
2012-05-13 14:16:26: Real Path: C:\Windows\System32\pcasvc.dll
2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-05-13 14:16:26: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-05-13 14:16:26: ServiceDLL: System32\pcasvc.dll
2012-05-13 14:16:26: File size: 0
2012-05-13 14:16:26: DLL File name: pcasvc.dll
2012-05-13 14:16:26: Original File Name:
2012-05-13 14:16:26: Company:
2012-05-13 14:16:26: Mod/Cre/Acc time:
2012-05-13 14:16:26: !!!!!!!!!
2012-05-13 14:16:26: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: pla
2012-05-13 14:16:27: Real Path: C:\Windows\system32\pla.dll
2012-05-13 14:16:27: Display Name: @%systemroot%\system32\pla.dll,-500
2012-05-13 14:16:27: Description: @%systemroot%\system32\pla.dll,-501
2012-05-13 14:16:27: ServiceDLL: system32\pla.dll
2012-05-13 14:16:27: File size: 1508864
2012-05-13 14:16:27: DLL File name: pla.dll
2012-05-13 14:16:27: Original File Name: PLA.DLL.MUI
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PlugPlay
2012-05-13 14:16:27: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-05-13 14:16:27: ServiceDLL: system32\umpnpmgr.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: umpnpmgr.dll
2012-05-13 14:16:27: Original File Name: Umpnpmgr.DLL.MUI
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PNRPAutoReg
2012-05-13 14:16:27: Real Path: C:\Windows\system32\pnrpauto.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-05-13 14:16:27: ServiceDLL: system32\pnrpauto.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: pnrpauto.dll
2012-05-13 14:16:27: Original File Name: pnrpauto.dll.mui
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PNRPsvc
2012-05-13 14:16:27: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-05-13 14:16:27: ServiceDLL: system32\pnrpsvc.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: pnrpsvc.dll
2012-05-13 14:16:27: Original File Name: pnrpsvc.dll.mui
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: PolicyAgent
2012-05-13 14:16:27: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-05-13 14:16:27: ServiceDLL: System32\ipsecsvc.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: ipsecsvc.dll
2012-05-13 14:16:27: Original File Name: ipsecsvc.dll.mui
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: Power
2012-05-13 14:16:27: Real Path: C:\Windows\system32\umpo.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-05-13 14:16:27: ServiceDLL: system32\umpo.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: umpo.dll
2012-05-13 14:16:27: Original File Name: Umpo.DLL.MUI
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: ProfSvc
2012-05-13 14:16:27: Real Path: C:\Windows\system32\profsvc.dll
2012-05-13 14:16:27: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-05-13 14:16:27: Description: @%systemroot%\system32\profsvc.dll,-301
2012-05-13 14:16:27: ServiceDLL: system32\profsvc.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: profsvc.dll
2012-05-13 14:16:27: Original File Name: ProfSvc.dll.mui
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: QWAVE
2012-05-13 14:16:27: Real Path: C:\Windows\system32\qwave.dll
2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-05-13 14:16:27: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-05-13 14:16:27: ServiceDLL: system32\qwave.dll
2012-05-13 14:16:27: File size: 210944
2012-05-13 14:16:27: DLL File name: qwave.dll
2012-05-13 14:16:27: Original File Name: qwave.dll.mui
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
2012-05-13 14:16:27: ---------------------------------------------------------------------
2012-05-13 14:16:27: Found Service: RasAuto
2012-05-13 14:16:27: Real Path: C:\Windows\System32\rasauto.dll
2012-05-13 14:16:27: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-05-13 14:16:27: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-05-13 14:16:27: ServiceDLL: System32\rasauto.dll
2012-05-13 14:16:27: File size: 0
2012-05-13 14:16:27: DLL File name: rasauto.dll
2012-05-13 14:16:27: Original File Name: rasauto.dll.mui
2012-05-13 14:16:27: Company:
2012-05-13 14:16:27: Mod/Cre/Acc time:
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RasMan
2012-05-13 14:16:28: Real Path: C:\Windows\System32\rasmans.dll
2012-05-13 14:16:28: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-05-13 14:16:28: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-05-13 14:16:28: ServiceDLL: System32\rasmans.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: rasmans.dll
2012-05-13 14:16:28: Original File Name: Rasmans.dll.mui
2012-05-13 14:16:28: Company:
2012-05-13 14:16:28: Mod/Cre/Acc time:
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RemoteAccess
2012-05-13 14:16:28: Real Path: C:\Windows\System32\mprdim.dll
2012-05-13 14:16:28: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-05-13 14:16:28: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-05-13 14:16:28: ServiceDLL: System32\mprdim.dll
2012-05-13 14:16:28: File size: 75264
2012-05-13 14:16:28: DLL File name: mprdim.dll
2012-05-13 14:16:28: Original File Name: MPRDIM.DLL.MUI
2012-05-13 14:16:28: Company:
2012-05-13 14:16:28: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RemoteRegistry
2012-05-13 14:16:28: Real Path: C:\Windows\system32\regsvc.dll
2012-05-13 14:16:28: Display Name: @regsvc.dll,-1
2012-05-13 14:16:28: Description: @regsvc.dll,-2
2012-05-13 14:16:28: ServiceDLL: system32\regsvc.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: regsvc.dll
2012-05-13 14:16:28: Original File Name: REGSVC.DLL.MUI
2012-05-13 14:16:28: Company:
2012-05-13 14:16:28: Mod/Cre/Acc time:
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RpcEptMapper
2012-05-13 14:16:28: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-05-13 14:16:28: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-05-13 14:16:28: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-05-13 14:16:28: ServiceDLL: System32\RpcEpMap.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: RpcEpMap.dll
2012-05-13 14:16:28: Original File Name: RpcEpMap.dll.mui
2012-05-13 14:16:28: Company:
2012-05-13 14:16:28: Mod/Cre/Acc time:
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: RpcSs
2012-05-13 14:16:28: Real Path: C:\Windows\system32\rpcss.dll
2012-05-13 14:16:28: Display Name: @oleres.dll,-5010
2012-05-13 14:16:28: Description: @oleres.dll,-5011
2012-05-13 14:16:28: ServiceDLL: system32\rpcss.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: rpcss.dll
2012-05-13 14:16:28: Original File Name: rpcss.dll
2012-05-13 14:16:28: Company:
2012-05-13 14:16:28: Mod/Cre/Acc time:
2012-05-13 14:16:28: ---------------------------------------------------------------------
2012-05-13 14:16:28: Found Service: SCardSvr
2012-05-13 14:16:28: Real Path: C:\Windows\System32\SCardSvr.dll
2012-05-13 14:16:28: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-05-13 14:16:28: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-05-13 14:16:28: ServiceDLL: System32\SCardSvr.dll
2012-05-13 14:16:28: File size: 0
2012-05-13 14:16:28: DLL File name: SCardSvr.dll
2012-05-13 14:16:28: Original File Name: SCardSvr.exe.mui
2012-05-13 14:16:28: Company:
2012-05-13 14:16:28: Mod/Cre/Acc time:
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: Schedule
2012-05-13 14:16:29: Real Path: C:\Windows\system32\schedsvc.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-05-13 14:16:29: ServiceDLL: system32\schedsvc.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: schedsvc.dll
2012-05-13 14:16:29: Original File Name: schedsvc.dll.mui
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time:
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SCPolicySvc
2012-05-13 14:16:29: Real Path: C:\Windows\System32\certprop.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-05-13 14:16:29: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-05-13 14:16:29: ServiceDLL: System32\certprop.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: certprop.dll
2012-05-13 14:16:29: Original File Name: certprop.dll.mui
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time:
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SDRSVC
2012-05-13 14:16:29: Real Path: C:\Windows\System32\SDRSVC.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-05-13 14:16:29: ServiceDLL: System32\SDRSVC.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: SDRSVC.dll
2012-05-13 14:16:29: Original File Name: SDRSVC.DLL.MUI
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time:
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: seclogon
2012-05-13 14:16:29: Real Path: C:\Windows\system32\seclogon.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-05-13 14:16:29: ServiceDLL: system32\seclogon.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: seclogon.dll
2012-05-13 14:16:29: Original File Name: SECLOGON.EXE.MUI
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time:
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SENS
2012-05-13 14:16:29: Real Path: C:\Windows\System32\sens.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-05-13 14:16:29: ServiceDLL: System32\sens.dll
2012-05-13 14:16:29: File size: 49664
2012-05-13 14:16:29: DLL File name: sens.dll
2012-05-13 14:16:29: Original File Name: sens.dll.mui
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SensrSvc
2012-05-13 14:16:29: Real Path: C:\Windows\system32\sensrsvc.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-05-13 14:16:29: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-05-13 14:16:29: ServiceDLL: system32\sensrsvc.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: sensrsvc.dll
2012-05-13 14:16:29: Original File Name: sensrsvc.dll.mui
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time:
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SessionEnv
2012-05-13 14:16:29: Real Path: C:\Windows\system32\sessenv.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-05-13 14:16:29: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-05-13 14:16:29: ServiceDLL: system32\sessenv.dll
2012-05-13 14:16:29: File size: 99328
2012-05-13 14:16:29: DLL File name: sessenv.dll
2012-05-13 14:16:29: Original File Name: SessEnv.DLL.MUI
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228
2012-05-13 14:16:29: ---------------------------------------------------------------------
2012-05-13 14:16:29: Found Service: SharedAccess
2012-05-13 14:16:29: Real Path: C:\Windows\System32\ipnathlp.dll
2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-05-13 14:16:29: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-05-13 14:16:29: ServiceDLL: System32\ipnathlp.dll
2012-05-13 14:16:29: File size: 0
2012-05-13 14:16:29: DLL File name: ipnathlp.dll
2012-05-13 14:16:29: Original File Name: IPNATHLP.DLL.MUI
2012-05-13 14:16:29: Company:
2012-05-13 14:16:29: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: ShellHWDetection
2012-05-13 14:16:30: Real Path: C:\Windows\System32\shsvcs.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-05-13 14:16:30: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-05-13 14:16:30: ServiceDLL: System32\shsvcs.dll
2012-05-13 14:16:30: File size: 328192
2012-05-13 14:16:30: DLL File name: shsvcs.dll
2012-05-13 14:16:30: Original File Name: SHSVCS.DLL.MUI
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: sppuinotify
2012-05-13 14:16:30: Real Path: C:\Windows\system32\sppuinotify.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-05-13 14:16:30: ServiceDLL: system32\sppuinotify.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: sppuinotify.dll
2012-05-13 14:16:30: Original File Name: sppuinotify.dll.mui
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: SSDPSRV
2012-05-13 14:16:30: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-05-13 14:16:30: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-05-13 14:16:30: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-05-13 14:16:30: ServiceDLL: System32\ssdpsrv.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: ssdpsrv.dll
2012-05-13 14:16:30: Original File Name: ssdpsrv.dll.mui
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: SstpSvc
2012-05-13 14:16:30: Real Path: C:\Windows\system32\sstpsvc.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-05-13 14:16:30: ServiceDLL: system32\sstpsvc.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: sstpsvc.dll
2012-05-13 14:16:30: Original File Name: sstpsvc.dll.mui
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: stisvc
2012-05-13 14:16:30: Real Path: C:\Windows\System32\wiaservc.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-05-13 14:16:30: ServiceDLL: System32\wiaservc.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: wiaservc.dll
2012-05-13 14:16:30: Original File Name: WIASERVC.DLL.MUI
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: swprv
2012-05-13 14:16:30: Real Path: C:\Windows\System32\swprv.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-05-13 14:16:30: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-05-13 14:16:30: ServiceDLL: System32\swprv.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: swprv.dll
2012-05-13 14:16:30: Original File Name: SWPRV.DLL.MUI
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: SysMain
2012-05-13 14:16:30: Real Path: C:\Windows\system32\sysmain.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-05-13 14:16:30: ServiceDLL: system32\sysmain.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: sysmain.dll
2012-05-13 14:16:30: Original File Name: sysmain.dll.mui
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:30: ---------------------------------------------------------------------
2012-05-13 14:16:30: Found Service: TabletInputService
2012-05-13 14:16:30: Real Path: C:\Windows\System32\TabSvc.dll
2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-05-13 14:16:30: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-05-13 14:16:30: ServiceDLL: System32\TabSvc.dll
2012-05-13 14:16:30: File size: 0
2012-05-13 14:16:30: DLL File name: TabSvc.dll
2012-05-13 14:16:30: Original File Name: TabSvc.dll.mui
2012-05-13 14:16:30: Company:
2012-05-13 14:16:30: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TapiSrv
2012-05-13 14:16:31: Real Path: C:\Windows\System32\tapisrv.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-05-13 14:16:31: ServiceDLL: System32\tapisrv.dll
2012-05-13 14:16:31: File size: 241664
2012-05-13 14:16:31: DLL File name: tapisrv.dll
2012-05-13 14:16:31: Original File Name: TAPISRV.EXE.MUI
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TBS
2012-05-13 14:16:31: Real Path: C:\Windows\System32\tbssvc.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-05-13 14:16:31: ServiceDLL: System32\tbssvc.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: tbssvc.dll
2012-05-13 14:16:31: Original File Name: TBSSVC.DLL.MUI
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TermService
2012-05-13 14:16:31: Real Path: C:\Windows\System32\termsrv.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-05-13 14:16:31: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-05-13 14:16:31: ServiceDLL: System32\termsrv.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: termsrv.dll
2012-05-13 14:16:31: Original File Name: termsrv.dll.mui
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: Themes
2012-05-13 14:16:31: Real Path: C:\Windows\system32\themeservice.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-05-13 14:16:31: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-05-13 14:16:31: ServiceDLL: system32\themeservice.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: themeservice.dll
2012-05-13 14:16:31: Original File Name: THEMESERVICE.DLL.MUI
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: THREADORDER
2012-05-13 14:16:31: Real Path: C:\Windows\system32\mmcss.dll
2012-05-13 14:16:31: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-05-13 14:16:31: Description: @%systemroot%\system32\mmcss.dll,-103
2012-05-13 14:16:31: ServiceDLL: system32\mmcss.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: mmcss.dll
2012-05-13 14:16:31: Original File Name: mmcss.dll.mui
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: TrkWks
2012-05-13 14:16:31: Real Path: C:\Windows\System32\trkwks.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-05-13 14:16:31: ServiceDLL: System32\trkwks.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: trkwks.dll
2012-05-13 14:16:31: Original File Name: trkwks.dll.mui
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: !!!!!!!
2012-05-13 14:16:31: Found Service: upnphost
2012-05-13 14:16:31: Real Path: C:\Windows\System32\upnphost.dll
2012-05-13 14:16:31: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-05-13 14:16:31: Description: @%systemroot%\system32\upnphost.dll,-214
2012-05-13 14:16:31: ServiceDLL: System32\upnphost.dll
2012-05-13 14:16:31: File size: 266752
2012-05-13 14:16:31: DLL File name: upnphost.dll
2012-05-13 14:16:31: Original File Name: unpnhost.dll.mui
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
2012-05-13 14:16:31: !!!!!!!!!
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: UxSms
2012-05-13 14:16:31: Real Path: C:\Windows\System32\uxsms.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-05-13 14:16:31: ServiceDLL: System32\uxsms.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: uxsms.dll
2012-05-13 14:16:31: Original File Name: UxSms.dll
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: W32Time
2012-05-13 14:16:31: Real Path: C:\Windows\system32\w32time.dll
2012-05-13 14:16:31: Display Name: Windows Time
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-05-13 14:16:31: ServiceDLL: system32\w32time.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: w32time.dll
2012-05-13 14:16:31: Original File Name: w32time.dll.mui
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: WbioSrvc
2012-05-13 14:16:31: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-05-13 14:16:31: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-05-13 14:16:31: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-05-13 14:16:31: ServiceDLL: System32\wbiosrvc.dll
2012-05-13 14:16:31: File size: 0
2012-05-13 14:16:31: DLL File name: wbiosrvc.dll
2012-05-13 14:16:31: Original File Name: wbiosrvc.dll.mui
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time:
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: wcncsvc
2012-05-13 14:16:31: Real Path: C:\Windows\System32\wcncsvc.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-05-13 14:16:31: ServiceDLL: System32\wcncsvc.dll
2012-05-13 14:16:31: File size: 276992
2012-05-13 14:16:31: DLL File name: wcncsvc.dll
2012-05-13 14:16:31: Original File Name: WCNCSVC.DLL.MUI
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time: 20100914020714 20120512003018 20120512003018
2012-05-13 14:16:31: ---------------------------------------------------------------------
2012-05-13 14:16:31: Found Service: WcsPlugInService
2012-05-13 14:16:31: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-05-13 14:16:31: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-05-13 14:16:31: ServiceDLL: System32\WcsPlugInService.dll
2012-05-13 14:16:31: File size: 32768
2012-05-13 14:16:31: DLL File name: WcsPlugInService.dll
2012-05-13 14:16:31: Original File Name: WcsPlugInService.DLL.MUI
2012-05-13 14:16:31: Company:
2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
2012-05-13 14:16:32: ---------------------------------------------------------------------
2012-05-13 14:16:32: Found Service: WdiServiceHost
2012-05-13 14:16:32: Real Path: C:\Windows\system32\wdi.dll
2012-05-13 14:16:32: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-05-13 14:16:32: Description: @%systemroot%\system32\wdi.dll,-503
2012-05-13 14:16:32: ServiceDLL: system32\wdi.dll
2012-05-13 14:16:32: File size: 76288
2012-05-13 14:16:32: DLL File name: wdi.dll
2012-05-13 14:16:32: Original File Name: wdi.dll.mui
2012-05-13 14:16:32: Company:
2012-05-13 14:16:32: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-13 14:16:32: ---------------------------------------------------------------------
2012-05-13 14:16:32: Found Service: WdiSystemHost
2012-05-13 14:16:32: Real Path: C:\Windows\system32\wdi.dll
2012-05-13 14:16:32: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-05-13 14:16:32: Description: @%systemroot%\system32\wdi.dll,-501
2012-05-13 14:16:32: ServiceDLL: system32\wdi.dll
2012-05-13 14:16:32: File size: 76288
2012-05-13 14:16:32: DLL File name: wdi.dll
2012-05-13 14:16:32: Original File Name: wdi.dll.mui
2012-05-13 14:16:32: Company:
2012-05-13 14:16:32: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
2012-05-13 14:16:32: !!!!!!!
2012-05-13 14:16:32: Found Service: WebClient
2012-05-13 14:16:32: Real Path: C:\Windows\System32\webclnt.dll
2012-05-13 14:16:32: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-05-13 14:16:32: Description: @%systemroot%\system32\webclnt.dll,-101
2012-05-13 14:16:32: ServiceDLL: System32\webclnt.dll
2012-05-13 14:16:32: File size: 204800
2012-05-13 14:16:32: DLL File name: webclnt.dll
2012-05-13 14:16:32: Original File Name: davsvc.dll.mui
2012-05-13 14:16:32: Company:
2012-05-13 14:16:32: Mod/Cre/Acc time: 20101221013821 20120512000202 20120512000202
2012-05-13 14:16:32: !!!!!!!!!
2012-05-13 14:16:32: ---------------------------------------------------------------------
2012-05-13 14:16:32: Found Service: Wecsvc
2012-05-13 14:16:32: Real Path: C:\Windows\system32\wecsvc.dll
2012-05-13 14:16:32: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-05-13 14:16:32: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-05-13 14:16:32: ServiceDLL: system32\wecsvc.dll
2012-05-13 14:16:32: File size: 0
2012-05-13 14:16:32: DLL File name: wecsvc.dll
2012-05-13 14:16:32: Original File Name: wecsvc.dll.mui
2012-05-13 14:16:32: Company:
2012-05-13 14:16:32: Mod/Cre/Acc time:
2012-05-13 14:16:33: !!!!!!!
2012-05-13 14:16:33: Found Service: wercplsupport
2012-05-13 14:16:33: Real Path: C:\Windows\System32\wercplsupport.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-05-13 14:16:33: ServiceDLL: System32\wercplsupport.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: wercplsupport.dll
2012-05-13 14:16:33: Original File Name: ERC
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time:
2012-05-13 14:16:33: !!!!!!!!!
2012-05-13 14:16:33: !!!!!!!
2012-05-13 14:16:33: Found Service: WerSvc
2012-05-13 14:16:33: Real Path: C:\Windows\System32\WerSvc.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-05-13 14:16:33: ServiceDLL: System32\WerSvc.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: WerSvc.dll
2012-05-13 14:16:33: Original File Name: wersvc
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time:
2012-05-13 14:16:33: !!!!!!!!!
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: Winmgmt
2012-05-13 14:16:33: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-05-13 14:16:33: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-05-13 14:16:33: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-05-13 14:16:33: ServiceDLL: system32\wbem\WMIsvc.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: WMIsvc.dll
2012-05-13 14:16:33: Original File Name: wmisvc.dll.mui
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time:
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: WinRM
2012-05-13 14:16:33: Real Path: C:\Windows\system32\WsmSvc.dll
2012-05-13 14:16:33: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-05-13 14:16:33: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-05-13 14:16:33: ServiceDLL: system32\WsmSvc.dll
2012-05-13 14:16:33: File size: 1175040
2012-05-13 14:16:33: DLL File name: WsmSvc.dll
2012-05-13 14:16:33: Original File Name: WsmSvc.dll.mui
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: Wlansvc
2012-05-13 14:16:33: Real Path: C:\Windows\System32\wlansvc.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-05-13 14:16:33: ServiceDLL: System32\wlansvc.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: wlansvc.dll
2012-05-13 14:16:33: Original File Name: wlansvc.dll.mui
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time:
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: WPCSvc
2012-05-13 14:16:33: Real Path: C:\Windows\System32\wpcsvc.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-05-13 14:16:33: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-05-13 14:16:33: ServiceDLL: System32\wpcsvc.dll
2012-05-13 14:16:33: File size: 10752
2012-05-13 14:16:33: DLL File name: wpcsvc.dll
2012-05-13 14:16:33: Original File Name: wpcsvc.exe.mui
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
2012-05-13 14:16:33: ---------------------------------------------------------------------
2012-05-13 14:16:33: Found Service: WPDBusEnum
2012-05-13 14:16:33: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-05-13 14:16:33: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-05-13 14:16:33: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-05-13 14:16:33: ServiceDLL: system32\wpdbusenum.dll
2012-05-13 14:16:33: File size: 0
2012-05-13 14:16:33: DLL File name: wpdbusenum.dll
2012-05-13 14:16:33: Original File Name: WpdBusEnum.DLL.MUI
2012-05-13 14:16:33: Company:
2012-05-13 14:16:33: Mod/Cre/Acc time:
2012-05-13 14:16:34: ---------------------------------------------------------------------
2012-05-13 14:16:34: Found Service: wuauserv
2012-05-13 14:16:34: Real Path: C:\Windows\system32\wuaueng.dll
2012-05-13 14:16:34: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-05-13 14:16:34: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-05-13 14:16:34: ServiceDLL: system32\wuaueng.dll
2012-05-13 14:16:34: File size: 0
2012-05-13 14:16:34: DLL File name: wuaueng.dll
2012-05-13 14:16:34: Original File Name: wuaueng.dll.mui
2012-05-13 14:16:34: Company:
2012-05-13 14:16:34: Mod/Cre/Acc time:
2012-05-13 14:16:34: ---------------------------------------------------------------------
2012-05-13 14:16:34: Found Service: wudfsvc
2012-05-13 14:16:34: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-05-13 14:16:34: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-05-13 14:16:34: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-05-13 14:16:34: ServiceDLL: System32\WUDFSvc.dll
2012-05-13 14:16:34: File size: 0
2012-05-13 14:16:34: DLL File name: WUDFSvc.dll
2012-05-13 14:16:34: Original File Name: WUDFSvc.dll.mui
2012-05-13 14:16:34: Company:
2012-05-13 14:16:34: Mod/Cre/Acc time:
2012-05-13 14:16:34: ---------------------------------------------------------------------
2012-05-13 14:16:34: Found Service: WwanSvc
2012-05-13 14:16:34: Real Path: C:\Windows\System32\wwansvc.dll
2012-05-13 14:16:34: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-05-13 14:16:34: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-05-13 14:16:34: ServiceDLL: System32\wwansvc.dll
2012-05-13 14:16:34: File size: 0
2012-05-13 14:16:34: DLL File name: wwansvc.dll
2012-05-13 14:16:34: Original File Name: WwanSvc.dll.mui
2012-05-13 14:16:34: Company:
2012-05-13 14:16:34: Mod/Cre/Acc time:
2012-05-13 14:16:34:
2012-05-13 14:16:34: Looking for SHELL key
2012-05-13 14:16:34: Now looking for bad DLL files in system32
2012-05-13 14:17:53: Folder: GAC
2012-05-13 14:17:53: Folder: GAC_32
2012-05-13 14:17:53: Folder: GAC_64
2012-05-13 14:17:53: Folder: GAC_MSIL
2012-05-13 14:17:53: Folder: NativeImages_v2.0.50727_32
2012-05-13 14:17:53: Folder: NativeImages_v2.0.50727_64
2012-05-13 14:17:54: Folder: temp
2012-05-13 14:17:54: Folder: tmp
2012-05-13 14:17:54: Checking for bad folder
2012-05-13 14:17:54: Found 1 folders.
2012-05-13 14:17:54: Checking C:\Windows\assembly\tmp
2012-05-13 14:17:54: ... Folder test returns: 1
2012-05-13 14:17:54: Done with folder list in C:\Windows\assembly\ tmp
2012-05-13 14:17:54: Autonomous mode, clearing out yt folder
2012-05-13 14:17:54: cmd.exe /c start "C:\Users\brandon\Desktop\yorkyt.exe"
2012-05-13 14:18:05: Restarting...
2012-05-13 14:19:55: ****************************************************
2012-05-13 14:19:55: Starting UP ... v 0.0.0.220
2012-05-13 14:19:55: ****************************************************
2012-05-13 14:19:58: Stop TPSRV returns: 2
2012-05-13 14:20:14: Listing processes...
2012-05-13 14:20:14: :[System Process]:0
2012-05-13 14:20:14: :System:4
2012-05-13 14:20:14: :smss.exe:268
2012-05-13 14:20:14: :csrss.exe:400
2012-05-13 14:20:14: :wininit.exe:460
2012-05-13 14:20:14: :csrss.exe:472
2012-05-13 14:20:14: :services.exe:520
2012-05-13 14:20:14: :lsass.exe:532
2012-05-13 14:20:14: :lsm.exe:540
2012-05-13 14:20:14: :winlogon.exe:568
2012-05-13 14:20:14: :svchost.exe:688
2012-05-13 14:20:14: :svchost.exe:756
2012-05-13 14:20:14: :atiesrxx.exe:808
2012-05-13 14:20:14: :svchost.exe:900
2012-05-13 14:20:14: :svchost.exe:940
2012-05-13 14:20:14: :svchost.exe:968
2012-05-13 14:20:14: :audiodg.exe:332
2012-05-13 14:20:14: :svchost.exe:632
2012-05-13 14:20:14: :atieclxx.exe:1040
2012-05-13 14:20:14: :svchost.exe:1144
2012-05-13 14:20:14: :wlanext.exe:1252
2012-05-13 14:20:14: :conhost.exe:1260
2012-05-13 14:20:14: :spoolsv.exe:1360
2012-05-13 14:20:14: :svchost.exe:1392
2012-05-13 14:20:14: :svchost.exe:1500
2012-05-13 14:20:14: :AERTSr64.exe:1528
2012-05-13 14:20:14: :CinemaNowSvc.exe:1548
2012-05-13 14:20:14: :PresentationFontCache.exe:1612
2012-05-13 14:20:14: :HPDrvMntSvc.exe:1712
2012-05-13 14:20:14: :HPWMISVC.exe:1744
2012-05-13 14:20:14: :ccsvchst.exe:1828
2012-05-13 14:20:14: :svchost.exe:1932
2012-05-13 14:20:14: :SeaPort.exe:1964
2012-05-13 14:20:14: :svchost.exe:2024
2012-05-13 14:20:14: :WLIDSVC.EXE:1124
2012-05-13 14:20:14: :taskhost.exe:2052
2012-05-13 14:20:14: :SearchIndexer.exe:2332
2012-05-13 14:20:14: :WmiPrvSE.exe:2420
2012-05-13 14:20:14: :dwm.exe:2448
2012-05-13 14:20:14: :explorer.exe:2472
2012-05-13 14:20:14: :WLIDSVCM.EXE:2492
2012-05-13 14:20:14: :ccsvchst.exe:2736
2012-05-13 14:20:14: :yorkyt.exe:2608
2012-05-13 14:20:14: :SynTPEnh.exe:2540
2012-05-13 14:20:14: :rundll32.exe:3120
2012-05-13 14:20:14: :SearchProtocolHost.exe:3184
2012-05-13 14:20:15: :SearchFilterHost.exe:3208
2012-05-13 14:20:15: :SynTPHelper.exe:3296
2012-05-13 14:20:15: :wmpnetwk.exe:3592
2012-05-13 14:20:15: :svchost.exe:3636
2012-05-13 14:20:15: :WmiPrvSE.exe:3872
2012-05-13 14:20:15:
2012-05-13 14:20:15: Starting cleanup mode...
2012-05-13 14:21:14: ... Done with files, now folders
2012-05-13 14:21:51: All DONE




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
brandon :: BRANDON-HP [administrator]
5/13/2012 2:54:25 PM
mbam-log-2012-05-13 (14-54-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198142
Time elapsed: 4 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^Z^ -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)



Assuming that your expertise has healed (or is in the process of healing) this infected computer, would you recommend running the same logs for other laptops that connect to our secure router? If so, would you be willing to work with me? You are a SUPER TEACHER/TECH

Look forward to 'seeing' you again, Cindy
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-May-2012, 03:16 PM #7
Re-run DDS and post fresh DDS.txt, no need for Attach.txt this time...
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
13-May-2012, 03:39 PM #8
Wowsers! Thanks for that Lightening-fast reply, Kevin!

Here's the (good?) news -


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by brandon at 15:22:39 on 2012-05-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.863 [GMT -4:00]
.
AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [<NO NAME>]
StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup \MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [(Default)]
IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-9 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-5-11 130008]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-13 18:52:37 -------- d-----w- C:\Users\brandon\AppData\Roaming\Malwarebytes
2012-05-13 18:52:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-13 18:52:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-13 18:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
2012-05-12 04:30:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-05-12 04:30:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-05-12 04:17:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-05-12 04:17:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-05-12 04:17:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-05-12 04:17:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-05-12 04:17:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-05-12 04:17:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-05-12 04:17:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-05-12 04:17:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-05-12 04:17:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-05-12 04:17:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-05-12 04:01:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-05-12 03:59:59 2326016 ----a-w- C:\Windows\System32\tquery.dll
2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-05-12 03:45:18 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-12 03:44:54 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-12 03:40:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-05-12 03:40:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-05-12 03:40:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-12 03:40:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-12 03:40:19 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-12 03:35:11 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-05-12 03:33:19 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-12 03:33:18 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-05-12 03:29:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2012-05-12 03:29:54 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-05-12 03:18:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-12 03:18:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-12 03:18:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-12 03:15:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-05-12 03:15:56 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-05-12 03:15:54 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-05-12 03:15:54 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-05-12 03:14:20 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-05-12 03:14:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-05-12 03:14:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-05-12 03:14:08 112000 ----a-w- C:\Windows\System32\consent.exe
2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-05-12 03:12:25 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-05-12 03:11:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-05-12 03:11:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-05-12 03:11:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-05-12 03:11:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-05-12 03:11:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-05-12 03:11:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-05-12 03:11:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-05-12 03:11:21 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-05-12 03:02:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 03:02:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-05-12 03:02:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-05-12 02:58:07 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-12 02:58:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-12 02:58:04 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-05-12 02:58:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-12 02:55:19 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-12 02:55:19 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
2012-04-13 23:47:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-05-10 00:54:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-15 01:29:56 12942400 ----a-w- C:\Users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:24:32.77 ===============
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-May-2012, 03:49 PM #9
Continue as follows:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
13-May-2012, 04:41 PM #10
Kevin
quick question -

(hope I didn't mess this up but) It's been over twenty minutes since I started the ComboFix scan - and having bumped the computer (NO CLICKS, but the mouse passed over the icon/window that is running ComboFix) AND I am getting occassional notices from Norton stating that 'High CPU usage by: pev.3xe' (even tho I disabled Norton anti-virus for five hours);

I'm wondering if I need to stop and re-start? It has been on Stage 3 for at least 20 mins. If so, please tell me how to safely stop and re-start.

Sorry
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-May-2012, 05:22 PM #11
If Combofix has frozen it could be malware or your security that is interfering. leave another 15 mins, if still frozen do this:

Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):

PEV.exe
NirCmd.3XE
PEV.3XE
SED
GREP
any file that has the extension *.3XE


One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.

Let me know what happens...
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
13-May-2012, 05:34 PM #12
I waited till it had run an hour and then clicked the red X to shut it down

Then I made sure Norton was totally disabled and

Finally, I re-launched and it is on Stage 3 again.

Hey,,,,just moved on to Stage 4.....this could be good news.

I'll post asap
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-May-2012, 05:51 PM #13
Do not use your PC as Combofix runs or you will cause it to freeze.....
cinderblock's Avatar
Computer Specs
Member with 88 posts.
THREAD STARTER
  
Join Date: May 2012
Experience: Beginner
13-May-2012, 05:58 PM #14
I've been sending replies from another computer.

Does the infected computer need an internet connection?

I have noticed, in both cases, I do not get the "ComboFix has changed your time settings"

In all cases, it has made it to Stage 4 fairly quickly and then hangs up.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
13-May-2012, 06:13 PM #15
There is no requirement for an internet connection, obviously you will have to transfer tools/logs between the infected no internet PC and a PC with a connection.

Does the sick PC have no internet?
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 4 1 234
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 10:10 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑