1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

globalroot\systemroot\assembly\temp\U.....

Discussion in 'Virus & Other Malware Removal' started by cinderblock, May 9, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Greetings All,

    First apologies: The computer with the issues is not commected to the net, and therefore I was unable to download the TSG SysInfo tool. Also, Please forgive if this is posted in the incorrect forum, but as I located the post below:

    http://forums.techguy.org/virus-other-malware-removal/1021842-norton-system-infected-tidserv-activity.html

    (dated: October 12, 2011) in this forum, AND have the following in common with the post:

    ……when I try to open webpages sometimes, a warning window pops up titled
    "Mswinext.exe - Bad image" and it says the following:

    \\.\globalroot\systemroot\assembly\tmp\U\80000032.@ is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact yoursystem administrator or the software vendor for support.

    I thought this might be the correct place J


    I also *thought* Norton was the cause of the problem (as the Warning Window was first noticed when attempting to install Norton from my service provider – Comcast – more about that in paragraph to follow), at which point “Norton_Download_Manager.exe – Bad Image” was contained in the Warning Window header, but as cited above, other programs have appeared in the header as well. For the record, I *believe* the Window Warning header always contains an.”exe” extention, but am not certain.

    These issues are occuring on a Compaq notebook, with the “Windows 7 Home Premium”, 64-bit Operating System. Yesterday, I ran a computer scan (via F10 and/or F11…BIOS?) and was declared healthy – but all errors above still remain.

    Here’s the more about Comcast part - in their infinite wisdom, they made it next to impossible to download Norton360 alone. They ‘highly recommend’ installation of Norton along with the “Constant Guard” product. In one of my futile attempts to return the computer to a healthy state, I downloaded Revo Uninstaller and attempted to eradicate both Constant Guard and Norton, and re-install only Norton. Having done so, many Norton folders that contained “Viruses found” listings are no available at present, but I do remember Trojan (Gen_2, maybe?) being one of the latest four placed in quarantine.

    I’m obviously not the most computer savvy type – but I hope someone will choose to reach out and guide me.

    Thanks and blessings to you in advance.

    Cindy
     
  2. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Hi!

    I've been working with Norton tech's and things *seem* pretty good - BUT, from what I've read here about the ZeroAccess virus, I'm scared that other computers on our secure net might be infected :(

    Quick Norton rundown (again, I'm not very computer savvy...sorry) - things that I noticed while watching the Norton tech work remotely (which, btw; I'm not real comfortable about).
    • He said it was ZeroAccess and downloaded a ZeroAccess Fix Tool 1.0.1
    • He noticed "Base Filtering Engine" was missing...and restored it with a boat-load of hexidecimal 'stuff' that he first placed into notepad
    • I *think* it was during Norton scans that I noticed a couple of Trojan.Gen.2 issues and also a Backdoor Trojan (I never saw anything that "said" ZeroAccess
    • Once the Norton tech got Norton working - and I did the first scan - the results mentioned a "proxyhostmirrordisplay' found and deleting of c:\windows\system32\Rlouniv.dll
    • Also mentioned load point keys being repaired
    Again, I'm sorry - not too technical, I know.
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Hello Cindy and welcome to TSG,

    Without logs we have no way of finding out what is wrong with your system. You mention working with a Norton Tech, did the tech come to your house? or was this done online? there is also a reference to the tech downloading specific tools, how was that done if you have no internet connection.

    I need to see the following logs before we can progress:

    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.
    • When done, DDS will open two (2) logs
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE

    If this system has no connection you can d/l on a different PC and transfer to the infected one, then save the logs copy to USB stick, CD etc and transfer back and upload that way.

    Kevin
     
  4. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Hi Kevin!

    Logs follow....answers to your questions at the bottom (n)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by brandon at 22:13:48 on 2012-05-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.547 [GMT -4:00]
    .
    AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\taskhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [<NO NAME>]
    StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
    TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [(Default)]
    IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
    R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
    2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
    2012-05-12 04:30:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-05-12 04:30:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-05-12 04:17:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-05-12 04:17:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-05-12 04:17:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-05-12 04:17:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-05-12 04:17:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-05-12 04:17:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-05-12 04:17:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-05-12 04:17:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-05-12 04:17:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-05-12 04:17:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-05-12 04:01:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2012-05-12 03:59:59 2326016 ----a-w- C:\Windows\System32\tquery.dll
    2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2012-05-12 03:45:18 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-05-12 03:44:54 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2012-05-12 03:40:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2012-05-12 03:40:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2012-05-12 03:40:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-05-12 03:40:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-05-12 03:40:19 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-05-12 03:35:11 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2012-05-12 03:33:19 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2012-05-12 03:33:18 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
    2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
    2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
    2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
    2012-05-12 03:29:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-05-12 03:29:54 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-05-12 03:18:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-05-12 03:18:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-05-12 03:18:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-05-12 03:15:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2012-05-12 03:15:56 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2012-05-12 03:15:54 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2012-05-12 03:15:54 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2012-05-12 03:14:20 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-05-12 03:14:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-05-12 03:14:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-05-12 03:14:08 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-05-12 03:12:25 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-05-12 03:11:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2012-05-12 03:11:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2012-05-12 03:11:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-05-12 03:11:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-05-12 03:11:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-05-12 03:11:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-05-12 03:11:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-05-12 03:11:21 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-05-12 03:02:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-12 03:02:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-05-12 03:02:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-05-12 02:58:07 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-05-12 02:58:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-05-12 02:58:04 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2012-05-12 02:58:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-05-12 02:55:19 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-05-12 02:55:19 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
    2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
    2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
    2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
    2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
    2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
    2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
    2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
    2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
    2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
    2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
    2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
    2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
    2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
    2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
    2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
    2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
    2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
    2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
    2012-04-13 23:47:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2012-05-10 00:54:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
    2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
    2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
    2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
    2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
    2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
    2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
    2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
    2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-15 01:29:56 12942400 ----a-w- C:\Users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
    2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
    2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 22:17:02.98 ===============.
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/18/2011 2:10:26 AM
    System Uptime: 5/12/2012 9:47:10 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1604
    Processor: AMD V140 Processor | Socket S1G4 | 782/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 215 GiB total, 149.071 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.491 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP37: 5/6/2012 8:54:57 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
    RP39: 5/6/2012 8:55:26 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
    RP41: 5/6/2012 8:58:25 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
    RP43: 5/6/2012 8:59:32 PM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
    RP45: 5/6/2012 11:40:46 PM - Revo Uninstaller Pro's restore point - Norton Security Suite
    RP47: 5/6/2012 11:44:27 PM - Revo Uninstaller Pro's restore point - Norton Online Backup
    RP48: 5/6/2012 11:44:52 PM - Removed Norton Online Backup
    RP50: 5/7/2012 12:11:26 AM - Revo Uninstaller Pro's restore point - Constant Guard Protection Suite
    RP52: 5/7/2012 12:14:46 AM - Revo Uninstaller Pro's restore point - norton
    RP54: 5/8/2012 10:34:20 PM - Revo Uninstaller Pro's restore point - Norton Online Backup
    RP55: 5/8/2012 10:35:57 PM - Removed Norton Online Backup
    RP57: 5/8/2012 10:48:46 PM - Revo Uninstaller Pro's restore point -
    RP59: 5/8/2012 11:03:03 PM - Revo Uninstaller Pro's restore point -
    RP61: 5/8/2012 11:04:31 PM - Revo Uninstaller Pro's restore point -
    RP63: 5/8/2012 11:09:54 PM - Revo Uninstaller Pro's restore point -
    RP65: 5/8/2012 11:32:19 PM - Revo Uninstaller Pro's restore point -
    RP67: 5/9/2012 12:49:02 AM - Revo Uninstaller Pro's restore point - Norton Download Manager
    RP69: 5/9/2012 12:49:59 AM - Revo Uninstaller Pro's restore point - Norton Download Manager
    RP70: 5/11/2012 10:13:08 PM - HPSF Restore Point
    RP71: 5/11/2012 10:24:43 PM - HPSF Restore Point
    RP72: 5/11/2012 10:28:13 PM - HPSF Restore Point
    RP73: 5/11/2012 10:59:58 PM - Windows Update
    RP74: 5/11/2012 11:14:09 PM - Windows Update
    RP75: 5/11/2012 11:30:44 PM - Windows Update
    RP76: 5/12/2012 12:14:22 AM - Windows Update
    RP77: 5/12/2012 1:30:12 AM - Removed HP Deskjet 3050A J611 series Basic Device Software
    RP79: 5/12/2012 1:42:12 AM - Revo Uninstaller Pro's restore point -
    RP81: 5/12/2012 1:44:15 AM - Revo Uninstaller Pro's restore point - HP Deskjet 3050A J611 series Basic Device Software
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Reader 9.3 MUI
    Adobe Shockwave Player 11.5
    AMD USB Filter Driver
    Ask Toolbar
    Ask Toolbar Updater
    Atheros Driver Installation Program
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Bar Platform
    Blackhawk Striker 2
    Build-a-lot 2
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Energy Star Digital Logo
    erLT
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    FATE
    Final Drive Nitro
    FrostWire 5.0.8
    GuardedID
    H&R Block Deluxe + Efile + State 2011
    H&R Block New Jersey 2011
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Deskjet 3050A J611 series Help
    HP Documentation
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office XP Professional
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Suite
    ooVoo
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Recovery Manager
    Roxio CinemaNow 2.0
    Update Installer for WildTangent Games App
    Virtual Families
    Virtual Villagers - The Secret City
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2012 8:44:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    5/9/2012 8:44:09 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    5/6/2012 9:05:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
    5/6/2012 8:31:58 PM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/6/2012 7:55:01 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    5/6/2012 7:54:55 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The pipe has been ended.
    5/6/2012 4:34:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    5/6/2012 4:26:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    5/6/2012 3:43:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
    5/6/2012 3:43:54 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2012 3:43:54 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2012 3:43:54 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2012 3:30:04 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    5/6/2012 2:00:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    5/6/2012 11:21:00 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    5/6/2012 11:20:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/6/2012 11:20:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/6/2012 11:20:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/6/2012 11:20:54 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    5/6/2012 11:20:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/6/2012 11:20:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    5/6/2012 11:20:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    5/5/2012 1:25:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CGPS Service service to connect.
    5/5/2012 1:25:50 AM, Error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/12/2012 9:48:27 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    5/12/2012 9:48:06 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    5/12/2012 9:48:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    5/12/2012 12:42:18 AM, Error: Service Control Manager [7023] -
    .
    ==== End Of File ===========================

    Hope I did that correctly :) Now, the promised answers:


    The day I typed the first post, I was not at a location from which the infected computer could gain internet access, and I didn't think of your suggestion. For the most part, the internet connection (when available) has been consistent with the infected computer.

    The work done by the Norton Tech was done remotely, via the internet, which allowed him to download the tools.

    Lastly, I apologize for the delay....was cutting down trees all day. THANK YOU KEVIN for your patience and help :)
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Thankyou for the logs and update, don`t worry about reply times it is no big issue with me. Just post back when you have the time...

    OK the logs do indicate ZeroAccess rootkit infection, do the following:

    Step 1

    Download Yorkyt.exe and save to your Desktop.


    Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"


    [​IMG]


    Select Yes to restart at the prompt.


    [​IMG]


    Let it restart again when prompted.


    [​IMG]


    Be patient as the tool is working after the 2nd reboot.


    [​IMG]


    When you see the above, test to see if browser redirects are present or not.

    Attach the Yorkyt.exe.log to your next message (it should be on your desktop)

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


    Let me see those two logs in next reply..

    Kevin
     
  6. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    What a kind soul you are Kevin :) Thanks to both you and your lovely mother (assuming you celebrate Mother's Day in the UK) for your time today :D

    Logs follow:



    2012-05-13 14:15:11: ****************************************************
    2012-05-13 14:15:11: Starting UP ... v 0.0.0.220
    2012-05-13 14:15:11: ****************************************************
    2012-05-13 14:15:11: Stop TPSRV returns: 2
    2012-05-13 14:15:27: Listing processes...
    2012-05-13 14:15:27: :[System Process]:0
    2012-05-13 14:15:27: :System:4
    2012-05-13 14:15:27: :smss.exe:276
    2012-05-13 14:15:27: :csrss.exe:400
    2012-05-13 14:15:27: :wininit.exe:460
    2012-05-13 14:15:27: :csrss.exe:472
    2012-05-13 14:15:27: :services.exe:520
    2012-05-13 14:15:27: :lsass.exe:532
    2012-05-13 14:15:27: :lsm.exe:540
    2012-05-13 14:15:27: :winlogon.exe:568
    2012-05-13 14:15:27: :svchost.exe:692
    2012-05-13 14:15:27: :svchost.exe:752
    2012-05-13 14:15:27: :atiesrxx.exe:800
    2012-05-13 14:15:27: :svchost.exe:892
    2012-05-13 14:15:27: :svchost.exe:924
    2012-05-13 14:15:27: :svchost.exe:952
    2012-05-13 14:15:27: :audiodg.exe:312
    2012-05-13 14:15:27: :TrustedInstaller.exe:396
    2012-05-13 14:15:27: :svchost.exe:652
    2012-05-13 14:15:27: :svchost.exe:1140
    2012-05-13 14:15:27: :wlanext.exe:1208
    2012-05-13 14:15:27: :conhost.exe:1216
    2012-05-13 14:15:27: :spoolsv.exe:1316
    2012-05-13 14:15:27: :svchost.exe:1344
    2012-05-13 14:15:27: :svchost.exe:1504
    2012-05-13 14:15:27: :AERTSr64.exe:1536
    2012-05-13 14:15:27: :CinemaNowSvc.exe:1556
    2012-05-13 14:15:27: :presentationFontCache.exe:1624
    2012-05-13 14:15:27: :HPDrvMntSvc.exe:1704
    2012-05-13 14:15:27: :HPWMISVC.exe:1740
    2012-05-13 14:15:27: :ccsvchst.exe:1776
    2012-05-13 14:15:27: :svchost.exe:1824
    2012-05-13 14:15:27: :SeaPort.exe:1880
    2012-05-13 14:15:27: :svchost.exe:1912
    2012-05-13 14:15:27: :WLIDSVC.EXE:1988
    2012-05-13 14:15:27: :SearchIndexer.exe:1588
    2012-05-13 14:15:27: :WLIDSVCM.EXE:1008
    2012-05-13 14:15:27: :WmiPrvSE.exe:2236
    2012-05-13 14:15:27: :atieclxx.exe:1688
    2012-05-13 14:15:27: :HPSA_Service.exe:1804
    2012-05-13 14:15:27: :HPWA_Service.exe:1948
    2012-05-13 14:15:27: :RtVOsdService.exe:2160
    2012-05-13 14:15:27: :RtVOsd.exe:2144
    2012-05-13 14:15:27: :WmiPrvSE.exe:2684
    2012-05-13 14:15:27: :hpqWmiEx.exe:2780
    2012-05-13 14:15:27: :wmpnetwk.exe:2808
    2012-05-13 14:15:27: :ccsvchst.exe:188
    2012-05-13 14:15:27: :taskhost.exe:3096
    2012-05-13 14:15:27: :dwm.exe:3192
    2012-05-13 14:15:27: :explorer.exe:3236
    2012-05-13 14:15:27: :SynTPEnh.exe:3540
    2012-05-13 14:15:27: :rundll32.exe:3588
    2012-05-13 14:15:27: :SynTPHelper.exe:3888
    2012-05-13 14:15:27: :taskeng.exe:3016
    2012-05-13 14:15:27: :svchost.exe:3520
    2012-05-13 14:15:27: :taskeng.exe:1124
    2012-05-13 14:15:27: :taskeng.exe:2108
    2012-05-13 14:15:27: :jusched.exe:3616
    2012-05-13 14:15:27: :iexplore.exe:1384
    2012-05-13 14:15:27: :iexplore.exe:4068
    2012-05-13 14:15:27: :mswinext.exe:2292
    2012-05-13 14:15:27: :SCServer.exe:3028
    2012-05-13 14:15:27: :FlashUtil32_11_2_202_235_ActiveX.exe:1356
    2012-05-13 14:15:27: :iexplore.exe:4780
    2012-05-13 14:15:27: :SearchProtocolHost.exe:5092
    2012-05-13 14:15:27: :SearchFilterHost.exe:5112
    2012-05-13 14:15:27: :yorkyt.exe:4592
    2012-05-13 14:15:27:
    2012-05-13 14:15:27: Setting restore point
    2012-05-13 14:16:19: RUN mode
    2012-05-13 14:16:19: Determining autonomous or dropped mode...
    2012-05-13 14:16:19: Autonomus mode
    2012-05-13 14:16:19: ---------------------------------------------------------------------
    2012-05-13 14:16:19: Found Service: AeLookupSvc
    2012-05-13 14:16:19: Real Path: C:\Windows\System32\aelupsvc.dll
    2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
    2012-05-13 14:16:19: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
    2012-05-13 14:16:19: ServiceDLL: System32\aelupsvc.dll
    2012-05-13 14:16:19: File size: 0
    2012-05-13 14:16:19: DLL File name: aelupsvc.dll
    2012-05-13 14:16:19: Original File Name: aelupsvc.dll.mui
    2012-05-13 14:16:19: Company:
    2012-05-13 14:16:19: Mod/Cre/Acc time:
    2012-05-13 14:16:19: ---------------------------------------------------------------------
    2012-05-13 14:16:19: Found Service: AppIDSvc
    2012-05-13 14:16:19: Real Path: C:\Windows\System32\appidsvc.dll
    2012-05-13 14:16:19: Display Name: @%systemroot%\system32\appidsvc.dll,-100
    2012-05-13 14:16:19: Description: @%systemroot%\system32\appidsvc.dll,-101
    2012-05-13 14:16:19: ServiceDLL: System32\appidsvc.dll
    2012-05-13 14:16:19: File size: 0
    2012-05-13 14:16:19: DLL File name: appidsvc.dll
    2012-05-13 14:16:19: Original File Name: appidsvc.dll.mui
    2012-05-13 14:16:19: Company:
    2012-05-13 14:16:19: Mod/Cre/Acc time:
    2012-05-13 14:16:19: ---------------------------------------------------------------------
    2012-05-13 14:16:19: Found Service: Appinfo
    2012-05-13 14:16:19: Real Path: C:\Windows\System32\appinfo.dll
    2012-05-13 14:16:19: Display Name: @%systemroot%\system32\appinfo.dll,-100
    2012-05-13 14:16:19: Description: @%systemroot%\system32\appinfo.dll,-101
    2012-05-13 14:16:19: ServiceDLL: System32\appinfo.dll
    2012-05-13 14:16:19: File size: 0
    2012-05-13 14:16:19: DLL File name: appinfo.dll
    2012-05-13 14:16:19: Original File Name: appinfo.dll.mui
    2012-05-13 14:16:19: Company:
    2012-05-13 14:16:19: Mod/Cre/Acc time:
    2012-05-13 14:16:19: ---------------------------------------------------------------------
    2012-05-13 14:16:19: Found Service: AudioEndpointBuilder
    2012-05-13 14:16:19: Real Path: C:\Windows\System32\Audiosrv.dll
    2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
    2012-05-13 14:16:19: Description: @%SystemRoot%\System32\audiosrv.dll,-205
    2012-05-13 14:16:19: ServiceDLL: System32\Audiosrv.dll
    2012-05-13 14:16:19: File size: 0
    2012-05-13 14:16:19: DLL File name: Audiosrv.dll
    2012-05-13 14:16:19: Original File Name: audiosrv.dll.mui
    2012-05-13 14:16:19: Company:
    2012-05-13 14:16:19: Mod/Cre/Acc time:
    2012-05-13 14:16:19: ---------------------------------------------------------------------
    2012-05-13 14:16:19: Found Service: AudioSrv
    2012-05-13 14:16:19: Real Path: C:\Windows\System32\Audiosrv.dll
    2012-05-13 14:16:19: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
    2012-05-13 14:16:19: Description: @%SystemRoot%\System32\audiosrv.dll,-201
    2012-05-13 14:16:19: ServiceDLL: System32\Audiosrv.dll
    2012-05-13 14:16:19: File size: 0
    2012-05-13 14:16:19: DLL File name: Audiosrv.dll
    2012-05-13 14:16:19: Original File Name: audiosrv.dll.mui
    2012-05-13 14:16:19: Company:
    2012-05-13 14:16:19: Mod/Cre/Acc time:
    2012-05-13 14:16:20: ---------------------------------------------------------------------
    2012-05-13 14:16:20: Found Service: AxInstSV
    2012-05-13 14:16:20: Real Path: C:\Windows\System32\AxInstSV.dll
    2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
    2012-05-13 14:16:20: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
    2012-05-13 14:16:20: ServiceDLL: System32\AxInstSV.dll
    2012-05-13 14:16:20: File size: 0
    2012-05-13 14:16:20: DLL File name: AxInstSV.dll
    2012-05-13 14:16:20: Original File Name: AxInstSv.dll.mui
    2012-05-13 14:16:20: Company:
    2012-05-13 14:16:20: Mod/Cre/Acc time:
    2012-05-13 14:16:20: ---------------------------------------------------------------------
    2012-05-13 14:16:20: Found Service: BDESVC
    2012-05-13 14:16:20: Real Path: C:\Windows\System32\bdesvc.dll
    2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
    2012-05-13 14:16:20: Description: @%SystemRoot%\system32\bdesvc.dll,-101
    2012-05-13 14:16:20: ServiceDLL: System32\bdesvc.dll
    2012-05-13 14:16:20: File size: 0
    2012-05-13 14:16:20: DLL File name: bdesvc.dll
    2012-05-13 14:16:20: Original File Name: BDESVC.DLL.MUI
    2012-05-13 14:16:20: Company:
    2012-05-13 14:16:20: Mod/Cre/Acc time:
    2012-05-13 14:16:20: ---------------------------------------------------------------------
    2012-05-13 14:16:20: Found Service: BFE
    2012-05-13 14:16:20: Real Path: C:\Windows\System32\bfe.dll
    2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
    2012-05-13 14:16:20: Description: @%SystemRoot%\system32\bfe.dll,-1002
    2012-05-13 14:16:20: ServiceDLL: System32\bfe.dll
    2012-05-13 14:16:20: File size: 0
    2012-05-13 14:16:20: DLL File name: bfe.dll
    2012-05-13 14:16:20: Original File Name: BFE.DLL.MUI
    2012-05-13 14:16:20: Company:
    2012-05-13 14:16:20: Mod/Cre/Acc time:
    2012-05-13 14:16:20: ---------------------------------------------------------------------
    2012-05-13 14:16:20: Found Service: BITS
    2012-05-13 14:16:20: Real Path: C:\Windows\System32\qmgr.dll
    2012-05-13 14:16:20: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
    2012-05-13 14:16:20: Description: @%SystemRoot%\system32\qmgr.dll,-1001
    2012-05-13 14:16:20: ServiceDLL: System32\qmgr.dll
    2012-05-13 14:16:20: File size: 0
    2012-05-13 14:16:20: DLL File name: qmgr.dll
    2012-05-13 14:16:20: Original File Name: qmgr.dll.mui
    2012-05-13 14:16:20: Company:
    2012-05-13 14:16:20: Mod/Cre/Acc time:
    2012-05-13 14:16:20: ---------------------------------------------------------------------
    2012-05-13 14:16:20: Found Service: Browser
    2012-05-13 14:16:20: Real Path: C:\Windows\System32\browser.dll
    2012-05-13 14:16:20: Display Name: @%systemroot%\system32\browser.dll,-100
    2012-05-13 14:16:20: Description: @%systemroot%\system32\browser.dll,-101
    2012-05-13 14:16:20: ServiceDLL: System32\browser.dll
    2012-05-13 14:16:20: File size: 0
    2012-05-13 14:16:20: DLL File name: browser.dll
    2012-05-13 14:16:20: Original File Name: browser.dll.mui
    2012-05-13 14:16:20: Company:
    2012-05-13 14:16:20: Mod/Cre/Acc time:
    2012-05-13 14:16:21: ---------------------------------------------------------------------
    2012-05-13 14:16:21: Found Service: bthserv
    2012-05-13 14:16:21: Real Path: C:\Windows\system32\bthserv.dll
    2012-05-13 14:16:21: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
    2012-05-13 14:16:21: Description: @%SystemRoot%\System32\bthserv.dll,-102
    2012-05-13 14:16:21: ServiceDLL: system32\bthserv.dll
    2012-05-13 14:16:21: File size: 0
    2012-05-13 14:16:21: DLL File name: bthserv.dll
    2012-05-13 14:16:21: Original File Name: BTHSERV.DLL.MUI
    2012-05-13 14:16:21: Company:
    2012-05-13 14:16:21: Mod/Cre/Acc time:
    2012-05-13 14:16:21: ---------------------------------------------------------------------
    2012-05-13 14:16:21: Found Service: CertPropSvc
    2012-05-13 14:16:21: Real Path: C:\Windows\System32\certprop.dll
    2012-05-13 14:16:21: Display Name: @%SystemRoot%\System32\certprop.dll,-11
    2012-05-13 14:16:21: Description: @%SystemRoot%\System32\certprop.dll,-12
    2012-05-13 14:16:21: ServiceDLL: System32\certprop.dll
    2012-05-13 14:16:21: File size: 0
    2012-05-13 14:16:21: DLL File name: certprop.dll
    2012-05-13 14:16:21: Original File Name: certprop.dll.mui
    2012-05-13 14:16:21: Company:
    2012-05-13 14:16:21: Mod/Cre/Acc time:
    2012-05-13 14:16:21: ---------------------------------------------------------------------
    2012-05-13 14:16:21: Found Service: CryptSvc
    2012-05-13 14:16:21: Real Path: C:\Windows\system32\cryptsvc.dll
    2012-05-13 14:16:21: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
    2012-05-13 14:16:21: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
    2012-05-13 14:16:21: ServiceDLL: system32\cryptsvc.dll
    2012-05-13 14:16:21: File size: 135680
    2012-05-13 14:16:21: DLL File name: cryptsvc.dll
    2012-05-13 14:16:21: Original File Name: cryptsvc.dll.mui
    2012-05-13 14:16:21: Company:
    2012-05-13 14:16:21: Mod/Cre/Acc time: 20090713211507 20090713193303 20090713193303
    2012-05-13 14:16:21: ---------------------------------------------------------------------
    2012-05-13 14:16:21: Found Service: DcomLaunch
    2012-05-13 14:16:21: Real Path: C:\Windows\system32\rpcss.dll
    2012-05-13 14:16:21: Display Name: @oleres.dll,-5012
    2012-05-13 14:16:21: Description: @oleres.dll,-5013
    2012-05-13 14:16:21: ServiceDLL: system32\rpcss.dll
    2012-05-13 14:16:21: File size: 0
    2012-05-13 14:16:21: DLL File name: rpcss.dll
    2012-05-13 14:16:21: Original File Name: rpcss.dll
    2012-05-13 14:16:21: Company:
    2012-05-13 14:16:21: Mod/Cre/Acc time:
    2012-05-13 14:16:21: ---------------------------------------------------------------------
    2012-05-13 14:16:21: Found Service: defragsvc
    2012-05-13 14:16:21: Real Path: C:\Windows\System32\defragsvc.dll
    2012-05-13 14:16:21: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
    2012-05-13 14:16:21: Description: @%SystemRoot%\system32\defragsvc.dll,-102
    2012-05-13 14:16:21: ServiceDLL: System32\defragsvc.dll
    2012-05-13 14:16:21: File size: 0
    2012-05-13 14:16:21: DLL File name: defragsvc.dll
    2012-05-13 14:16:21: Original File Name: defragsvc.dll.mui
    2012-05-13 14:16:21: Company:
    2012-05-13 14:16:21: Mod/Cre/Acc time:
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: Dhcp
    2012-05-13 14:16:22: Real Path: C:\Windows\system32\dhcpcore.dll
    2012-05-13 14:16:22: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
    2012-05-13 14:16:22: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
    2012-05-13 14:16:22: ServiceDLL: system32\dhcpcore.dll
    2012-05-13 14:16:22: File size: 253440
    2012-05-13 14:16:22: DLL File name: dhcpcore.dll
    2012-05-13 14:16:22: Original File Name: dhcpcore.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: Dnscache
    2012-05-13 14:16:22: Real Path: C:\Windows\System32\dnsrslvr.dll
    2012-05-13 14:16:22: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
    2012-05-13 14:16:22: Description: @%SystemRoot%\System32\dnsapi.dll,-102
    2012-05-13 14:16:22: ServiceDLL: System32\dnsrslvr.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: dnsrslvr.dll
    2012-05-13 14:16:22: Original File Name: dnsrslvr.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: dot3svc
    2012-05-13 14:16:22: Real Path: C:\Windows\System32\dot3svc.dll
    2012-05-13 14:16:22: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
    2012-05-13 14:16:22: Description: @%systemroot%\system32\dot3svc.dll,-1103
    2012-05-13 14:16:22: ServiceDLL: System32\dot3svc.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: dot3svc.dll
    2012-05-13 14:16:22: Original File Name: dot3svc.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: DPS
    2012-05-13 14:16:22: Real Path: C:\Windows\system32\dps.dll
    2012-05-13 14:16:22: Display Name: @%systemroot%\system32\dps.dll,-500
    2012-05-13 14:16:22: Description: @%systemroot%\system32\dps.dll,-501
    2012-05-13 14:16:22: ServiceDLL: system32\dps.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: dps.dll
    2012-05-13 14:16:22: Original File Name: dps.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: EapHost
    2012-05-13 14:16:22: Real Path: C:\Windows\System32\eapsvc.dll
    2012-05-13 14:16:22: Display Name: @%systemroot%\system32\eapsvc.dll,-1
    2012-05-13 14:16:22: Description: @%systemroot%\system32\eapsvc.dll,-2
    2012-05-13 14:16:22: ServiceDLL: System32\eapsvc.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: eapsvc.dll
    2012-05-13 14:16:22: Original File Name: eapsvc.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: EventSystem
    2012-05-13 14:16:22: Real Path: C:\Windows\system32\es.dll
    2012-05-13 14:16:22: Display Name: @comres.dll,-2450
    2012-05-13 14:16:22: Description: @comres.dll,-2451
    2012-05-13 14:16:22: ServiceDLL: system32\es.dll
    2012-05-13 14:16:22: File size: 271360
    2012-05-13 14:16:22: DLL File name: es.dll
    2012-05-13 14:16:22: Original File Name: ES.DLL
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: fdPHost
    2012-05-13 14:16:22: Real Path: C:\Windows\system32\fdPHost.dll
    2012-05-13 14:16:22: Display Name: @%systemroot%\system32\fdPHost.dll,-100
    2012-05-13 14:16:22: Description: @%systemroot%\system32\fdPHost.dll,-101
    2012-05-13 14:16:22: ServiceDLL: system32\fdPHost.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: fdPHost.dll
    2012-05-13 14:16:22: Original File Name: fdPHost.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: ---------------------------------------------------------------------
    2012-05-13 14:16:22: Found Service: FDResPub
    2012-05-13 14:16:22: Real Path: C:\Windows\system32\fdrespub.dll
    2012-05-13 14:16:22: Display Name: @%systemroot%\system32\fdrespub.dll,-100
    2012-05-13 14:16:22: Description: @%systemroot%\system32\fdrespub.dll,-101
    2012-05-13 14:16:22: ServiceDLL: system32\fdrespub.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: fdrespub.dll
    2012-05-13 14:16:22: Original File Name: FDResPub.dll.mui
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: !!!!!!!
    2012-05-13 14:16:22: Found Service: FontCache
    2012-05-13 14:16:22: Real Path: C:\Windows\system32\FntCache.dll
    2012-05-13 14:16:22: Display Name: @%systemroot%\system32\FntCache.dll,-100
    2012-05-13 14:16:22: Description: @%systemroot%\system32\FntCache.dll,-101
    2012-05-13 14:16:22: ServiceDLL: system32\FntCache.dll
    2012-05-13 14:16:22: File size: 0
    2012-05-13 14:16:22: DLL File name: FntCache.dll
    2012-05-13 14:16:22: Original File Name: FontCacheService
    2012-05-13 14:16:22: Company:
    2012-05-13 14:16:22: Mod/Cre/Acc time:
    2012-05-13 14:16:22: !!!!!!!!!
    2012-05-13 14:16:23: ---------------------------------------------------------------------
    2012-05-13 14:16:23: Found Service: gpsvc
    2012-05-13 14:16:23: Real Path: C:\Windows\System32\gpsvc.dll
    2012-05-13 14:16:23: Display Name: @gpapi.dll,-112
    2012-05-13 14:16:23: Description: @gpapi.dll,-113
    2012-05-13 14:16:23: ServiceDLL: System32\gpsvc.dll
    2012-05-13 14:16:23: File size: 0
    2012-05-13 14:16:23: DLL File name: gpsvc.dll
    2012-05-13 14:16:23: Original File Name: gpsvc.dll.mui
    2012-05-13 14:16:23: Company:
    2012-05-13 14:16:23: Mod/Cre/Acc time:
    2012-05-13 14:16:23: ---------------------------------------------------------------------
    2012-05-13 14:16:23: Found Service: hidserv
    2012-05-13 14:16:23: Real Path: C:\Windows\system32\hidserv.dll
    2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
    2012-05-13 14:16:23: Description: @%SystemRoot%\System32\hidserv.dll,-102
    2012-05-13 14:16:23: ServiceDLL: system32\hidserv.dll
    2012-05-13 14:16:23: File size: 49152
    2012-05-13 14:16:23: DLL File name: hidserv.dll
    2012-05-13 14:16:23: Original File Name: HIDSERV.DLL.MUI
    2012-05-13 14:16:23: Company:
    2012-05-13 14:16:23: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109
    2012-05-13 14:16:23: ---------------------------------------------------------------------
    2012-05-13 14:16:23: Found Service: hkmsvc
    2012-05-13 14:16:23: Real Path: C:\Windows\system32\kmsvc.dll
    2012-05-13 14:16:23: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
    2012-05-13 14:16:23: Description: @%SystemRoot%\system32\kmsvc.dll,-7
    2012-05-13 14:16:23: ServiceDLL: system32\kmsvc.dll
    2012-05-13 14:16:23: File size: 0
    2012-05-13 14:16:23: DLL File name: kmsvc.dll
    2012-05-13 14:16:23: Original File Name: KmSvc.DLL.MUI
    2012-05-13 14:16:23: Company:
    2012-05-13 14:16:23: Mod/Cre/Acc time:
    2012-05-13 14:16:23: ---------------------------------------------------------------------
    2012-05-13 14:16:23: Found Service: HomeGroupListener
    2012-05-13 14:16:23: Real Path: C:\Windows\system32\ListSvc.dll
    2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
    2012-05-13 14:16:23: Description: @%SystemRoot%\System32\ListSvc.dll,-101
    2012-05-13 14:16:23: ServiceDLL: system32\ListSvc.dll
    2012-05-13 14:16:23: File size: 0
    2012-05-13 14:16:23: DLL File name: ListSvc.dll
    2012-05-13 14:16:23: Original File Name: ListSvc.dll.mui
    2012-05-13 14:16:23: Company:
    2012-05-13 14:16:23: Mod/Cre/Acc time:
    2012-05-13 14:16:23: ---------------------------------------------------------------------
    2012-05-13 14:16:23: Found Service: HomeGroupProvider
    2012-05-13 14:16:23: Real Path: C:\Windows\system32\provsvc.dll
    2012-05-13 14:16:23: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
    2012-05-13 14:16:23: Description: @%SystemRoot%\System32\provsvc.dll,-101
    2012-05-13 14:16:23: ServiceDLL: system32\provsvc.dll
    2012-05-13 14:16:23: File size: 165376
    2012-05-13 14:16:23: DLL File name: provsvc.dll
    2012-05-13 14:16:23: Original File Name: provsvc.dll.mui
    2012-05-13 14:16:23: Company:
    2012-05-13 14:16:23: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941
    2012-05-13 14:16:23: ---------------------------------------------------------------------
    2012-05-13 14:16:23: Found Service: IKEEXT
    2012-05-13 14:16:23: Real Path: C:\Windows\System32\ikeext.dll
    2012-05-13 14:16:23: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
    2012-05-13 14:16:23: Description: @%SystemRoot%\system32\ikeext.dll,-502
    2012-05-13 14:16:23: ServiceDLL: System32\ikeext.dll
    2012-05-13 14:16:23: File size: 0
    2012-05-13 14:16:23: DLL File name: ikeext.dll
    2012-05-13 14:16:23: Original File Name: IKEEXT.DLL.MUI
    2012-05-13 14:16:23: Company:
    2012-05-13 14:16:23: Mod/Cre/Acc time:
    2012-05-13 14:16:24: ---------------------------------------------------------------------
    2012-05-13 14:16:24: Found Service: IPBusEnum
    2012-05-13 14:16:24: Real Path: C:\Windows\system32\ipbusenum.dll
    2012-05-13 14:16:24: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
    2012-05-13 14:16:24: Description: @%systemroot%\system32\IPBusEnum.dll,-103
    2012-05-13 14:16:24: ServiceDLL: system32\ipbusenum.dll
    2012-05-13 14:16:24: File size: 0
    2012-05-13 14:16:24: DLL File name: ipbusenum.dll
    2012-05-13 14:16:24: Original File Name: IPBusEnum.dll.mui
    2012-05-13 14:16:24: Company:
    2012-05-13 14:16:24: Mod/Cre/Acc time:
    2012-05-13 14:16:24: ---------------------------------------------------------------------
    2012-05-13 14:16:24: Found Service: KtmRm
    2012-05-13 14:16:24: Real Path: C:\Windows\system32\msdtckrm.dll
    2012-05-13 14:16:24: Display Name: @comres.dll,-2946
    2012-05-13 14:16:24: Description: @comres.dll,-2947
    2012-05-13 14:16:24: ServiceDLL: system32\msdtckrm.dll
    2012-05-13 14:16:24: File size: 0
    2012-05-13 14:16:24: DLL File name: msdtckrm.dll
    2012-05-13 14:16:24: Original File Name: MSDTCKRM.DLL
    2012-05-13 14:16:24: Company:
    2012-05-13 14:16:24: Mod/Cre/Acc time:
    2012-05-13 14:16:24: ---------------------------------------------------------------------
    2012-05-13 14:16:24: Found Service: LanmanServer
    2012-05-13 14:16:24: Real Path: C:\Windows\system32\srvsvc.dll
    2012-05-13 14:16:24: Display Name: @%systemroot%\system32\srvsvc.dll,-100
    2012-05-13 14:16:24: Description: @%systemroot%\system32\srvsvc.dll,-101
    2012-05-13 14:16:24: ServiceDLL: system32\srvsvc.dll
    2012-05-13 14:16:24: File size: 0
    2012-05-13 14:16:24: DLL File name: srvsvc.dll
    2012-05-13 14:16:24: Original File Name: SRVSVC.DLL.MUI
    2012-05-13 14:16:24: Company:
    2012-05-13 14:16:24: Mod/Cre/Acc time:
    2012-05-13 14:16:24: ---------------------------------------------------------------------
    2012-05-13 14:16:24: Found Service: LanmanWorkstation
    2012-05-13 14:16:24: Real Path: C:\Windows\System32\wkssvc.dll
    2012-05-13 14:16:24: Display Name: @%systemroot%\system32\wkssvc.dll,-100
    2012-05-13 14:16:24: Description: @%systemroot%\system32\wkssvc.dll,-101
    2012-05-13 14:16:24: ServiceDLL: System32\wkssvc.dll
    2012-05-13 14:16:24: File size: 0
    2012-05-13 14:16:24: DLL File name: wkssvc.dll
    2012-05-13 14:16:24: Original File Name: WKSSVC.DLL.MUI
    2012-05-13 14:16:24: Company:
    2012-05-13 14:16:24: Mod/Cre/Acc time:
    2012-05-13 14:16:24: ---------------------------------------------------------------------
    2012-05-13 14:16:24: Found Service: lltdsvc
    2012-05-13 14:16:24: Real Path: C:\Windows\System32\lltdsvc.dll
    2012-05-13 14:16:24: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
    2012-05-13 14:16:24: Description: @%SystemRoot%\system32\lltdres.dll,-2
    2012-05-13 14:16:24: ServiceDLL: System32\lltdsvc.dll
    2012-05-13 14:16:24: File size: 0
    2012-05-13 14:16:24: DLL File name: lltdsvc.dll
    2012-05-13 14:16:24: Original File Name: LLTDSVC.DLL
    2012-05-13 14:16:24: Company:
    2012-05-13 14:16:24: Mod/Cre/Acc time:
    2012-05-13 14:16:25: ---------------------------------------------------------------------
    2012-05-13 14:16:25: Found Service: lmhosts
    2012-05-13 14:16:25: Real Path: C:\Windows\System32\lmhsvc.dll
    2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
    2012-05-13 14:16:25: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
    2012-05-13 14:16:25: ServiceDLL: System32\lmhsvc.dll
    2012-05-13 14:16:25: File size: 0
    2012-05-13 14:16:25: DLL File name: lmhsvc.dll
    2012-05-13 14:16:25: Original File Name: lmhsvc.dll.mui
    2012-05-13 14:16:25: Company:
    2012-05-13 14:16:25: Mod/Cre/Acc time:
    2012-05-13 14:16:25: ---------------------------------------------------------------------
    2012-05-13 14:16:25: Found Service: Mcx2Svc
    2012-05-13 14:16:25: Real Path: C:\Windows\system32\Mcx2Svc.dll
    2012-05-13 14:16:25: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
    2012-05-13 14:16:25: Description: @%SystemRoot%\ehome\ehres.dll,-15502
    2012-05-13 14:16:25: ServiceDLL: system32\Mcx2Svc.dll
    2012-05-13 14:16:25: File size: 0
    2012-05-13 14:16:25: DLL File name: Mcx2Svc.dll
    2012-05-13 14:16:25: Original File Name: Mcx2Svc.dll
    2012-05-13 14:16:25: Company:
    2012-05-13 14:16:25: Mod/Cre/Acc time:
    2012-05-13 14:16:25: ---------------------------------------------------------------------
    2012-05-13 14:16:25: Found Service: MMCSS
    2012-05-13 14:16:25: Real Path: C:\Windows\system32\mmcss.dll
    2012-05-13 14:16:25: Display Name: @%systemroot%\system32\mmcss.dll,-100
    2012-05-13 14:16:25: Description: @%systemroot%\system32\mmcss.dll,-101
    2012-05-13 14:16:25: ServiceDLL: system32\mmcss.dll
    2012-05-13 14:16:25: File size: 0
    2012-05-13 14:16:25: DLL File name: mmcss.dll
    2012-05-13 14:16:25: Original File Name: mmcss.dll.mui
    2012-05-13 14:16:25: Company:
    2012-05-13 14:16:25: Mod/Cre/Acc time:
    2012-05-13 14:16:25: ---------------------------------------------------------------------
    2012-05-13 14:16:25: Found Service: MSiSCSI
    2012-05-13 14:16:25: Real Path: C:\Windows\system32\iscsiexe.dll
    2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
    2012-05-13 14:16:25: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
    2012-05-13 14:16:25: ServiceDLL: system32\iscsiexe.dll
    2012-05-13 14:16:25: File size: 0
    2012-05-13 14:16:25: DLL File name: iscsiexe.dll
    2012-05-13 14:16:25: Original File Name: iscsiexe.exe.mui
    2012-05-13 14:16:25: Company:
    2012-05-13 14:16:25: Mod/Cre/Acc time:
    2012-05-13 14:16:25: ---------------------------------------------------------------------
    2012-05-13 14:16:25: Found Service: napagent
    2012-05-13 14:16:25: Real Path: C:\Windows\system32\qagentRT.dll
    2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
    2012-05-13 14:16:25: Description: @%SystemRoot%\system32\qagentrt.dll,-7
    2012-05-13 14:16:25: ServiceDLL: system32\qagentRT.dll
    2012-05-13 14:16:25: File size: 0
    2012-05-13 14:16:25: DLL File name: qagentRT.dll
    2012-05-13 14:16:25: Original File Name: QAgentRT.DLL.MUI
    2012-05-13 14:16:25: Company:
    2012-05-13 14:16:25: Mod/Cre/Acc time:
    2012-05-13 14:16:25: ---------------------------------------------------------------------
    2012-05-13 14:16:25: Found Service: Netman
    2012-05-13 14:16:25: Real Path: C:\Windows\System32\netman.dll
    2012-05-13 14:16:25: Display Name: @%SystemRoot%\system32\netman.dll,-109
    2012-05-13 14:16:25: Description: @%SystemRoot%\system32\netman.dll,-110
    2012-05-13 14:16:25: ServiceDLL: System32\netman.dll
    2012-05-13 14:16:25: File size: 0
    2012-05-13 14:16:25: DLL File name: netman.dll
    2012-05-13 14:16:25: Original File Name: netman.dll.mui
    2012-05-13 14:16:25: Company:
    2012-05-13 14:16:25: Mod/Cre/Acc time:
    2012-05-13 14:16:26: ---------------------------------------------------------------------
    2012-05-13 14:16:26: Found Service: netprofm
    2012-05-13 14:16:26: Real Path: C:\Windows\System32\netprofm.dll
    2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
    2012-05-13 14:16:26: Description: @%SystemRoot%\system32\netprofm.dll,-203
    2012-05-13 14:16:26: ServiceDLL: System32\netprofm.dll
    2012-05-13 14:16:26: File size: 360448
    2012-05-13 14:16:26: DLL File name: netprofm.dll
    2012-05-13 14:16:26: Original File Name: netprofm.dll.mui
    2012-05-13 14:16:26: Company:
    2012-05-13 14:16:26: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658
    2012-05-13 14:16:26: ---------------------------------------------------------------------
    2012-05-13 14:16:26: Found Service: NlaSvc
    2012-05-13 14:16:26: Real Path: C:\Windows\System32\nlasvc.dll
    2012-05-13 14:16:26: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
    2012-05-13 14:16:26: Description: @%SystemRoot%\System32\nlasvc.dll,-2
    2012-05-13 14:16:26: ServiceDLL: System32\nlasvc.dll
    2012-05-13 14:16:26: File size: 0
    2012-05-13 14:16:26: DLL File name: nlasvc.dll
    2012-05-13 14:16:26: Original File Name: nlasvc.dll.mui
    2012-05-13 14:16:26: Company:
    2012-05-13 14:16:26: Mod/Cre/Acc time:
    2012-05-13 14:16:26: ---------------------------------------------------------------------
    2012-05-13 14:16:26: Found Service: nsi
    2012-05-13 14:16:26: Real Path: C:\Windows\system32\nsisvc.dll
    2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
    2012-05-13 14:16:26: Description: @%SystemRoot%\system32\nsisvc.dll,-201
    2012-05-13 14:16:26: ServiceDLL: system32\nsisvc.dll
    2012-05-13 14:16:26: File size: 0
    2012-05-13 14:16:26: DLL File name: nsisvc.dll
    2012-05-13 14:16:26: Original File Name: nsisvc.dll.mui
    2012-05-13 14:16:26: Company:
    2012-05-13 14:16:26: Mod/Cre/Acc time:
    2012-05-13 14:16:26: ---------------------------------------------------------------------
    2012-05-13 14:16:26: Found Service: p2pimsvc
    2012-05-13 14:16:26: Real Path: C:\Windows\system32\pnrpsvc.dll
    2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
    2012-05-13 14:16:26: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
    2012-05-13 14:16:26: ServiceDLL: system32\pnrpsvc.dll
    2012-05-13 14:16:26: File size: 0
    2012-05-13 14:16:26: DLL File name: pnrpsvc.dll
    2012-05-13 14:16:26: Original File Name: pnrpsvc.dll.mui
    2012-05-13 14:16:26: Company:
    2012-05-13 14:16:26: Mod/Cre/Acc time:
    2012-05-13 14:16:26: ---------------------------------------------------------------------
    2012-05-13 14:16:26: Found Service: p2psvc
    2012-05-13 14:16:26: Real Path: C:\Windows\system32\p2psvc.dll
    2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
    2012-05-13 14:16:26: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
    2012-05-13 14:16:26: ServiceDLL: system32\p2psvc.dll
    2012-05-13 14:16:26: File size: 0
    2012-05-13 14:16:26: DLL File name: p2psvc.dll
    2012-05-13 14:16:26: Original File Name: p2psvc.dll.mui
    2012-05-13 14:16:26: Company:
    2012-05-13 14:16:26: Mod/Cre/Acc time:
    2012-05-13 14:16:26: !!!!!!!
    2012-05-13 14:16:26: Found Service: PcaSvc
    2012-05-13 14:16:26: Real Path: C:\Windows\System32\pcasvc.dll
    2012-05-13 14:16:26: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
    2012-05-13 14:16:26: Description: @%SystemRoot%\system32\pcasvc.dll,-2
    2012-05-13 14:16:26: ServiceDLL: System32\pcasvc.dll
    2012-05-13 14:16:26: File size: 0
    2012-05-13 14:16:26: DLL File name: pcasvc.dll
    2012-05-13 14:16:26: Original File Name:
    2012-05-13 14:16:26: Company:
    2012-05-13 14:16:26: Mod/Cre/Acc time:
    2012-05-13 14:16:26: !!!!!!!!!
    2012-05-13 14:16:26: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: pla
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\pla.dll
    2012-05-13 14:16:27: Display Name: @%systemroot%\system32\pla.dll,-500
    2012-05-13 14:16:27: Description: @%systemroot%\system32\pla.dll,-501
    2012-05-13 14:16:27: ServiceDLL: system32\pla.dll
    2012-05-13 14:16:27: File size: 1508864
    2012-05-13 14:16:27: DLL File name: pla.dll
    2012-05-13 14:16:27: Original File Name: PLA.DLL.MUI
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: PlugPlay
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\umpnpmgr.dll
    2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
    2012-05-13 14:16:27: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
    2012-05-13 14:16:27: ServiceDLL: system32\umpnpmgr.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: umpnpmgr.dll
    2012-05-13 14:16:27: Original File Name: Umpnpmgr.DLL.MUI
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: PNRPAutoReg
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\pnrpauto.dll
    2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
    2012-05-13 14:16:27: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
    2012-05-13 14:16:27: ServiceDLL: system32\pnrpauto.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: pnrpauto.dll
    2012-05-13 14:16:27: Original File Name: pnrpauto.dll.mui
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: PNRPsvc
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\pnrpsvc.dll
    2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
    2012-05-13 14:16:27: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
    2012-05-13 14:16:27: ServiceDLL: system32\pnrpsvc.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: pnrpsvc.dll
    2012-05-13 14:16:27: Original File Name: pnrpsvc.dll.mui
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: PolicyAgent
    2012-05-13 14:16:27: Real Path: C:\Windows\System32\ipsecsvc.dll
    2012-05-13 14:16:27: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
    2012-05-13 14:16:27: Description: @%SystemRoot%\system32\polstore.dll,-5011
    2012-05-13 14:16:27: ServiceDLL: System32\ipsecsvc.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: ipsecsvc.dll
    2012-05-13 14:16:27: Original File Name: ipsecsvc.dll.mui
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: Power
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\umpo.dll
    2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\umpo.dll,-100
    2012-05-13 14:16:27: Description: @%SystemRoot%\system32\umpo.dll,-101
    2012-05-13 14:16:27: ServiceDLL: system32\umpo.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: umpo.dll
    2012-05-13 14:16:27: Original File Name: Umpo.DLL.MUI
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: ProfSvc
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\profsvc.dll
    2012-05-13 14:16:27: Display Name: @%systemroot%\system32\profsvc.dll,-300
    2012-05-13 14:16:27: Description: @%systemroot%\system32\profsvc.dll,-301
    2012-05-13 14:16:27: ServiceDLL: system32\profsvc.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: profsvc.dll
    2012-05-13 14:16:27: Original File Name: ProfSvc.dll.mui
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: QWAVE
    2012-05-13 14:16:27: Real Path: C:\Windows\system32\qwave.dll
    2012-05-13 14:16:27: Display Name: @%SystemRoot%\system32\qwave.dll,-1
    2012-05-13 14:16:27: Description: @%SystemRoot%\system32\qwave.dll,-2
    2012-05-13 14:16:27: ServiceDLL: system32\qwave.dll
    2012-05-13 14:16:27: File size: 210944
    2012-05-13 14:16:27: DLL File name: qwave.dll
    2012-05-13 14:16:27: Original File Name: qwave.dll.mui
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415
    2012-05-13 14:16:27: ---------------------------------------------------------------------
    2012-05-13 14:16:27: Found Service: RasAuto
    2012-05-13 14:16:27: Real Path: C:\Windows\System32\rasauto.dll
    2012-05-13 14:16:27: Display Name: @%Systemroot%\system32\rasauto.dll,-200
    2012-05-13 14:16:27: Description: @%Systemroot%\system32\rasauto.dll,-201
    2012-05-13 14:16:27: ServiceDLL: System32\rasauto.dll
    2012-05-13 14:16:27: File size: 0
    2012-05-13 14:16:27: DLL File name: rasauto.dll
    2012-05-13 14:16:27: Original File Name: rasauto.dll.mui
    2012-05-13 14:16:27: Company:
    2012-05-13 14:16:27: Mod/Cre/Acc time:
    2012-05-13 14:16:28: ---------------------------------------------------------------------
    2012-05-13 14:16:28: Found Service: RasMan
    2012-05-13 14:16:28: Real Path: C:\Windows\System32\rasmans.dll
    2012-05-13 14:16:28: Display Name: @%Systemroot%\system32\rasmans.dll,-200
    2012-05-13 14:16:28: Description: @%Systemroot%\system32\rasmans.dll,-201
    2012-05-13 14:16:28: ServiceDLL: System32\rasmans.dll
    2012-05-13 14:16:28: File size: 0
    2012-05-13 14:16:28: DLL File name: rasmans.dll
    2012-05-13 14:16:28: Original File Name: Rasmans.dll.mui
    2012-05-13 14:16:28: Company:
    2012-05-13 14:16:28: Mod/Cre/Acc time:
    2012-05-13 14:16:28: ---------------------------------------------------------------------
    2012-05-13 14:16:28: Found Service: RemoteAccess
    2012-05-13 14:16:28: Real Path: C:\Windows\System32\mprdim.dll
    2012-05-13 14:16:28: Display Name: @%Systemroot%\system32\mprdim.dll,-200
    2012-05-13 14:16:28: Description: @%Systemroot%\system32\mprdim.dll,-201
    2012-05-13 14:16:28: ServiceDLL: System32\mprdim.dll
    2012-05-13 14:16:28: File size: 75264
    2012-05-13 14:16:28: DLL File name: mprdim.dll
    2012-05-13 14:16:28: Original File Name: MPRDIM.DLL.MUI
    2012-05-13 14:16:28: Company:
    2012-05-13 14:16:28: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426
    2012-05-13 14:16:28: ---------------------------------------------------------------------
    2012-05-13 14:16:28: Found Service: RemoteRegistry
    2012-05-13 14:16:28: Real Path: C:\Windows\system32\regsvc.dll
    2012-05-13 14:16:28: Display Name: @regsvc.dll,-1
    2012-05-13 14:16:28: Description: @regsvc.dll,-2
    2012-05-13 14:16:28: ServiceDLL: system32\regsvc.dll
    2012-05-13 14:16:28: File size: 0
    2012-05-13 14:16:28: DLL File name: regsvc.dll
    2012-05-13 14:16:28: Original File Name: REGSVC.DLL.MUI
    2012-05-13 14:16:28: Company:
    2012-05-13 14:16:28: Mod/Cre/Acc time:
    2012-05-13 14:16:28: ---------------------------------------------------------------------
    2012-05-13 14:16:28: Found Service: RpcEptMapper
    2012-05-13 14:16:28: Real Path: C:\Windows\System32\RpcEpMap.dll
    2012-05-13 14:16:28: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
    2012-05-13 14:16:28: Description: @%windir%\system32\RpcEpMap.dll,-1002
    2012-05-13 14:16:28: ServiceDLL: System32\RpcEpMap.dll
    2012-05-13 14:16:28: File size: 0
    2012-05-13 14:16:28: DLL File name: RpcEpMap.dll
    2012-05-13 14:16:28: Original File Name: RpcEpMap.dll.mui
    2012-05-13 14:16:28: Company:
    2012-05-13 14:16:28: Mod/Cre/Acc time:
    2012-05-13 14:16:28: ---------------------------------------------------------------------
    2012-05-13 14:16:28: Found Service: RpcSs
    2012-05-13 14:16:28: Real Path: C:\Windows\system32\rpcss.dll
    2012-05-13 14:16:28: Display Name: @oleres.dll,-5010
    2012-05-13 14:16:28: Description: @oleres.dll,-5011
    2012-05-13 14:16:28: ServiceDLL: system32\rpcss.dll
    2012-05-13 14:16:28: File size: 0
    2012-05-13 14:16:28: DLL File name: rpcss.dll
    2012-05-13 14:16:28: Original File Name: rpcss.dll
    2012-05-13 14:16:28: Company:
    2012-05-13 14:16:28: Mod/Cre/Acc time:
    2012-05-13 14:16:28: ---------------------------------------------------------------------
    2012-05-13 14:16:28: Found Service: SCardSvr
    2012-05-13 14:16:28: Real Path: C:\Windows\System32\SCardSvr.dll
    2012-05-13 14:16:28: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
    2012-05-13 14:16:28: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
    2012-05-13 14:16:28: ServiceDLL: System32\SCardSvr.dll
    2012-05-13 14:16:28: File size: 0
    2012-05-13 14:16:28: DLL File name: SCardSvr.dll
    2012-05-13 14:16:28: Original File Name: SCardSvr.exe.mui
    2012-05-13 14:16:28: Company:
    2012-05-13 14:16:28: Mod/Cre/Acc time:
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: Schedule
    2012-05-13 14:16:29: Real Path: C:\Windows\system32\schedsvc.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
    2012-05-13 14:16:29: Description: @%SystemRoot%\system32\schedsvc.dll,-101
    2012-05-13 14:16:29: ServiceDLL: system32\schedsvc.dll
    2012-05-13 14:16:29: File size: 0
    2012-05-13 14:16:29: DLL File name: schedsvc.dll
    2012-05-13 14:16:29: Original File Name: schedsvc.dll.mui
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time:
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: SCPolicySvc
    2012-05-13 14:16:29: Real Path: C:\Windows\System32\certprop.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\certprop.dll,-13
    2012-05-13 14:16:29: Description: @%SystemRoot%\System32\certprop.dll,-14
    2012-05-13 14:16:29: ServiceDLL: System32\certprop.dll
    2012-05-13 14:16:29: File size: 0
    2012-05-13 14:16:29: DLL File name: certprop.dll
    2012-05-13 14:16:29: Original File Name: certprop.dll.mui
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time:
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: SDRSVC
    2012-05-13 14:16:29: Real Path: C:\Windows\System32\SDRSVC.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
    2012-05-13 14:16:29: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
    2012-05-13 14:16:29: ServiceDLL: System32\SDRSVC.dll
    2012-05-13 14:16:29: File size: 0
    2012-05-13 14:16:29: DLL File name: SDRSVC.dll
    2012-05-13 14:16:29: Original File Name: SDRSVC.DLL.MUI
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time:
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: seclogon
    2012-05-13 14:16:29: Real Path: C:\Windows\system32\seclogon.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
    2012-05-13 14:16:29: Description: @%SystemRoot%\system32\seclogon.dll,-7000
    2012-05-13 14:16:29: ServiceDLL: system32\seclogon.dll
    2012-05-13 14:16:29: File size: 0
    2012-05-13 14:16:29: DLL File name: seclogon.dll
    2012-05-13 14:16:29: Original File Name: SECLOGON.EXE.MUI
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time:
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: SENS
    2012-05-13 14:16:29: Real Path: C:\Windows\System32\sens.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\Sens.dll,-200
    2012-05-13 14:16:29: Description: @%SystemRoot%\system32\Sens.dll,-201
    2012-05-13 14:16:29: ServiceDLL: System32\sens.dll
    2012-05-13 14:16:29: File size: 49664
    2012-05-13 14:16:29: DLL File name: sens.dll
    2012-05-13 14:16:29: Original File Name: sens.dll.mui
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: SensrSvc
    2012-05-13 14:16:29: Real Path: C:\Windows\system32\sensrsvc.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
    2012-05-13 14:16:29: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
    2012-05-13 14:16:29: ServiceDLL: system32\sensrsvc.dll
    2012-05-13 14:16:29: File size: 0
    2012-05-13 14:16:29: DLL File name: sensrsvc.dll
    2012-05-13 14:16:29: Original File Name: sensrsvc.dll.mui
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time:
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: SessionEnv
    2012-05-13 14:16:29: Real Path: C:\Windows\system32\sessenv.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
    2012-05-13 14:16:29: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
    2012-05-13 14:16:29: ServiceDLL: system32\sessenv.dll
    2012-05-13 14:16:29: File size: 99328
    2012-05-13 14:16:29: DLL File name: sessenv.dll
    2012-05-13 14:16:29: Original File Name: SessEnv.DLL.MUI
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228
    2012-05-13 14:16:29: ---------------------------------------------------------------------
    2012-05-13 14:16:29: Found Service: SharedAccess
    2012-05-13 14:16:29: Real Path: C:\Windows\System32\ipnathlp.dll
    2012-05-13 14:16:29: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
    2012-05-13 14:16:29: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
    2012-05-13 14:16:29: ServiceDLL: System32\ipnathlp.dll
    2012-05-13 14:16:29: File size: 0
    2012-05-13 14:16:29: DLL File name: ipnathlp.dll
    2012-05-13 14:16:29: Original File Name: IPNATHLP.DLL.MUI
    2012-05-13 14:16:29: Company:
    2012-05-13 14:16:29: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: ShellHWDetection
    2012-05-13 14:16:30: Real Path: C:\Windows\System32\shsvcs.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
    2012-05-13 14:16:30: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
    2012-05-13 14:16:30: ServiceDLL: System32\shsvcs.dll
    2012-05-13 14:16:30: File size: 328192
    2012-05-13 14:16:30: DLL File name: shsvcs.dll
    2012-05-13 14:16:30: Original File Name: SHSVCS.DLL.MUI
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: sppuinotify
    2012-05-13 14:16:30: Real Path: C:\Windows\system32\sppuinotify.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
    2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
    2012-05-13 14:16:30: ServiceDLL: system32\sppuinotify.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: sppuinotify.dll
    2012-05-13 14:16:30: Original File Name: sppuinotify.dll.mui
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: SSDPSRV
    2012-05-13 14:16:30: Real Path: C:\Windows\System32\ssdpsrv.dll
    2012-05-13 14:16:30: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
    2012-05-13 14:16:30: Description: @%systemroot%\system32\ssdpsrv.dll,-101
    2012-05-13 14:16:30: ServiceDLL: System32\ssdpsrv.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: ssdpsrv.dll
    2012-05-13 14:16:30: Original File Name: ssdpsrv.dll.mui
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: SstpSvc
    2012-05-13 14:16:30: Real Path: C:\Windows\system32\sstpsvc.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
    2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
    2012-05-13 14:16:30: ServiceDLL: system32\sstpsvc.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: sstpsvc.dll
    2012-05-13 14:16:30: Original File Name: sstpsvc.dll.mui
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: stisvc
    2012-05-13 14:16:30: Real Path: C:\Windows\System32\wiaservc.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
    2012-05-13 14:16:30: Description: @%SystemRoot%\system32\wiaservc.dll,-10
    2012-05-13 14:16:30: ServiceDLL: System32\wiaservc.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: wiaservc.dll
    2012-05-13 14:16:30: Original File Name: WIASERVC.DLL.MUI
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: swprv
    2012-05-13 14:16:30: Real Path: C:\Windows\System32\swprv.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\System32\swprv.dll,-103
    2012-05-13 14:16:30: Description: @%SystemRoot%\System32\swprv.dll,-102
    2012-05-13 14:16:30: ServiceDLL: System32\swprv.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: swprv.dll
    2012-05-13 14:16:30: Original File Name: SWPRV.DLL.MUI
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: SysMain
    2012-05-13 14:16:30: Real Path: C:\Windows\system32\sysmain.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
    2012-05-13 14:16:30: Description: @%SystemRoot%\system32\sysmain.dll,-1001
    2012-05-13 14:16:30: ServiceDLL: system32\sysmain.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: sysmain.dll
    2012-05-13 14:16:30: Original File Name: sysmain.dll.mui
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:30: ---------------------------------------------------------------------
    2012-05-13 14:16:30: Found Service: TabletInputService
    2012-05-13 14:16:30: Real Path: C:\Windows\System32\TabSvc.dll
    2012-05-13 14:16:30: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
    2012-05-13 14:16:30: Description: @%SystemRoot%\system32\TabSvc.dll,-101
    2012-05-13 14:16:30: ServiceDLL: System32\TabSvc.dll
    2012-05-13 14:16:30: File size: 0
    2012-05-13 14:16:30: DLL File name: TabSvc.dll
    2012-05-13 14:16:30: Original File Name: TabSvc.dll.mui
    2012-05-13 14:16:30: Company:
    2012-05-13 14:16:30: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: TapiSrv
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\tapisrv.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
    2012-05-13 14:16:31: ServiceDLL: System32\tapisrv.dll
    2012-05-13 14:16:31: File size: 241664
    2012-05-13 14:16:31: DLL File name: tapisrv.dll
    2012-05-13 14:16:31: Original File Name: TAPISRV.EXE.MUI
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: TBS
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\tbssvc.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\tbssvc.dll,-101
    2012-05-13 14:16:31: ServiceDLL: System32\tbssvc.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: tbssvc.dll
    2012-05-13 14:16:31: Original File Name: TBSSVC.DLL.MUI
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: TermService
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\termsrv.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
    2012-05-13 14:16:31: Description: @%SystemRoot%\System32\termsrv.dll,-267
    2012-05-13 14:16:31: ServiceDLL: System32\termsrv.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: termsrv.dll
    2012-05-13 14:16:31: Original File Name: termsrv.dll.mui
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: Themes
    2012-05-13 14:16:31: Real Path: C:\Windows\system32\themeservice.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
    2012-05-13 14:16:31: Description: @%SystemRoot%\System32\themeservice.dll,-8193
    2012-05-13 14:16:31: ServiceDLL: system32\themeservice.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: themeservice.dll
    2012-05-13 14:16:31: Original File Name: THEMESERVICE.DLL.MUI
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: THREADORDER
    2012-05-13 14:16:31: Real Path: C:\Windows\system32\mmcss.dll
    2012-05-13 14:16:31: Display Name: @%systemroot%\system32\mmcss.dll,-102
    2012-05-13 14:16:31: Description: @%systemroot%\system32\mmcss.dll,-103
    2012-05-13 14:16:31: ServiceDLL: system32\mmcss.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: mmcss.dll
    2012-05-13 14:16:31: Original File Name: mmcss.dll.mui
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: TrkWks
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\trkwks.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\trkwks.dll,-2
    2012-05-13 14:16:31: ServiceDLL: System32\trkwks.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: trkwks.dll
    2012-05-13 14:16:31: Original File Name: trkwks.dll.mui
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: !!!!!!!
    2012-05-13 14:16:31: Found Service: upnphost
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\upnphost.dll
    2012-05-13 14:16:31: Display Name: @%systemroot%\system32\upnphost.dll,-213
    2012-05-13 14:16:31: Description: @%systemroot%\system32\upnphost.dll,-214
    2012-05-13 14:16:31: ServiceDLL: System32\upnphost.dll
    2012-05-13 14:16:31: File size: 266752
    2012-05-13 14:16:31: DLL File name: upnphost.dll
    2012-05-13 14:16:31: Original File Name: unpnhost.dll.mui
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541
    2012-05-13 14:16:31: !!!!!!!!!
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: UxSms
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\uxsms.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\dwm.exe,-2001
    2012-05-13 14:16:31: ServiceDLL: System32\uxsms.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: uxsms.dll
    2012-05-13 14:16:31: Original File Name: UxSms.dll
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: W32Time
    2012-05-13 14:16:31: Real Path: C:\Windows\system32\w32time.dll
    2012-05-13 14:16:31: Display Name: Windows Time
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\w32time.dll,-201
    2012-05-13 14:16:31: ServiceDLL: system32\w32time.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: w32time.dll
    2012-05-13 14:16:31: Original File Name: w32time.dll.mui
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: WbioSrvc
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\wbiosrvc.dll
    2012-05-13 14:16:31: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
    2012-05-13 14:16:31: Description: @%systemroot%\system32\wbiosrvc.dll,-101
    2012-05-13 14:16:31: ServiceDLL: System32\wbiosrvc.dll
    2012-05-13 14:16:31: File size: 0
    2012-05-13 14:16:31: DLL File name: wbiosrvc.dll
    2012-05-13 14:16:31: Original File Name: wbiosrvc.dll.mui
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time:
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: wcncsvc
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\wcncsvc.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
    2012-05-13 14:16:31: ServiceDLL: System32\wcncsvc.dll
    2012-05-13 14:16:31: File size: 276992
    2012-05-13 14:16:31: DLL File name: wcncsvc.dll
    2012-05-13 14:16:31: Original File Name: WCNCSVC.DLL.MUI
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time: 20100914020714 20120512003018 20120512003018
    2012-05-13 14:16:31: ---------------------------------------------------------------------
    2012-05-13 14:16:31: Found Service: WcsPlugInService
    2012-05-13 14:16:31: Real Path: C:\Windows\System32\WcsPlugInService.dll
    2012-05-13 14:16:31: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
    2012-05-13 14:16:31: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
    2012-05-13 14:16:31: ServiceDLL: System32\WcsPlugInService.dll
    2012-05-13 14:16:31: File size: 32768
    2012-05-13 14:16:31: DLL File name: WcsPlugInService.dll
    2012-05-13 14:16:31: Original File Name: WcsPlugInService.DLL.MUI
    2012-05-13 14:16:31: Company:
    2012-05-13 14:16:31: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513
    2012-05-13 14:16:32: ---------------------------------------------------------------------
    2012-05-13 14:16:32: Found Service: WdiServiceHost
    2012-05-13 14:16:32: Real Path: C:\Windows\system32\wdi.dll
    2012-05-13 14:16:32: Display Name: @%systemroot%\system32\wdi.dll,-502
    2012-05-13 14:16:32: Description: @%systemroot%\system32\wdi.dll,-503
    2012-05-13 14:16:32: ServiceDLL: system32\wdi.dll
    2012-05-13 14:16:32: File size: 76288
    2012-05-13 14:16:32: DLL File name: wdi.dll
    2012-05-13 14:16:32: Original File Name: wdi.dll.mui
    2012-05-13 14:16:32: Company:
    2012-05-13 14:16:32: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
    2012-05-13 14:16:32: ---------------------------------------------------------------------
    2012-05-13 14:16:32: Found Service: WdiSystemHost
    2012-05-13 14:16:32: Real Path: C:\Windows\system32\wdi.dll
    2012-05-13 14:16:32: Display Name: @%systemroot%\system32\wdi.dll,-500
    2012-05-13 14:16:32: Description: @%systemroot%\system32\wdi.dll,-501
    2012-05-13 14:16:32: ServiceDLL: system32\wdi.dll
    2012-05-13 14:16:32: File size: 76288
    2012-05-13 14:16:32: DLL File name: wdi.dll
    2012-05-13 14:16:32: Original File Name: wdi.dll.mui
    2012-05-13 14:16:32: Company:
    2012-05-13 14:16:32: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947
    2012-05-13 14:16:32: !!!!!!!
    2012-05-13 14:16:32: Found Service: WebClient
    2012-05-13 14:16:32: Real Path: C:\Windows\System32\webclnt.dll
    2012-05-13 14:16:32: Display Name: @%systemroot%\system32\webclnt.dll,-100
    2012-05-13 14:16:32: Description: @%systemroot%\system32\webclnt.dll,-101
    2012-05-13 14:16:32: ServiceDLL: System32\webclnt.dll
    2012-05-13 14:16:32: File size: 204800
    2012-05-13 14:16:32: DLL File name: webclnt.dll
    2012-05-13 14:16:32: Original File Name: davsvc.dll.mui
    2012-05-13 14:16:32: Company:
    2012-05-13 14:16:32: Mod/Cre/Acc time: 20101221013821 20120512000202 20120512000202
    2012-05-13 14:16:32: !!!!!!!!!
    2012-05-13 14:16:32: ---------------------------------------------------------------------
    2012-05-13 14:16:32: Found Service: Wecsvc
    2012-05-13 14:16:32: Real Path: C:\Windows\system32\wecsvc.dll
    2012-05-13 14:16:32: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
    2012-05-13 14:16:32: Description: @%SystemRoot%\system32\wecsvc.dll,-201
    2012-05-13 14:16:32: ServiceDLL: system32\wecsvc.dll
    2012-05-13 14:16:32: File size: 0
    2012-05-13 14:16:32: DLL File name: wecsvc.dll
    2012-05-13 14:16:32: Original File Name: wecsvc.dll.mui
    2012-05-13 14:16:32: Company:
    2012-05-13 14:16:32: Mod/Cre/Acc time:
    2012-05-13 14:16:33: !!!!!!!
    2012-05-13 14:16:33: Found Service: wercplsupport
    2012-05-13 14:16:33: Real Path: C:\Windows\System32\wercplsupport.dll
    2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
    2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
    2012-05-13 14:16:33: ServiceDLL: System32\wercplsupport.dll
    2012-05-13 14:16:33: File size: 0
    2012-05-13 14:16:33: DLL File name: wercplsupport.dll
    2012-05-13 14:16:33: Original File Name: ERC
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time:
    2012-05-13 14:16:33: !!!!!!!!!
    2012-05-13 14:16:33: !!!!!!!
    2012-05-13 14:16:33: Found Service: WerSvc
    2012-05-13 14:16:33: Real Path: C:\Windows\System32\WerSvc.dll
    2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
    2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wersvc.dll,-101
    2012-05-13 14:16:33: ServiceDLL: System32\WerSvc.dll
    2012-05-13 14:16:33: File size: 0
    2012-05-13 14:16:33: DLL File name: WerSvc.dll
    2012-05-13 14:16:33: Original File Name: wersvc
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time:
    2012-05-13 14:16:33: !!!!!!!!!
    2012-05-13 14:16:33: ---------------------------------------------------------------------
    2012-05-13 14:16:33: Found Service: Winmgmt
    2012-05-13 14:16:33: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
    2012-05-13 14:16:33: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
    2012-05-13 14:16:33: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
    2012-05-13 14:16:33: ServiceDLL: system32\wbem\WMIsvc.dll
    2012-05-13 14:16:33: File size: 0
    2012-05-13 14:16:33: DLL File name: WMIsvc.dll
    2012-05-13 14:16:33: Original File Name: wmisvc.dll.mui
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time:
    2012-05-13 14:16:33: ---------------------------------------------------------------------
    2012-05-13 14:16:33: Found Service: WinRM
    2012-05-13 14:16:33: Real Path: C:\Windows\system32\WsmSvc.dll
    2012-05-13 14:16:33: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
    2012-05-13 14:16:33: Description: @%Systemroot%\system32\wsmsvc.dll,-102
    2012-05-13 14:16:33: ServiceDLL: system32\WsmSvc.dll
    2012-05-13 14:16:33: File size: 1175040
    2012-05-13 14:16:33: DLL File name: WsmSvc.dll
    2012-05-13 14:16:33: Original File Name: WsmSvc.dll.mui
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143
    2012-05-13 14:16:33: ---------------------------------------------------------------------
    2012-05-13 14:16:33: Found Service: Wlansvc
    2012-05-13 14:16:33: Real Path: C:\Windows\System32\wlansvc.dll
    2012-05-13 14:16:33: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
    2012-05-13 14:16:33: Description: @%SystemRoot%\System32\wlansvc.dll,-258
    2012-05-13 14:16:33: ServiceDLL: System32\wlansvc.dll
    2012-05-13 14:16:33: File size: 0
    2012-05-13 14:16:33: DLL File name: wlansvc.dll
    2012-05-13 14:16:33: Original File Name: wlansvc.dll.mui
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time:
    2012-05-13 14:16:33: ---------------------------------------------------------------------
    2012-05-13 14:16:33: Found Service: WPCSvc
    2012-05-13 14:16:33: Real Path: C:\Windows\System32\wpcsvc.dll
    2012-05-13 14:16:33: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
    2012-05-13 14:16:33: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
    2012-05-13 14:16:33: ServiceDLL: System32\wpcsvc.dll
    2012-05-13 14:16:33: File size: 10752
    2012-05-13 14:16:33: DLL File name: wpcsvc.dll
    2012-05-13 14:16:33: Original File Name: wpcsvc.exe.mui
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010
    2012-05-13 14:16:33: ---------------------------------------------------------------------
    2012-05-13 14:16:33: Found Service: WPDBusEnum
    2012-05-13 14:16:33: Real Path: C:\Windows\system32\wpdbusenum.dll
    2012-05-13 14:16:33: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
    2012-05-13 14:16:33: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
    2012-05-13 14:16:33: ServiceDLL: system32\wpdbusenum.dll
    2012-05-13 14:16:33: File size: 0
    2012-05-13 14:16:33: DLL File name: wpdbusenum.dll
    2012-05-13 14:16:33: Original File Name: WpdBusEnum.DLL.MUI
    2012-05-13 14:16:33: Company:
    2012-05-13 14:16:33: Mod/Cre/Acc time:
    2012-05-13 14:16:34: ---------------------------------------------------------------------
    2012-05-13 14:16:34: Found Service: wuauserv
    2012-05-13 14:16:34: Real Path: C:\Windows\system32\wuaueng.dll
    2012-05-13 14:16:34: Display Name: @%systemroot%\system32\wuaueng.dll,-105
    2012-05-13 14:16:34: Description: @%systemroot%\system32\wuaueng.dll,-106
    2012-05-13 14:16:34: ServiceDLL: system32\wuaueng.dll
    2012-05-13 14:16:34: File size: 0
    2012-05-13 14:16:34: DLL File name: wuaueng.dll
    2012-05-13 14:16:34: Original File Name: wuaueng.dll.mui
    2012-05-13 14:16:34: Company:
    2012-05-13 14:16:34: Mod/Cre/Acc time:
    2012-05-13 14:16:34: ---------------------------------------------------------------------
    2012-05-13 14:16:34: Found Service: wudfsvc
    2012-05-13 14:16:34: Real Path: C:\Windows\System32\WUDFSvc.dll
    2012-05-13 14:16:34: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
    2012-05-13 14:16:34: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
    2012-05-13 14:16:34: ServiceDLL: System32\WUDFSvc.dll
    2012-05-13 14:16:34: File size: 0
    2012-05-13 14:16:34: DLL File name: WUDFSvc.dll
    2012-05-13 14:16:34: Original File Name: WUDFSvc.dll.mui
    2012-05-13 14:16:34: Company:
    2012-05-13 14:16:34: Mod/Cre/Acc time:
    2012-05-13 14:16:34: ---------------------------------------------------------------------
    2012-05-13 14:16:34: Found Service: WwanSvc
    2012-05-13 14:16:34: Real Path: C:\Windows\System32\wwansvc.dll
    2012-05-13 14:16:34: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
    2012-05-13 14:16:34: Description: @%SystemRoot%\System32\wwansvc.dll,-258
    2012-05-13 14:16:34: ServiceDLL: System32\wwansvc.dll
    2012-05-13 14:16:34: File size: 0
    2012-05-13 14:16:34: DLL File name: wwansvc.dll
    2012-05-13 14:16:34: Original File Name: WwanSvc.dll.mui
    2012-05-13 14:16:34: Company:
    2012-05-13 14:16:34: Mod/Cre/Acc time:
    2012-05-13 14:16:34:
    2012-05-13 14:16:34: Looking for SHELL key
    2012-05-13 14:16:34: Now looking for bad DLL files in system32
    2012-05-13 14:17:53: Folder: GAC
    2012-05-13 14:17:53: Folder: GAC_32
    2012-05-13 14:17:53: Folder: GAC_64
    2012-05-13 14:17:53: Folder: GAC_MSIL
    2012-05-13 14:17:53: Folder: NativeImages_v2.0.50727_32
    2012-05-13 14:17:53: Folder: NativeImages_v2.0.50727_64
    2012-05-13 14:17:54: Folder: temp
    2012-05-13 14:17:54: Folder: tmp
    2012-05-13 14:17:54: Checking for bad folder
    2012-05-13 14:17:54: Found 1 folders.
    2012-05-13 14:17:54: Checking C:\Windows\assembly\tmp
    2012-05-13 14:17:54: ... Folder test returns: 1
    2012-05-13 14:17:54: Done with folder list in C:\Windows\assembly\ tmp
    2012-05-13 14:17:54: Autonomous mode, clearing out yt folder
    2012-05-13 14:17:54: cmd.exe /c start "C:\Users\brandon\Desktop\yorkyt.exe"
    2012-05-13 14:18:05: Restarting...
    2012-05-13 14:19:55: ****************************************************
    2012-05-13 14:19:55: Starting UP ... v 0.0.0.220
    2012-05-13 14:19:55: ****************************************************
    2012-05-13 14:19:58: Stop TPSRV returns: 2
    2012-05-13 14:20:14: Listing processes...
    2012-05-13 14:20:14: :[System Process]:0
    2012-05-13 14:20:14: :System:4
    2012-05-13 14:20:14: :smss.exe:268
    2012-05-13 14:20:14: :csrss.exe:400
    2012-05-13 14:20:14: :wininit.exe:460
    2012-05-13 14:20:14: :csrss.exe:472
    2012-05-13 14:20:14: :services.exe:520
    2012-05-13 14:20:14: :lsass.exe:532
    2012-05-13 14:20:14: :lsm.exe:540
    2012-05-13 14:20:14: :winlogon.exe:568
    2012-05-13 14:20:14: :svchost.exe:688
    2012-05-13 14:20:14: :svchost.exe:756
    2012-05-13 14:20:14: :atiesrxx.exe:808
    2012-05-13 14:20:14: :svchost.exe:900
    2012-05-13 14:20:14: :svchost.exe:940
    2012-05-13 14:20:14: :svchost.exe:968
    2012-05-13 14:20:14: :audiodg.exe:332
    2012-05-13 14:20:14: :svchost.exe:632
    2012-05-13 14:20:14: :atieclxx.exe:1040
    2012-05-13 14:20:14: :svchost.exe:1144
    2012-05-13 14:20:14: :wlanext.exe:1252
    2012-05-13 14:20:14: :conhost.exe:1260
    2012-05-13 14:20:14: :spoolsv.exe:1360
    2012-05-13 14:20:14: :svchost.exe:1392
    2012-05-13 14:20:14: :svchost.exe:1500
    2012-05-13 14:20:14: :AERTSr64.exe:1528
    2012-05-13 14:20:14: :CinemaNowSvc.exe:1548
    2012-05-13 14:20:14: :presentationFontCache.exe:1612
    2012-05-13 14:20:14: :HPDrvMntSvc.exe:1712
    2012-05-13 14:20:14: :HPWMISVC.exe:1744
    2012-05-13 14:20:14: :ccsvchst.exe:1828
    2012-05-13 14:20:14: :svchost.exe:1932
    2012-05-13 14:20:14: :SeaPort.exe:1964
    2012-05-13 14:20:14: :svchost.exe:2024
    2012-05-13 14:20:14: :WLIDSVC.EXE:1124
    2012-05-13 14:20:14: :taskhost.exe:2052
    2012-05-13 14:20:14: :SearchIndexer.exe:2332
    2012-05-13 14:20:14: :WmiPrvSE.exe:2420
    2012-05-13 14:20:14: :dwm.exe:2448
    2012-05-13 14:20:14: :explorer.exe:2472
    2012-05-13 14:20:14: :WLIDSVCM.EXE:2492
    2012-05-13 14:20:14: :ccsvchst.exe:2736
    2012-05-13 14:20:14: :yorkyt.exe:2608
    2012-05-13 14:20:14: :SynTPEnh.exe:2540
    2012-05-13 14:20:14: :rundll32.exe:3120
    2012-05-13 14:20:14: :SearchProtocolHost.exe:3184
    2012-05-13 14:20:15: :SearchFilterHost.exe:3208
    2012-05-13 14:20:15: :SynTPHelper.exe:3296
    2012-05-13 14:20:15: :wmpnetwk.exe:3592
    2012-05-13 14:20:15: :svchost.exe:3636
    2012-05-13 14:20:15: :WmiPrvSE.exe:3872
    2012-05-13 14:20:15:
    2012-05-13 14:20:15: Starting cleanup mode...
    2012-05-13 14:21:14: ... Done with files, now folders
    2012-05-13 14:21:51: All DONE




    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.05.13.04
    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    brandon :: BRANDON-HP [administrator]
    5/13/2012 2:54:25 PM
    mbam-log-2012-05-13 (14-54-25).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 198142
    Time elapsed: 4 minute(s), 12 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 1
    HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^Z^ -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)



    Assuming that your expertise has healed (or is in the process of healing) this infected computer, would you recommend running the same logs for other laptops that connect to our secure router? If so, would you be willing to work with me? You are a SUPER TEACHER/TECH :D

    Look forward to 'seeing' you again, Cindy
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Re-run DDS and post fresh DDS.txt, no need for Attach.txt this time...
     
  8. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    Wowsers! Thanks for that Lightening-fast reply, Kevin!

    Here's the (good?) news -


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by brandon at 15:22:39 on 2012-05-13
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.863 [GMT -4:00]
    .
    AV: Norton Security Suite *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [<NO NAME>]
    StartupFolder: C:\Users\brandon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 40.5.1.100
    TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{87F9FD09-495B-40C5-93E8-98AF83A14897}\0757274697 : DhcpNameServer = 10.1.10.1
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [(Default)]
    IE-X64: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-7 1160824]
    R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-9 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-5-11 130008]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-9 138360]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-13 18:52:37 -------- d-----w- C:\Users\brandon\AppData\Roaming\Malwarebytes
    2012-05-13 18:52:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-13 18:52:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-13 18:52:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-12 05:56:31 778088 ---ha-w- C:\Windows\System32\HPDiscoPMa011.dll
    2012-05-12 05:54:12 -------- d-----w- C:\Program Files\HP
    2012-05-12 04:30:18 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2012-05-12 04:30:18 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2012-05-12 04:17:44 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2012-05-12 04:17:44 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2012-05-12 04:17:44 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-05-12 04:17:44 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2012-05-12 04:17:44 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2012-05-12 04:17:44 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2012-05-12 04:17:44 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2012-05-12 04:17:44 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-05-12 04:17:44 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-05-12 04:17:44 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2012-05-12 04:01:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2012-05-12 04:00:54 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2012-05-12 03:59:59 2326016 ----a-w- C:\Windows\System32\tquery.dll
    2012-05-12 03:45:19 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2012-05-12 03:45:19 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2012-05-12 03:45:18 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2012-05-12 03:45:18 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2012-05-12 03:45:01 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2012-05-12 03:45:01 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2012-05-12 03:44:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-05-12 03:44:54 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-05-12 03:44:47 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-05-12 03:44:47 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2012-05-12 03:44:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-05-12 03:40:30 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2012-05-12 03:40:27 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2012-05-12 03:40:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2012-05-12 03:40:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2012-05-12 03:40:20 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-05-12 03:40:20 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-05-12 03:40:19 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-05-12 03:35:11 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2012-05-12 03:33:19 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2012-05-12 03:33:18 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2012-05-12 03:32:33 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-05-12 03:32:33 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2012-05-12 03:32:33 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2012-05-12 03:32:33 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2012-05-12 03:32:32 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2012-05-12 03:32:32 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
    2012-05-12 03:32:31 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
    2012-05-12 03:32:31 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
    2012-05-12 03:32:31 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2012-05-12 03:32:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
    2012-05-12 03:29:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-05-12 03:29:54 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-05-12 03:29:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-05-12 03:29:45 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-05-12 03:18:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-05-12 03:18:31 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-05-12 03:18:31 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-05-12 03:18:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-05-12 03:18:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-05-12 03:18:31 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-05-12 03:18:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-05-12 03:15:56 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2012-05-12 03:15:56 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2012-05-12 03:15:54 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2012-05-12 03:15:54 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2012-05-12 03:14:20 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2012-05-12 03:14:20 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2012-05-12 03:14:19 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2012-05-12 03:14:19 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2012-05-12 03:14:08 112000 ----a-w- C:\Windows\System32\consent.exe
    2012-05-12 03:12:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2012-05-12 03:12:25 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-05-12 03:12:25 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-05-12 03:12:19 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12:19 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 03:12:14 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2012-05-12 03:12:14 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2012-05-12 03:11:51 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2012-05-12 03:11:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2012-05-12 03:11:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2012-05-12 03:11:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2012-05-12 03:11:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2012-05-12 03:11:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2012-05-12 03:11:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-05-12 03:11:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2012-05-12 03:11:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2012-05-12 03:11:22 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2012-05-12 03:11:21 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2012-05-12 03:02:33 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-12 03:02:05 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2012-05-12 03:02:05 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2012-05-12 02:58:07 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-05-12 02:58:06 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-05-12 02:58:04 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2012-05-12 02:58:03 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2012-05-12 02:57:48 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-05-12 02:57:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-05-12 02:55:19 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-05-12 02:55:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-05-12 02:55:19 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-05-12 02:55:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-05-12 01:50:44 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
    2012-05-12 01:50:44 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
    2012-05-12 01:50:44 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
    2012-05-12 01:50:44 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
    2012-05-12 01:50:44 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
    2012-05-12 01:50:44 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
    2012-05-12 01:50:27 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
    2012-05-10 00:57:30 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
    2012-05-10 00:35:43 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Symantec
    2012-05-10 00:35:43 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-05-10 00:34:52 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2012-05-10 00:34:50 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
    2012-05-10 00:34:42 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-05-10 00:29:52 -------- d-----w- C:\Users\brandon\AppData\Local\LogMeIn Rescue Applet
    2012-05-07 04:38:34 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-05-07 00:51:11 -------- d-----w- C:\Users\brandon\AppData\Local\VS Revo Group
    2012-05-07 00:51:07 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2012-05-07 00:51:06 -------- d-----w- C:\Program Files\VS Revo Group
    2012-05-06 23:08:58 -------- d-----w- C:\ProgramData\GID
    2012-05-06 19:38:32 -------- d-----w- C:\Windows\pss
    2012-04-23 03:07:21 -------- d-----w- C:\ProgramData\Recovery
    2012-04-23 02:08:52 -------- d-----w- C:\N360_BACKUP
    2012-04-23 01:36:49 -------- d-----w- C:\Users\brandon\AppData\Local\NPE
    2012-04-22 21:19:29 -------- d-----w- C:\Users\brandon\AppData\Local\ElevatedDiagnostics
    2012-04-13 23:47:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2012-05-10 00:54:48 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
    2012-05-06 23:11:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 23:11:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-26 04:03:12 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2012-03-26 04:03:12 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2012-03-26 04:03:12 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2012-03-26 04:03:12 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
    2012-03-26 04:03:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
    2012-03-26 04:03:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
    2012-03-26 04:03:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2012-03-26 04:03:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
    2012-03-26 04:03:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
    2012-03-26 04:03:02 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
    2012-03-26 04:02:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll
    2012-03-17 07:55:58 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-15 01:29:56 12942400 ----a-w- C:\Users\brandon\HRBlock_DeluxeSE_2011_Update_C.exe
    2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
    2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 15:24:32.77 ===============
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Continue as follows:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  10. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    quick question -

    (hope I didn't mess this up but) It's been over twenty minutes since I started the ComboFix scan - and having bumped the computer (NO CLICKS, but the mouse passed over the icon/window that is running ComboFix) AND I am getting occassional notices from Norton stating that 'High CPU usage by: pev.3xe' (even tho I disabled Norton anti-virus for five hours);

    I'm wondering if I need to stop and re-start? It has been on Stage 3 for at least 20 mins. If so, please tell me how to safely stop and re-start.

    Sorry :(
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    If Combofix has frozen it could be malware or your security that is interfering. leave another 15 mins, if still frozen do this:

    Open Task Manager and look for the following ComboFix related processes (some have a .3XE extension):

    PEV.exe
    NirCmd.3XE
    PEV.3XE
    SED
    GREP
    any file that has the extension *.3XE



    One at a time, right-click and select End Process. If doing that did not free ComboFix, then you will need to reboot the computer manually.

    Let me know what happens...
     
  12. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    I waited till it had run an hour and then clicked the red X to shut it down :(

    Then I made sure Norton was totally disabled and

    Finally, I re-launched and it is on Stage 3 again.

    Hey,,,,just moved on to Stage 4.....this could be good news.

    I'll post asap
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Do not use your PC as Combofix runs or you will cause it to freeze.....
     
  14. cinderblock

    cinderblock Thread Starter

    Joined:
    May 9, 2012
    Messages:
    91
    I've been sending replies from another computer.

    Does the infected computer need an internet connection?

    I have noticed, in both cases, I do not get the "ComboFix has changed your time settings"

    In all cases, it has made it to Stage 4 fairly quickly and then hangs up.
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    There is no requirement for an internet connection, obviously you will have to transfer tools/logs between the infected no internet PC and a PC with a connection.

    Does the sick PC have no internet?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1052576