Logs - Google redirect

**tmlang74** · 08-04-2012 07:24 PM

I was able to use Revo to uninstall Page rage. I am still having redirects.

**fireman4it** · 08-05-2012 09:53 AM

1.
Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

3.

1. Please download OTL from one of the following mirrors:

This is THE Mirror
2. Save it to your desktop.
3. Double click on the

icon on your desktop.
4. Under the Custom Scan box paste this in

Code:

c:\windows\*. /SL
c:\windows\*. /RP 
netsvcs
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\drivers\*.sys /90

5. Push the Quick Scan button.
6. Two reports will open, copy and paste them in a reply here:

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

**tmlang74** · 08-05-2012 09:02 PM

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-05 19:31:33
-----------------------------
19:31:33.824 OS Version: Windows x64 6.0.6002 Service Pack 2
19:31:33.825 Number of processors: 2 586 0x170A
19:31:33.825 ComputerName: KATHY-PC UserName: Kathy
19:31:35.735 Initialize success
19:31:36.062 AVAST engine defs: 12080501
19:31:39.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:31:39.256 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 3
19:31:39.296 Disk 0 MBR read successfully
19:31:39.299 Disk 0 MBR scan
19:31:39.305 Disk 0 Windows VISTA default MBR code
19:31:39.309 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
19:31:39.339 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
19:31:39.352 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294925 MB offset 21133312
19:31:39.370 Disk 0 scanning C:\Windows\system32\drivers
19:31:47.383 Service scanning
19:32:07.977 Modules scanning
19:32:07.985 Disk 0 trace - called modules:
19:32:08.008 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:32:08.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d86300]
19:32:08.019 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa80062e1110]
19:32:08.024 5 PCTCore64.sys[fffffa6000aeb720] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bb64b0]
19:32:09.355 AVAST engine scan C:\Windows
19:32:12.931 AVAST engine scan C:\Windows\system32
19:36:34.055 AVAST engine scan C:\Windows\system32\drivers
19:36:56.965 AVAST engine scan C:\Users\Kathy
19:38:03.440 Disk 0 MBR has been saved successfully to "C:\Users\Kathy\Desktop\MBR.dat"
19:38:03.448 The log file has been saved successfully to "C:\Users\Kathy\Desktop\aswMBR.txt"

OTL logfile created on: 8/5/2012 9:33:03 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Kathy\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.95% Memory free
8.09 Gb Paging File | 6.49 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 212.82 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.00 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

Computer Name: KATHY-PC | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 20:17:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL(1).exe
PRC - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/05 18:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2008/09/05 18:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/09/05 18:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2008/07/04 15:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe

========== Modules (No Company Name) ==========

MOD - [2009/09/14 18:36:08 | 000,506,711 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/09/05 18:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2008/09/05 18:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2008/09/05 18:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/11 14:58:48 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/12/22 06:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/22 05:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 05:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/02 21:48:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 20:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/14 12:31:06 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/05 18:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/14 12:31:44 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011/01/13 03:41:44 | 000,273,488 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/01/13 03:40:20 | 000,051,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/01/13 03:37:34 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/01/13 03:37:12 | 000,020,560 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/26 02:46:44 | 000,066,592 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/04/10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/02/06 18:42:12 | 000,061,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/12/22 06:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/22 05:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/17 05:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/24 04:29:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/02 17:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2009/09/15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/07/22 16:15:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/03 17:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/30 20:09:58 | 000,000,000 | ---D | M]

[2009/06/11 14:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2009/06/11 14:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/07/24 19:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\4e2zo0tx.default\extensions
[2012/05/17 22:13:57 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\4e2zo0tx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/03 17:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/19 22:40:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2009/09/18 13:10:03 | 000,003,700 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.png
[2009/09/18 13:10:06 | 000,001,963 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fast.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - Extension: YouTube = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/21 16:19:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.2 4.2.2.1 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E2FAA2A-D7E5-40AC-94F4-6A2D8EF2D11F}: DhcpNameServer = 4.2.2.2 4.2.2.1 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7BAD00A-C8FA-48C5-A7C7-43833CA857E0}: DhcpNameServer = 68.87.73.246 68.87.71.230
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 20:17:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL(1).exe
[2012/08/05 19:29:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kathy\Desktop\aswMBR.exe
[2012/08/04 20:08:04 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\VS Revo Group
[2012/08/04 20:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/08/04 20:08:00 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2012/08/04 20:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/08/04 18:27:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2012/08/03 17:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/03 17:35:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/02 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\temp
[2012/08/02 15:52:35 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2012/08/02 15:50:06 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kathy\Desktop\tdsskiller(6).exe
[2012/08/02 03:54:30 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/30 19:56:29 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\WildTangent
[2012/07/30 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
[2012/07/25 17:56:21 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\DriverCure
[2012/07/25 17:56:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\SpeedyPC Software
[2012/07/25 17:56:11 | 000,000,000 | ---D | C] -- C:\USERS\KATHY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SpeedyPC Software
[2012/07/25 17:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/25 17:51:16 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/07/24 04:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012/07/24 04:31:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/07/24 04:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/07/24 03:10:57 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/23 15:33:57 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Threat Expert
[2012/07/22 16:15:15 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/07/22 16:15:15 | 001,681,368 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/07/22 16:15:15 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/07/22 16:15:15 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/07/22 16:05:44 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/07/22 16:05:44 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/07/22 16:05:41 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/07/22 16:05:41 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/07/22 16:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/07/22 15:48:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/07/22 15:48:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/07/22 15:48:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/07/22 15:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/07/22 15:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/07/22 15:48:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/07/22 15:43:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/22 15:15:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/07/22 10:07:18 | 000,000,000 | ---D | C] -- C:\USERS\KATHY\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SpyHunter
[2012/07/22 10:07:17 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/22 10:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/21 16:25:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 16:00:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/21 16:00:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/21 16:00:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/21 16:00:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/21 15:59:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/21 15:52:59 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Pictures
[2012/07/21 15:52:35 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\PCTools
[2012/07/21 09:50:16 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/07/21 09:49:58 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/21 09:49:58 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/21 09:49:53 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/07/21 09:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/21 09:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/07/21 09:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/21 09:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/21 09:35:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\TestApp
[2012/07/21 09:29:39 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\GetRightToGo
[2012/07/21 08:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/21 08:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/21 08:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/20 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 21:43:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 21:37:52 | 004,180,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/05 21:37:52 | 004,133,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/05 21:37:52 | 001,358,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/05 21:31:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 21:31:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 21:31:11 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 21:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 21:30:58 | 4251,865,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 21:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 20:17:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL(1).exe
[2012/08/05 19:38:43 | 001,415,784 | ---- | M] () -- C:\Users\Kathy\Desktop\yorkyt.exe
[2012/08/05 19:38:03 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2012/08/05 19:31:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kathy\Desktop\aswMBR.exe
[2012/08/04 22:26:45 | 000,002,312 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2012/08/04 20:08:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/08/04 18:28:53 | 001,552,896 | ---- | M] () -- C:\Users\Kathy\Desktop\RogueKiller(1).exe
[2012/08/03 20:04:14 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/03 17:39:45 | 000,000,874 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/03 17:39:45 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/02 15:52:52 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2012/08/02 15:50:33 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathy\Desktop\tdsskiller(6).exe
[2012/07/30 19:56:14 | 000,002,344 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - dell.lnk
[2012/07/25 20:48:56 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/07/25 17:56:22 | 000,001,885 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2012/07/25 17:00:00 | 000,000,732 | ---- | M] () -- C:\Users\Kathy\AppData\Local\d3d9caps64.dat
[2012/07/25 16:51:05 | 000,000,975 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/25 15:39:13 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012/07/25 15:39:13 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012/07/25 15:39:13 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012/07/25 15:39:13 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012/07/25 15:38:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/25 15:38:52 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/25 15:38:48 | 003,256,498 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/24 21:34:32 | 001,008,141 | ---- | M] () -- C:\Users\Kathy\Desktop\rkill.com
[2012/07/24 04:34:04 | 000,380,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/24 04:31:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/07/21 16:19:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 08:45:14 | 000,001,123 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/14 13:14:47 | 000,117,327 | ---- | M] () -- C:\Users\Kathy\Documents\EnvelopePDF.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 19:38:33 | 001,415,784 | ---- | C] () -- C:\Users\Kathy\Desktop\yorkyt.exe
[2012/08/05 19:38:03 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2012/08/04 20:08:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/08/04 18:28:51 | 001,552,896 | ---- | C] () -- C:\Users\Kathy\Desktop\RogueKiller(1).exe
[2012/08/03 17:39:45 | 000,000,874 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/03 17:39:45 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/03 17:39:45 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/30 19:56:09 | 000,002,344 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - dell.lnk
[2012/07/30 19:56:09 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - dell.lnk
[2012/07/25 17:42:23 | 4251,865,088 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/25 15:38:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/25 15:38:52 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/24 21:34:26 | 001,008,141 | ---- | C] () -- C:\Users\Kathy\Desktop\rkill.com
[2012/07/24 04:31:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/07/22 16:15:15 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/07/22 16:15:15 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/07/22 16:15:15 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/07/22 16:15:15 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/07/22 16:15:15 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/07/22 16:05:46 | 003,256,498 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/22 15:19:57 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2012/07/22 15:19:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/22 15:19:47 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2012/07/22 15:19:47 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2012/07/22 15:19:40 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2012/07/22 15:19:35 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2012/07/22 15:19:34 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2012/07/22 15:19:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/07/22 15:18:53 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012/07/22 15:18:53 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2012/07/22 15:18:50 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/07/22 15:18:32 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2012/07/22 15:18:25 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2012/07/22 15:18:24 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/07/22 15:18:23 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2012/07/22 15:18:23 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2012/07/21 16:00:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/21 16:00:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/21 16:00:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/21 16:00:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/21 16:00:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/21 08:45:14 | 000,001,123 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/20 20:18:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/14 13:14:47 | 000,117,327 | ---- | C] () -- C:\Users\Kathy\Documents\EnvelopePDF.pdf
[2010/10/04 23:04:07 | 001,938,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/25 12:40:25 | 000,000,732 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps64.dat
[2009/07/06 15:11:01 | 000,006,080 | ---- | C] () -- C:\Users\Kathy\AppData\Local\d3d9caps.dat
[2009/06/12 20:32:45 | 000,004,646 | ---- | C] () -- C:\Users\Kathy\AppData\Roaming\wklnhst.dat
[2009/06/10 16:14:42 | 000,007,168 | ---- | C] () -- C:\Users\Kathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/01/14 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/25 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\DriverCure
[2009/06/11 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Flickr
[2012/07/21 09:49:30 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\GetRightToGo
[2009/06/19 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Patches
[2012/07/21 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PCTools
[2009/07/04 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PlayFirst
[2012/07/25 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\SpeedyPC Software
[2009/06/12 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Template
[2012/07/21 09:35:58 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\TestApp
[2012/07/30 19:56:37 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WildTangent
[2009/06/19 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Windows Live Writer
[2010/03/29 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WinPatrol
[2012/08/05 21:29:47 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/01/14 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Adobe
[2011/01/14 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/19 18:08:45 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Creative
[2009/06/09 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Dell
[2012/07/25 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\DriverCure
[2009/06/11 14:38:18 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Flickr
[2012/07/21 09:49:30 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\GetRightToGo
[2009/06/09 22:11:44 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Identities
[2009/06/09 22:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Macromedia
[2010/03/24 22:28:30 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2006/11/02 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Media Center Programs
[2012/07/22 10:07:28 | 000,000,000 | --SD | M] -- C:\Users\Kathy\AppData\Roaming\Microsoft
[2009/06/09 23:09:14 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Mozilla
[2009/06/19 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Patches
[2012/07/21 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PCTools
[2009/07/04 15:18:12 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\PlayFirst
[2012/07/25 17:56:20 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\SpeedyPC Software
[2009/10/11 18:50:16 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\SUPERAntiSpyware.com
[2009/06/12 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Template
[2012/07/21 09:35:58 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\TestApp
[2012/07/30 19:56:37 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WildTangent
[2009/06/19 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\Windows Live Writer
[2010/03/29 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\Kathy\AppData\Roaming\WinPatrol

< %APPDATA%\*.exe /s >
[2011/09/25 20:59:27 | 000,038,784 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
[2010/12/21 22:48:07 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Kathy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012/07/22 10:07:28 | 000,110,080 | R--- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
[2012/07/22 10:07:28 | 000,110,080 | R--- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
[2012/07/22 10:07:28 | 000,110,080 | R--- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
[2009/06/19 18:08:52 | 010,372,784 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Patches\FAInstallV2.003.078.Dell.exe
[2012/07/30 19:56:52 | 000,213,504 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\brandinfo_dell_1.0.0.340.exe
[2012/07/30 19:58:20 | 000,692,960 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\brand_1.0.0.558.exe
[2012/07/30 19:56:48 | 000,455,888 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\catalyst_1.0.0.435.exe
[2012/07/30 19:58:11 | 009,455,766 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\game_dinerdash_1.0.1.500.exe
[2012/07/30 19:57:07 | 000,453,808 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\installerui_1.0.0.197.exe
[2012/07/30 19:56:48 | 000,083,304 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\pkgtype_1.0.0.65.exe
[2012/07/30 19:56:58 | 000,232,475 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\prodinfo_dinerdash_1.0.1.206.exe
[2012/08/04 22:26:41 | 004,340,112 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads\dinerdash\Download\wire_1.0.0.212.exe
[2012/05/21 21:34:34 | 000,571,040 | ---- | M] (WildTangent, Inc.) -- C:\Users\Kathy\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

After the OTL log was posted, the scan freezes and gives the following error code. Win32 error Code:23
Data error (cyclic redundancy check)
I tried it several times and was unable to get the Extra.txt report.

**fireman4it** · 08-07-2012 10:47 AM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Driver Cure
Speedy PC

Additional instructions can be found here if needed.

2.
We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox. Do not include the word "Code"

Code:

:Otl
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7BAD00A-C8FA-48C5-A7C7-43833CA857E0}: DhcpNameServer = 68.87.73.246 68.87.71.230
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

:commands
[EMPTYTEMP]
[EMPTYJAVACACHE]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

3.
Please download Malwarebytes Anti-Malware and save it to your desktop.

Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on the renamed file to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Things to include in your next reply::
OTL fix log
MBAM log
Still Redirecting?

**fireman4it** · 08-07-2012 10:47 AM

1.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Driver Cure
Speedy PC

Additional instructions can be found here if needed.

2.
We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox. Do not include the word "Code"

Code:

:Otl
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7BAD00A-C8FA-48C5-A7C7-43833CA857E0}: DhcpNameServer = 68.87.73.246 68.87.71.230
IE - HKCU\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2418376
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

:commands
[EMPTYTEMP]
[EMPTYJAVACACHE]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

3.
Please download Malwarebytes Anti-Malware and save it to your desktop.

Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet and double-click on the renamed file to install the application.
For instructions with screenshots, please refer to this Guide.
When the installation begins, follow the prompts and do not make any changes to default settings.
Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself. Press the OK button and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
Click on the Scan button.
When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Things to include in your next reply::
OTL fix log
MBAM log
Still Redirecting?

**tmlang74** · 08-07-2012 05:45 PM

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cozi\ deleted successfully.
File Protocol\Handler\cozi - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B7BAD00A-C8FA-48C5-A7C7-43833CA857E0}\\DhcpNameServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9565115d-c7d6-46d3-bd63-b67b481a4368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9565115d-c7d6-46d3-bd63-b67b481a4368}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kathy
->Temp folder emptied: 4038917 bytes
->Temporary Internet Files folder emptied: 45059016 bytes
->Java cache emptied: 32323438 bytes
->FireFox cache emptied: 60627959 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2835858 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190063 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 274374 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35878617 bytes
RecycleBin emptied: 6382416 bytes

Total Files Cleaned = 179.00 mb

Error: Unable to interpret <[EMPTYJAVACACHE]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_181631

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/08/07 18:18:56 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast5_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Database version: v2012.08.07.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kathy :: KATHY-PC [administrator]

8/7/2012 6:27:05 PM
mbam-log-2012-08-07 (18-27-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206555
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Yes it is still redirecting.

**fireman4it** · 08-08-2012 04:14 PM

Hello,

Please reset your router again.

1.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.

2.
Please re-run Combofix again and posts its log.

**tmlang74** · 08-09-2012 10:28 PM

ComboFix 12-08-09.01 - Kathy 08/09/2012 23:13:51.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2301 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\combo.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 03:22 . 2012-08-10 03:22 -------- d-----w- c:\users\Kathy\AppData\Local\temp
2012-08-10 03:22 . 2012-08-10 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 02:09 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-07 22:32 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFD11E86-BCC1-4280-BA92-BA7ACEE9625E}\mpengine.dll
2012-08-07 22:16 . 2012-08-07 22:16 -------- d-----w- C:\_OTL
2012-08-05 00:08 . 2012-08-05 00:08 -------- d-----w- c:\users\Kathy\AppData\Local\VS Revo Group
2012-08-05 00:08 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-08-05 00:07 . 2012-08-05 00:07 -------- d-----w- c:\program files\VS Revo Group
2012-08-03 21:39 . 2012-08-07 23:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-02 07:54 . 2012-08-02 07:54 -------- d-----w- C:\FRST
2012-07-30 23:56 . 2012-07-30 23:56 -------- d-----w- c:\users\Kathy\AppData\Roaming\WildTangent
2012-07-30 23:55 . 2012-07-30 23:56 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-07-25 21:56 . 2012-07-25 21:56 -------- d-----w- c:\users\Kathy\AppData\Roaming\DriverCure
2012-07-25 21:56 . 2012-07-25 21:56 -------- d-----w- c:\users\Kathy\AppData\Roaming\SpeedyPC Software
2012-07-25 21:56 . 2012-07-26 00:32 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-25 21:51 . 2012-07-25 21:51 -------- d-----w- C:\MGtools
2012-07-24 15:18 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-07-24 15:18 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-07-24 15:18 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2012-07-24 15:18 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-07-24 15:18 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-07-24 15:18 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-07-24 15:18 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-07-24 15:18 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-07-24 15:18 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-07-24 15:18 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-07-24 14:36 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-07-24 14:36 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-07-24 08:31 . 2012-07-24 08:31 -------- d-----w- c:\windows\SysWow64\spool
2012-07-24 08:31 . 2012-07-24 08:31 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-07-24 08:31 . 2012-07-24 08:31 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-24 08:11 . 2009-10-01 00:52 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-07-24 07:18 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-24 07:18 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-07-24 07:18 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-24 07:18 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-07-24 07:18 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-24 07:18 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-07-24 07:17 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-07-24 07:17 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-07-24 07:17 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-24 07:17 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-24 07:17 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-24 07:17 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-24 07:17 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-24 07:10 . 2012-07-24 07:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-24 07:03 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-23 20:29 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-07-23 20:29 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-23 20:29 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-07-23 20:27 . 2011-10-14 17:31 211968 ----a-w- c:\windows\system32\winmm.dll
2012-07-23 20:27 . 2011-10-14 17:27 48128 ----a-w- c:\windows\system32\mcicda.dll
2012-07-23 20:27 . 2011-10-14 17:27 28672 ----a-w- c:\windows\system32\mciwave.dll
2012-07-23 20:27 . 2011-10-14 17:27 28160 ----a-w- c:\windows\system32\mciseq.dll
2012-07-23 20:27 . 2011-10-14 16:03 189952 ----a-w- c:\windows\SysWow64\winmm.dll
2012-07-23 20:27 . 2011-10-14 16:00 23552 ----a-w- c:\windows\SysWow64\mciseq.dll
2012-07-23 20:21 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-23 20:21 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-23 20:21 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-23 20:20 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-23 20:20 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-07-23 20:20 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-23 20:20 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll
2012-07-23 20:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
2012-07-23 20:19 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-23 20:19 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-23 20:19 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-07-23 20:18 . 2011-11-18 20:55 1585152 ----a-w- c:\windows\system32\ntdll.dll
2012-07-23 20:18 . 2011-11-18 20:55 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-07-23 20:14 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-07-23 20:14 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-07-23 20:05 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-23 20:05 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2012-07-23 20:05 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-07-23 20:05 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-07-23 20:05 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-07-23 20:05 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-23 20:05 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-23 20:05 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-07-23 20:05 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-07-23 20:05 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-07-23 19:40 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-07-23 19:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-07-23 19:40 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-23 19:39 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-23 19:39 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-23 19:39 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-23 19:39 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-23 19:39 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-07-23 19:39 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-07-23 19:39 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-07-23 19:39 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-07-23 19:39 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-23 19:38 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-23 19:33 . 2012-07-23 19:33 -------- d-----w- c:\users\Kathy\AppData\Local\Threat Expert
2012-07-23 19:28 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-23 19:28 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-07-23 19:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-23 19:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-23 19:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-23 19:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-23 19:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-23 19:11 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-07-23 19:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-23 19:11 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-07-23 19:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-23 19:11 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-07-23 19:10 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-23 19:10 . 2012-06-02 19:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-07-23 19:10 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-23 19:10 . 2012-06-02 19:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-07-22 20:15 . 2012-06-14 16:31 85224 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-07-22 20:15 . 2012-06-14 16:31 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-22 20:15 . 2012-06-14 16:31 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-22 20:15 . 2012-06-14 16:31 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-22 20:15 . 2012-06-14 16:31 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-22 20:05 . 2012-02-28 15:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-07-22 20:05 . 2012-02-28 15:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-07-22 20:05 . 2012-05-11 15:09 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-07-22 20:05 . 2012-05-11 15:08 341168 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-07-22 19:48 . 2012-07-22 19:48 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-07-22 19:48 . 2012-07-22 19:48 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-07-22 19:48 . 2012-07-22 19:48 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-07-22 19:48 . 2012-07-22 19:48 -------- d-----w- c:\windows\system32\ca-ES
2012-07-22 19:48 . 2012-07-22 19:48 -------- d-----w- c:\windows\system32\eu-ES
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 01:48 . 2012-04-24 21:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 01:48 . 2011-05-14 14:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 07:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 17:46 . 2010-03-25 02:28 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-07-30 03:11 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-07-30 03:11 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-30 03:11 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2011-07-30 03:11 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-07-30 03:11 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-07-07 01:27 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-03-28 16:54 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-07-30 03:11 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-14 15:03 . 2012-07-22 20:15 3488 ----a-w- c:\windows\UDB.zip
2012-06-14 15:03 . 2012-07-22 20:15 131 ----a-w- c:\windows\IDB.zip
2012-05-31 16:25 . 2010-03-29 20:02 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-02_20.11.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 11:20 . 2007-02-17 14:21 63488 c:\windows\xcacls.exe
+ 2012-07-22 20:15 . 2012-08-10 02:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-22 20:15 . 2012-08-02 19:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-21 03:20 . 2012-08-02 19:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-08-10 02:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-28 21:34 . 2012-08-10 02:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-28 21:34 . 2012-08-02 19:45 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-08-10 02:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-08-02 19:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-08-10 02:19 49284 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-08-10 02:19 87082 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-10 02:12 . 2012-08-10 02:19 15272 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1369408010-4172177456-1871420540-1000_UserData.bin
- 2009-06-10 02:09 . 2012-07-27 00:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-10 02:09 . 2012-08-07 22:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-07 22:34 . 2012-08-07 22:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-10 02:09 . 2012-07-27 00:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-10 02:09 . 2012-08-07 22:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-10 02:09 . 2012-07-27 00:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-26 00:27 . 2012-08-02 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 02:16 . 2012-08-10 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 02:16 . 2012-08-10 02:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-26 00:27 . 2012-08-02 19:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 01:48 . 2012-08-03 01:48 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe
+ 2012-04-24 21:35 . 2012-08-03 01:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-24 21:35 . 2012-07-27 00:45 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-06-12 17:41 . 2012-08-10 01:59 262558 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-06-10 03:13 . 2012-08-10 01:53 262410 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-03 01:48 . 2012-08-03 01:48 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe
- 2009-06-13 13:56 . 2012-07-27 00:45 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-13 13:56 . 2012-08-03 01:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-25 01:28 . 2012-08-10 02:10 372520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-25 01:28 . 2012-07-26 00:26 372520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-26 00:26 . 2012-08-10 02:10 373288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369408010-4172177456-1871420540-1000-8192.dat
- 2012-07-26 00:26 . 2012-07-26 00:26 373288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369408010-4172177456-1871420540-1000-8192.dat
+ 2012-08-04 00:04 . 2012-08-10 02:00 927058 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369408010-4172177456-1871420540-1000-4096.dat
- 2012-07-25 01:28 . 2012-07-26 00:26 373288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369408010-4172177456-1871420540-1000-12288.dat
+ 2012-07-25 01:28 . 2012-08-05 00:13 373288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1369408010-4172177456-1871420540-1000-12288.dat
+ 2012-08-03 01:48 . 2012-08-03 01:48 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
+ 2012-08-03 01:48 . 2012-08-03 01:48 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
+ 2006-11-02 12:46 . 2012-08-10 02:23 4187034 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-10 02:23 1378188 c:\windows\system32\perfc009.dat
+ 2012-08-03 01:48 . 2012-08-03 01:48 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
"PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"FAStartup"="" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 22:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [2008-12-22 88576]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver64
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 01:48]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:23]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 01:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 4.2.2.2 4.2.2.1 75.75.75.75
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\4e2zo0tx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, dc271613-e181-49a8-bdfa-780c4d3bbef5
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage/Ads,PageRage/Global,PageRageTeases,InterstitialAds,Buzzdock,BuzzDockTease,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-08-09 23:26:40
ComboFix-quarantined-files.txt 2012-08-10 03:26
ComboFix2.txt 2012-08-02 20:15
ComboFix3.txt 2012-07-21 20:24
.
Pre-Run: 225,473,515,520 bytes free
Post-Run: 224,692,809,728 bytes free
.
- - End Of File - - 65D01E720D4F960D5B9582CB0806686F

**fireman4it** · 08-12-2012 07:09 PM

Can you please run yorkyt.exe from my previous post. Then post the log along with how your machine is doing?

**tmlang74** · 08-12-2012 08:09 PM

Below is the log. I am still having problems with the redirect. It usually goes to a get answers fast redirect.

2012-08-12 20:50:34: ****************************************************
2012-08-12 20:50:34: Starting UP ... v 0.0.0.220
2012-08-12 20:50:34: ****************************************************
2012-08-12 20:50:34: Stop TPSRV returns: 2
2012-08-12 20:50:49: Listing processes...
2012-08-12 20:50:49: :[System Process]:0
2012-08-12 20:50:49: :System:4
2012-08-12 20:50:49: :smss.exe:608
2012-08-12 20:50:49: :csrss.exe:676
2012-08-12 20:50:49: :wininit.exe:712
2012-08-12 20:50:49: :csrss.exe:732
2012-08-12 20:50:49: :services.exe:768
2012-08-12 20:50:49: :lsass.exe:784
2012-08-12 20:50:49: :lsm.exe:792
2012-08-12 20:50:49: :winlogon.exe:868
2012-08-12 20:50:49: :svchost.exe:976
2012-08-12 20:50:49: :SH4SER~1.EXE:224
2012-08-12 20:50:49: :svchost.exe:424
2012-08-12 20:50:49: :svchost.exe:644
2012-08-12 20:50:49: :svchost.exe:664
2012-08-12 20:50:49: :svchost.exe:736
2012-08-12 20:50:49: :stacsv64.exe:1032
2012-08-12 20:50:49: :audiodg.exe:1156
2012-08-12 20:50:49: :svchost.exe:1224
2012-08-12 20:50:49: :SLsvc.exe:1240
2012-08-12 20:50:49: :svchost.exe:1260
2012-08-12 20:50:49:

ockLogin.exe:1348
2012-08-12 20:50:49: :svchost.exe:1444
2012-08-12 20:50:49: :WLTRYSVC.EXE:1592
2012-08-12 20:50:49: :BCMWLTRY.EXE:1604
2012-08-12 20:50:49: :AvastSvc.exe:1612
2012-08-12 20:50:49: :wlanext.exe:1620
2012-08-12 20:50:49: :dwm.exe:1948
2012-08-12 20:50:49: :explorer.exe:1980
2012-08-12 20:50:49: :spoolsv.exe:1288
2012-08-12 20:50:49: :svchost.exe:1436
2012-08-12 20:50:49: :taskeng.exe:1464
2012-08-12 20:50:49: :taskeng.exe:2120
2012-08-12 20:50:49: :armsvc.exe:2212
2012-08-12 20:50:49: :AESTSr64.exe:2412
2012-08-12 20:50:49: :SeaPort.EXE:2468
2012-08-12 20:50:49: :BDTUpdateService.exe:2500
2012-08-12 20:50:49: :FAService.exe:2540
2012-08-12 20:50:49: :svchost.exe:2684
2012-08-12 20:50:49: :svchost.exe:2676
2012-08-12 20:50:49: :svchost.exe:1100
2012-08-12 20:50:49: :SearchIndexer.exe:1164
2012-08-12 20:50:49: :igfxsrvc.exe:3084
2012-08-12 20:50:49: :SDWinSec.exe:3092
2012-08-12 20:50:49: :Apoint.exe:3388
2012-08-12 20:50:49: :WLTRAY.EXE:3928
2012-08-12 20:50:49: :igfxtray.exe:1008
2012-08-12 20:50:49: :hkcmd.exe:2228
2012-08-12 20:50:49: :igfxpers.exe:1424
2012-08-12 20:50:49: :sttray64.exe:1936
2012-08-12 20:50:49: :quickset.exe:1588
2012-08-12 20:50:49: :FATrayMon.exe:1856
2012-08-12 20:50:49: :PCMService.exe:1884
2012-08-12 20:50:49: :FATrayAlert.exe:3976
2012-08-12 20:50:49: :jusched.exe:1180
2012-08-12 20:50:49: :ApMsgFwd.exe:3700
2012-08-12 20:50:49: :WmiPrvSE.exe:3188
2012-08-12 20:50:49: :hidfind.exe:4276
2012-08-12 20:50:49: :svchost.exe:3824
2012-08-12 20:50:49: :AvastUI.exe:4148
2012-08-12 20:50:49: :ielowutil.exe:3176
2012-08-12 20:50:49: :svchost.exe:4920
2012-08-12 20:50:49: :mobsync.exe:5332
2012-08-12 20:50:49: :firefox.exe:5632
2012-08-12 20:50:49:

lugin-container.exe:5840
2012-08-12 20:50:49: :FlashPlayerPlugin_11_3_300_270.exe:5208
2012-08-12 20:50:49: :FlashPlayerPlugin_11_3_300_270.exe:6072
2012-08-12 20:50:49: :SearchProtocolHost.exe:3980
2012-08-12 20:50:49: :SearchFilterHost.exe:4900
2012-08-12 20:50:49: :yorkyt.exe:5104
2012-08-12 20:50:49: :WmiPrvSE.exe:4464
2012-08-12 20:50:49:
2012-08-12 20:50:49: Setting restore point
2012-08-12 20:51:02: RUN mode
2012-08-12 20:51:02: Determining autonomous or dropped mode...
2012-08-12 20:51:02: Autonomus mode
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: AeLookupSvc
2012-08-12 20:51:02: Real Path: C:\Windows\System32\aelupsvc.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-08-12 20:51:02: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-08-12 20:51:02: ServiceDLL: System32\aelupsvc.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: aelupsvc.dll
2012-08-12 20:51:02: Original File Name: aelupsvc.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: Appinfo
2012-08-12 20:51:02: Real Path: C:\Windows\System32\appinfo.dll
2012-08-12 20:51:02: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-08-12 20:51:02: Description: @%systemroot%\system32\appinfo.dll,-101
2012-08-12 20:51:02: ServiceDLL: System32\appinfo.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: appinfo.dll
2012-08-12 20:51:02: Original File Name: appinfo.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: !!!!!!!
2012-08-12 20:51:02: Found Service: AppMgmt
2012-08-12 20:51:02: Real Path: C:\Windows\System32\appmgmts.dll
2012-08-12 20:51:02: Display Name:
2012-08-12 20:51:02: Description:
2012-08-12 20:51:02: ServiceDLL: System32\appmgmts.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: appmgmts.dll
2012-08-12 20:51:02: Original File Name:
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: !!!!!!!!!
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: AudioEndpointBuilder
2012-08-12 20:51:02: Real Path: C:\Windows\System32\Audiosrv.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-08-12 20:51:02: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-08-12 20:51:02: ServiceDLL: System32\Audiosrv.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: Audiosrv.dll
2012-08-12 20:51:02: Original File Name: audiosrv.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: AudioSrv
2012-08-12 20:51:02: Real Path: C:\Windows\System32\Audiosrv.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-08-12 20:51:02: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-08-12 20:51:02: ServiceDLL: System32\Audiosrv.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: Audiosrv.dll
2012-08-12 20:51:02: Original File Name: audiosrv.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: BFE
2012-08-12 20:51:02: Real Path: C:\Windows\System32\bfe.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-08-12 20:51:02: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-08-12 20:51:02: ServiceDLL: System32\bfe.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: bfe.dll
2012-08-12 20:51:02: Original File Name: BFE.DLL.MUI
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: BITS
2012-08-12 20:51:02: Real Path: C:\Windows\system32\qmgr.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-08-12 20:51:02: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-08-12 20:51:02: ServiceDLL: system32\qmgr.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: qmgr.dll
2012-08-12 20:51:02: Original File Name: qmgr.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: Browser
2012-08-12 20:51:02: Real Path: C:\Windows\System32\browser.dll
2012-08-12 20:51:02: Display Name: @%systemroot%\system32\browser.dll,-100
2012-08-12 20:51:02: Description: @%systemroot%\system32\browser.dll,-101
2012-08-12 20:51:02: ServiceDLL: System32\browser.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: browser.dll
2012-08-12 20:51:02: Original File Name: browser.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: CertPropSvc
2012-08-12 20:51:02: Real Path: C:\Windows\System32\certprop.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-08-12 20:51:02: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-08-12 20:51:02: ServiceDLL: System32\certprop.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: certprop.dll
2012-08-12 20:51:02: Original File Name: certprop.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: CryptSvc
2012-08-12 20:51:02: Real Path: C:\Windows\system32\cryptsvc.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-08-12 20:51:02: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-08-12 20:51:02: ServiceDLL: system32\cryptsvc.dll
2012-08-12 20:51:02: File size: 133120
2012-08-12 20:51:02: DLL File name: cryptsvc.dll
2012-08-12 20:51:02: Original File Name: cryptsvc.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time: 20120423120053 20120723160529 20120810225623
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: DcomLaunch
2012-08-12 20:51:02: Real Path: C:\Windows\system32\rpcss.dll
2012-08-12 20:51:02: Display Name: @oleres.dll,-5012
2012-08-12 20:51:02: Description: @oleres.dll,-5013
2012-08-12 20:51:02: ServiceDLL: system32\rpcss.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: rpcss.dll
2012-08-12 20:51:02: Original File Name: rpcss.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: Dhcp
2012-08-12 20:51:02: Real Path: C:\Windows\System32\dhcpcsvc.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
2012-08-12 20:51:02: Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
2012-08-12 20:51:02: ServiceDLL: System32\dhcpcsvc.dll
2012-08-12 20:51:02: File size: 204288
2012-08-12 20:51:02: DLL File name: dhcpcsvc.dll
2012-08-12 20:51:02: Original File Name: dhcpcsvc.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time: 20090410232820 20120722151938 20120812202505
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: Dnscache
2012-08-12 20:51:02: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-08-12 20:51:02: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-08-12 20:51:02: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-08-12 20:51:02: ServiceDLL: System32\dnsrslvr.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: dnsrslvr.dll
2012-08-12 20:51:02: Original File Name: dnsrslvr.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: dot3svc
2012-08-12 20:51:02: Real Path: C:\Windows\System32\dot3svc.dll
2012-08-12 20:51:02: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-08-12 20:51:02: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-08-12 20:51:02: ServiceDLL: System32\dot3svc.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: dot3svc.dll
2012-08-12 20:51:02: Original File Name: dot3svc.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:02: ---------------------------------------------------------------------
2012-08-12 20:51:02: Found Service: DPS
2012-08-12 20:51:02: Real Path: C:\Windows\system32\dps.dll
2012-08-12 20:51:02: Display Name: @%systemroot%\system32\dps.dll,-500
2012-08-12 20:51:02: Description: @%systemroot%\system32\dps.dll,-501
2012-08-12 20:51:02: ServiceDLL: system32\dps.dll
2012-08-12 20:51:02: File size: 0
2012-08-12 20:51:02: DLL File name: dps.dll
2012-08-12 20:51:02: Original File Name: dps.dll.mui
2012-08-12 20:51:02: Company:
2012-08-12 20:51:02: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: EapHost
2012-08-12 20:51:03: Real Path: C:\Windows\System32\eapsvc.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-08-12 20:51:03: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-08-12 20:51:03: ServiceDLL: System32\eapsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: eapsvc.dll
2012-08-12 20:51:03: Original File Name: eapsvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: EMDMgmt
2012-08-12 20:51:03: Real Path: C:\Windows\system32\emdmgmt.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\emdmgmt.dll,-1000
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
2012-08-12 20:51:03: ServiceDLL: system32\emdmgmt.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: emdmgmt.dll
2012-08-12 20:51:03: Original File Name: emdmgmt.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: EventSystem
2012-08-12 20:51:03: Real Path: C:\Windows\system32\es.dll
2012-08-12 20:51:03: Display Name: @comres.dll,-2450
2012-08-12 20:51:03: Description: @comres.dll,-2451
2012-08-12 20:51:03: ServiceDLL: system32\es.dll
2012-08-12 20:51:03: File size: 268800
2012-08-12 20:51:03: DLL File name: es.dll
2012-08-12 20:51:03: Original File Name: ES.DLL
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time: 20090410232820 20120722151934 20120810225624
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: fdPHost
2012-08-12 20:51:03: Real Path: C:\Windows\system32\fdPHost.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-08-12 20:51:03: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-08-12 20:51:03: ServiceDLL: system32\fdPHost.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: fdPHost.dll
2012-08-12 20:51:03: Original File Name: fdPHost.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: FDResPub
2012-08-12 20:51:03: Real Path: C:\Windows\system32\fdrespub.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-08-12 20:51:03: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-08-12 20:51:03: ServiceDLL: system32\fdrespub.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: fdrespub.dll
2012-08-12 20:51:03: Original File Name: FDResPub.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: !!!!!!!
2012-08-12 20:51:03: Found Service: FontCache
2012-08-12 20:51:03: Real Path: C:\Windows\system32\FntCache.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-08-12 20:51:03: Description: @%systemroot%\system32\FntCache.dll,-101
2012-08-12 20:51:03: ServiceDLL: system32\FntCache.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: FntCache.dll
2012-08-12 20:51:03: Original File Name: FontCacheService
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: !!!!!!!!!
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: gpsvc
2012-08-12 20:51:03: Real Path: C:\Windows\System32\gpsvc.dll
2012-08-12 20:51:03: Display Name: @gpapi.dll,-112
2012-08-12 20:51:03: Description: @gpapi.dll,-113
2012-08-12 20:51:03: ServiceDLL: System32\gpsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: gpsvc.dll
2012-08-12 20:51:03: Original File Name: gpsvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: hidserv
2012-08-12 20:51:03: Real Path: C:\Windows\System32\hidserv.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-08-12 20:51:03: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-08-12 20:51:03: ServiceDLL: System32\hidserv.dll
2012-08-12 20:51:03: File size: 26112
2012-08-12 20:51:03: DLL File name: hidserv.dll
2012-08-12 20:51:03: Original File Name: HIDSERV.DLL.MUI
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time: 20090410232820 20120722151911 20120810225624
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: hkmsvc
2012-08-12 20:51:03: Real Path: C:\Windows\system32\kmsvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-08-12 20:51:03: ServiceDLL: system32\kmsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: kmsvc.dll
2012-08-12 20:51:03: Original File Name: KmSvc.DLL.MUI
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: IKEEXT
2012-08-12 20:51:03: Real Path: C:\Windows\System32\ikeext.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-08-12 20:51:03: ServiceDLL: System32\ikeext.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: ikeext.dll
2012-08-12 20:51:03: Original File Name: IKEEXT.DLL.MUI
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: IPBusEnum
2012-08-12 20:51:03: Real Path: C:\Windows\system32\ipbusenum.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-08-12 20:51:03: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-08-12 20:51:03: ServiceDLL: system32\ipbusenum.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: ipbusenum.dll
2012-08-12 20:51:03: Original File Name: IPBusEnum.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: iphlpsvc
2012-08-12 20:51:03: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-200
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
2012-08-12 20:51:03: ServiceDLL: System32\iphlpsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: iphlpsvc.dll
2012-08-12 20:51:03: Original File Name: iphlpsvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: KtmRm
2012-08-12 20:51:03: Real Path: C:\Windows\system32\msdtckrm.dll
2012-08-12 20:51:03: Display Name: @comres.dll,-2946
2012-08-12 20:51:03: Description: @comres.dll,-2947
2012-08-12 20:51:03: ServiceDLL: system32\msdtckrm.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: msdtckrm.dll
2012-08-12 20:51:03: Original File Name: MSDTCKRM.DLL
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: LanmanServer
2012-08-12 20:51:03: Real Path: C:\Windows\System32\srvsvc.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-08-12 20:51:03: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-08-12 20:51:03: ServiceDLL: System32\srvsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: srvsvc.dll
2012-08-12 20:51:03: Original File Name: SRVSVC.DLL.MUI
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: LanmanWorkstation
2012-08-12 20:51:03: Real Path: C:\Windows\System32\wkssvc.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-08-12 20:51:03: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-08-12 20:51:03: ServiceDLL: System32\wkssvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: wkssvc.dll
2012-08-12 20:51:03: Original File Name: WKSSVC.DLL.MUI
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: lltdsvc
2012-08-12 20:51:03: Real Path: C:\Windows\System32\lltdsvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-08-12 20:51:03: ServiceDLL: System32\lltdsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: lltdsvc.dll
2012-08-12 20:51:03: Original File Name: LLTDSVC.DLL
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: lmhosts
2012-08-12 20:51:03: Real Path: C:\Windows\System32\lmhsvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-08-12 20:51:03: ServiceDLL: System32\lmhsvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: lmhsvc.dll
2012-08-12 20:51:03: Original File Name: lmhsvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: Mcx2Svc
2012-08-12 20:51:03: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-08-12 20:51:03: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-08-12 20:51:03: ServiceDLL: system32\Mcx2Svc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: Mcx2Svc.dll
2012-08-12 20:51:03: Original File Name: Mcx2Svc.dll
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: MMCSS
2012-08-12 20:51:03: Real Path: C:\Windows\system32\mmcss.dll
2012-08-12 20:51:03: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-08-12 20:51:03: Description: @%systemroot%\system32\mmcss.dll,-101
2012-08-12 20:51:03: ServiceDLL: system32\mmcss.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: mmcss.dll
2012-08-12 20:51:03: Original File Name: mmcss.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: MpsSvc
2012-08-12 20:51:03: Real Path: C:\Windows\system32\mpssvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-08-12 20:51:03: ServiceDLL: system32\mpssvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: mpssvc.dll
2012-08-12 20:51:03: Original File Name: mpssvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: MSiSCSI
2012-08-12 20:51:03: Real Path: C:\Windows\system32\iscsiexe.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-08-12 20:51:03: ServiceDLL: system32\iscsiexe.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: iscsiexe.dll
2012-08-12 20:51:03: Original File Name: iscsiexe.exe.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: napagent
2012-08-12 20:51:03: Real Path: C:\Windows\system32\qagentRT.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-08-12 20:51:03: ServiceDLL: system32\qagentRT.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: qagentRT.dll
2012-08-12 20:51:03: Original File Name: QAgentRT.DLL.MUI
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: Netman
2012-08-12 20:51:03: Real Path: C:\Windows\System32\netman.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\netman.dll,-110
2012-08-12 20:51:03: ServiceDLL: System32\netman.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: netman.dll
2012-08-12 20:51:03: Original File Name: netman.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: netprofm
2012-08-12 20:51:03: Real Path: C:\Windows\System32\netprofm.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\netprof.dll,-246
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\netprof.dll,-247
2012-08-12 20:51:03: ServiceDLL: System32\netprofm.dll
2012-08-12 20:51:03: File size: 237056
2012-08-12 20:51:03: DLL File name: netprofm.dll
2012-08-12 20:51:03: Original File Name: netprofm.dll
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time: 20080120224921 20080120224921 20120810225626
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: NlaSvc
2012-08-12 20:51:03: Real Path: C:\Windows\System32\nlasvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-08-12 20:51:03: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-08-12 20:51:03: ServiceDLL: System32\nlasvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: nlasvc.dll
2012-08-12 20:51:03: Original File Name: nlasvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: nsi
2012-08-12 20:51:03: Real Path: C:\Windows\system32\nsisvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-08-12 20:51:03: ServiceDLL: system32\nsisvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: nsisvc.dll
2012-08-12 20:51:03: Original File Name: nsisvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: p2pimsvc
2012-08-12 20:51:03: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8004
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\p2psvc.dll,-8005
2012-08-12 20:51:03: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:51:03: File size: 644608
2012-08-12 20:51:03: DLL File name: p2psvc.dll
2012-08-12 20:51:03: Original File Name: p2psvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:03: Found Service: p2psvc
2012-08-12 20:51:03: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-08-12 20:51:03: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:51:03: File size: 644608
2012-08-12 20:51:03: DLL File name: p2psvc.dll
2012-08-12 20:51:03: Original File Name: p2psvc.dll.mui
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:51:03: !!!!!!!
2012-08-12 20:51:03: Found Service: PcaSvc
2012-08-12 20:51:03: Real Path: C:\Windows\System32\pcasvc.dll
2012-08-12 20:51:03: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-08-12 20:51:03: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-08-12 20:51:03: ServiceDLL: System32\pcasvc.dll
2012-08-12 20:51:03: File size: 0
2012-08-12 20:51:03: DLL File name: pcasvc.dll
2012-08-12 20:51:03: Original File Name:
2012-08-12 20:51:03: Company:
2012-08-12 20:51:03: Mod/Cre/Acc time:
2012-08-12 20:51:03: !!!!!!!!!
2012-08-12 20:51:03: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: pla
2012-08-12 20:51:04: Real Path: C:\Windows\system32\pla.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\pla.dll,-500
2012-08-12 20:51:04: Description: @%systemroot%\system32\pla.dll,-501
2012-08-12 20:51:04: ServiceDLL: system32\pla.dll
2012-08-12 20:51:04: File size: 1502208
2012-08-12 20:51:04: DLL File name: pla.dll
2012-08-12 20:51:04: Original File Name: PLA.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120224823 20080120224823 20120810225626
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: PlugPlay
2012-08-12 20:51:04: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-08-12 20:51:04: ServiceDLL: system32\umpnpmgr.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: umpnpmgr.dll
2012-08-12 20:51:04: Original File Name: Umpnpmgr.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: PNRPAutoReg
2012-08-12 20:51:04: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8002
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\p2psvc.dll,-8003
2012-08-12 20:51:04: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:51:04: File size: 644608
2012-08-12 20:51:04: DLL File name: p2psvc.dll
2012-08-12 20:51:04: Original File Name: p2psvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: PNRPsvc
2012-08-12 20:51:04: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8000
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\p2psvc.dll,-8001
2012-08-12 20:51:04: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:51:04: File size: 644608
2012-08-12 20:51:04: DLL File name: p2psvc.dll
2012-08-12 20:51:04: Original File Name: p2psvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: PolicyAgent
2012-08-12 20:51:04: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-08-12 20:51:04: ServiceDLL: System32\ipsecsvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: ipsecsvc.dll
2012-08-12 20:51:04: Original File Name: ipsecsvc.dll
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: ProfSvc
2012-08-12 20:51:04: Real Path: C:\Windows\system32\profsvc.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-08-12 20:51:04: Description: @%systemroot%\system32\profsvc.dll,-301
2012-08-12 20:51:04: ServiceDLL: system32\profsvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: profsvc.dll
2012-08-12 20:51:04: Original File Name: ProfSvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: QWAVE
2012-08-12 20:51:04: Real Path: C:\Windows\system32\qwave.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-08-12 20:51:04: ServiceDLL: system32\qwave.dll
2012-08-12 20:51:04: File size: 243712
2012-08-12 20:51:04: DLL File name: qwave.dll
2012-08-12 20:51:04: Original File Name: qwave.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120224735 20080120224735 20120810225627
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: RasAuto
2012-08-12 20:51:04: Real Path: C:\Windows\System32\rasauto.dll
2012-08-12 20:51:04: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-08-12 20:51:04: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-08-12 20:51:04: ServiceDLL: System32\rasauto.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: rasauto.dll
2012-08-12 20:51:04: Original File Name: rasauto.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: RasMan
2012-08-12 20:51:04: Real Path: C:\Windows\System32\rasmans.dll
2012-08-12 20:51:04: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-08-12 20:51:04: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-08-12 20:51:04: ServiceDLL: System32\rasmans.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: rasmans.dll
2012-08-12 20:51:04: Original File Name: Rasmans.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: RemoteAccess
2012-08-12 20:51:04: Real Path: C:\Windows\System32\mprdim.dll
2012-08-12 20:51:04: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-08-12 20:51:04: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-08-12 20:51:04: ServiceDLL: System32\mprdim.dll
2012-08-12 20:51:04: File size: 68608
2012-08-12 20:51:04: DLL File name: mprdim.dll
2012-08-12 20:51:04: Original File Name: MPRDIM.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120224909 20080120224909 20120810225627
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: RemoteRegistry
2012-08-12 20:51:04: Real Path: C:\Windows\system32\regsvc.dll
2012-08-12 20:51:04: Display Name: @regsvc.dll,-1
2012-08-12 20:51:04: Description: @regsvc.dll,-2
2012-08-12 20:51:04: ServiceDLL: system32\regsvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: regsvc.dll
2012-08-12 20:51:04: Original File Name: REGSVC.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: RpcSs
2012-08-12 20:51:04: Real Path: C:\Windows\System32\rpcss.dll
2012-08-12 20:51:04: Display Name: @oleres.dll,-5010
2012-08-12 20:51:04: Description: @oleres.dll,-5011
2012-08-12 20:51:04: ServiceDLL: System32\rpcss.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: rpcss.dll
2012-08-12 20:51:04: Original File Name: rpcss.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SCardSvr
2012-08-12 20:51:04: Real Path: C:\Windows\System32\SCardSvr.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-08-12 20:51:04: ServiceDLL: System32\SCardSvr.dll
2012-08-12 20:51:04: File size: 95232
2012-08-12 20:51:04: DLL File name: SCardSvr.dll
2012-08-12 20:51:04: Original File Name: SCardSvr.exe.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090410232826 20120722151943 20120810225627
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: Schedule
2012-08-12 20:51:04: Real Path: C:\Windows\system32\schedsvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-08-12 20:51:04: ServiceDLL: system32\schedsvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: schedsvc.dll
2012-08-12 20:51:04: Original File Name: schedsvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SCPolicySvc
2012-08-12 20:51:04: Real Path: C:\Windows\System32\certprop.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-08-12 20:51:04: ServiceDLL: System32\certprop.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: certprop.dll
2012-08-12 20:51:04: Original File Name: certprop.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SDRSVC
2012-08-12 20:51:04: Real Path: C:\Windows\System32\SDRSVC.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-08-12 20:51:04: ServiceDLL: System32\SDRSVC.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: SDRSVC.dll
2012-08-12 20:51:04: Original File Name: SDRSVC.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: seclogon
2012-08-12 20:51:04: Real Path: C:\Windows\system32\seclogon.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-08-12 20:51:04: ServiceDLL: system32\seclogon.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: seclogon.dll
2012-08-12 20:51:04: Original File Name: SECLOGON.EXE.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SENS
2012-08-12 20:51:04: Real Path: C:\Windows\system32\sens.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-08-12 20:51:04: ServiceDLL: system32\sens.dll
2012-08-12 20:51:04: File size: 47104
2012-08-12 20:51:04: DLL File name: sens.dll
2012-08-12 20:51:04: Original File Name: sens.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120225007 20080120225007 20120810225628
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SessionEnv
2012-08-12 20:51:04: Real Path: C:\Windows\system32\sessenv.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-08-12 20:51:04: ServiceDLL: system32\sessenv.dll
2012-08-12 20:51:04: File size: 84992
2012-08-12 20:51:04: DLL File name: sessenv.dll
2012-08-12 20:51:04: Original File Name: SessEnv.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120225038 20080120225038 20120810225628
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SharedAccess
2012-08-12 20:51:04: Real Path: C:\Windows\System32\ipnathlp.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-08-12 20:51:04: ServiceDLL: System32\ipnathlp.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: ipnathlp.dll
2012-08-12 20:51:04: Original File Name: IPNATHLP.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: ShellHWDetection
2012-08-12 20:51:04: Real Path: C:\Windows\System32\shsvcs.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-08-12 20:51:04: ServiceDLL: System32\shsvcs.dll
2012-08-12 20:51:04: File size: 247808
2012-08-12 20:51:04: DLL File name: shsvcs.dll
2012-08-12 20:51:04: Original File Name: SHSVCS.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090710074742 20110315221629 20120810225628
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SLUINotify
2012-08-12 20:51:04: Real Path: C:\Windows\system32\SLUINotify.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\SLUINotify.dll,-103
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\SLUINotify.dll,-102
2012-08-12 20:51:04: ServiceDLL: system32\SLUINotify.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: SLUINotify.dll
2012-08-12 20:51:04: Original File Name: SLUINotify.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SSDPSRV
2012-08-12 20:51:04: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-08-12 20:51:04: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-08-12 20:51:04: ServiceDLL: System32\ssdpsrv.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: ssdpsrv.dll
2012-08-12 20:51:04: Original File Name: ssdpsrv.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SstpSvc
2012-08-12 20:51:04: Real Path: C:\Windows\system32\sstpsvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-08-12 20:51:04: ServiceDLL: system32\sstpsvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: sstpsvc.dll
2012-08-12 20:51:04: Original File Name: sstpsvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: stisvc
2012-08-12 20:51:04: Real Path: C:\Windows\System32\wiaservc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-08-12 20:51:04: ServiceDLL: System32\wiaservc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: wiaservc.dll
2012-08-12 20:51:04: Original File Name: WIASERVC.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: swprv
2012-08-12 20:51:04: Real Path: C:\Windows\System32\swprv.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-08-12 20:51:04: ServiceDLL: System32\swprv.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: swprv.dll
2012-08-12 20:51:04: Original File Name: SWPRV.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: SysMain
2012-08-12 20:51:04: Real Path: C:\Windows\system32\sysmain.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-08-12 20:51:04: ServiceDLL: system32\sysmain.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: sysmain.dll
2012-08-12 20:51:04: Original File Name: sysmain.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: !!!!!!!
2012-08-12 20:51:04: Found Service: TabletInputService
2012-08-12 20:51:04: Real Path: C:\Windows\System32\TabSvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-08-12 20:51:04: ServiceDLL: System32\TabSvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: TabSvc.dll
2012-08-12 20:51:04: Original File Name: PenService.EXE.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: !!!!!!!!!
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: TapiSrv
2012-08-12 20:51:04: Real Path: C:\Windows\System32\tapisrv.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-08-12 20:51:04: ServiceDLL: System32\tapisrv.dll
2012-08-12 20:51:04: File size: 242688
2012-08-12 20:51:04: DLL File name: tapisrv.dll
2012-08-12 20:51:04: Original File Name: TAPISRV.EXE.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090410232826 20120722151849 20120810225628
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: TBS
2012-08-12 20:51:04: Real Path: C:\Windows\System32\tbssvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-08-12 20:51:04: ServiceDLL: System32\tbssvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: tbssvc.dll
2012-08-12 20:51:04: Original File Name: TBSSVC.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: TermService
2012-08-12 20:51:04: Real Path: C:\Windows\System32\termsrv.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-08-12 20:51:04: ServiceDLL: System32\termsrv.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: termsrv.dll
2012-08-12 20:51:04: Original File Name: termsrv.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: Themes
2012-08-12 20:51:04: Real Path: C:\Windows\system32\shsvcs.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\System32\shsvcs.dll,-8192
2012-08-12 20:51:04: Description: @%SystemRoot%\System32\shsvcs.dll,-8193
2012-08-12 20:51:04: ServiceDLL: system32\shsvcs.dll
2012-08-12 20:51:04: File size: 247808
2012-08-12 20:51:04: DLL File name: shsvcs.dll
2012-08-12 20:51:04: Original File Name: SHSVCS.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090710074742 20110315221629 20120810225628
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: THREADORDER
2012-08-12 20:51:04: Real Path: C:\Windows\system32\mmcss.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-08-12 20:51:04: Description: @%systemroot%\system32\mmcss.dll,-103
2012-08-12 20:51:04: ServiceDLL: system32\mmcss.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: mmcss.dll
2012-08-12 20:51:04: Original File Name: mmcss.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: TrkWks
2012-08-12 20:51:04: Real Path: C:\Windows\System32\trkwks.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-08-12 20:51:04: ServiceDLL: System32\trkwks.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: trkwks.dll
2012-08-12 20:51:04: Original File Name: trkwks.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: !!!!!!!
2012-08-12 20:51:04: Found Service: upnphost
2012-08-12 20:51:04: Real Path: C:\Windows\System32\upnphost.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-08-12 20:51:04: Description: @%systemroot%\system32\upnphost.dll,-214
2012-08-12 20:51:04: ServiceDLL: System32\upnphost.dll
2012-08-12 20:51:04: File size: 259072
2012-08-12 20:51:04: DLL File name: upnphost.dll
2012-08-12 20:51:04: Original File Name: unpnhost.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120224826 20080120224826 20120810225628
2012-08-12 20:51:04: !!!!!!!!!
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: UxSms
2012-08-12 20:51:04: Real Path: C:\Windows\System32\uxsms.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-08-12 20:51:04: ServiceDLL: System32\uxsms.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: uxsms.dll
2012-08-12 20:51:04: Original File Name: UxSms.dll
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: W32Time
2012-08-12 20:51:04: Real Path: C:\Windows\system32\w32time.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-08-12 20:51:04: ServiceDLL: system32\w32time.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: w32time.dll
2012-08-12 20:51:04: Original File Name: w32time.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: wcncsvc
2012-08-12 20:51:04: Real Path: C:\Windows\System32\wcncsvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-08-12 20:51:04: ServiceDLL: System32\wcncsvc.dll
2012-08-12 20:51:04: File size: 413696
2012-08-12 20:51:04: DLL File name: wcncsvc.dll
2012-08-12 20:51:04: Original File Name: WCNCSVC.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090410232826 20120722151857 20120810225629
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: WcsPlugInService
2012-08-12 20:51:04: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-08-12 20:51:04: ServiceDLL: System32\WcsPlugInService.dll
2012-08-12 20:51:04: File size: 32256
2012-08-12 20:51:04: DLL File name: WcsPlugInService.dll
2012-08-12 20:51:04: Original File Name: WcsPlugInService.DLL.MUI
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20061102054613 20061102081253 20120810225629
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: WdiServiceHost
2012-08-12 20:51:04: Real Path: C:\Windows\system32\wdi.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-08-12 20:51:04: Description: @%systemroot%\system32\wdi.dll,-503
2012-08-12 20:51:04: ServiceDLL: system32\wdi.dll
2012-08-12 20:51:04: File size: 73728
2012-08-12 20:51:04: DLL File name: wdi.dll
2012-08-12 20:51:04: Original File Name: wdi.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120225001 20080120225001 20120810225629
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: WdiSystemHost
2012-08-12 20:51:04: Real Path: C:\Windows\system32\wdi.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-08-12 20:51:04: Description: @%systemroot%\system32\wdi.dll,-501
2012-08-12 20:51:04: ServiceDLL: system32\wdi.dll
2012-08-12 20:51:04: File size: 73728
2012-08-12 20:51:04: DLL File name: wdi.dll
2012-08-12 20:51:04: Original File Name: wdi.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20080120225001 20080120225001 20120810225629
2012-08-12 20:51:04: !!!!!!!
2012-08-12 20:51:04: Found Service: WebClient
2012-08-12 20:51:04: Real Path: C:\Windows\System32\webclnt.dll
2012-08-12 20:51:04: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-08-12 20:51:04: Description: @%systemroot%\system32\webclnt.dll,-101
2012-08-12 20:51:04: ServiceDLL: System32\webclnt.dll
2012-08-12 20:51:04: File size: 199680
2012-08-12 20:51:04: DLL File name: webclnt.dll
2012-08-12 20:51:04: Original File Name: davsvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time: 20090410232826 20120722151834 20120810225629
2012-08-12 20:51:04: !!!!!!!!!
2012-08-12 20:51:04: ---------------------------------------------------------------------
2012-08-12 20:51:04: Found Service: Wecsvc
2012-08-12 20:51:04: Real Path: C:\Windows\system32\wecsvc.dll
2012-08-12 20:51:04: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-08-12 20:51:04: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-08-12 20:51:04: ServiceDLL: system32\wecsvc.dll
2012-08-12 20:51:04: File size: 0
2012-08-12 20:51:04: DLL File name: wecsvc.dll
2012-08-12 20:51:04: Original File Name: wecsvc.dll.mui
2012-08-12 20:51:04: Company:
2012-08-12 20:51:04: Mod/Cre/Acc time:
2012-08-12 20:51:04: !!!!!!!
2012-08-12 20:51:04: Found Service: wercplsupport
2012-08-12 20:51:04: Real Path: C:\Windows\System32\wercplsupport.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-08-12 20:51:05: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-08-12 20:51:05: ServiceDLL: System32\wercplsupport.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: wercplsupport.dll
2012-08-12 20:51:05: Original File Name: ERC
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: !!!!!!!!!
2012-08-12 20:51:05: !!!!!!!
2012-08-12 20:51:05: Found Service: WerSvc
2012-08-12 20:51:05: Real Path: C:\Windows\System32\WerSvc.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-08-12 20:51:05: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-08-12 20:51:05: ServiceDLL: System32\WerSvc.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: WerSvc.dll
2012-08-12 20:51:05: Original File Name: wersvc
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: !!!!!!!!!
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: Winmgmt
2012-08-12 20:51:05: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-08-12 20:51:05: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-08-12 20:51:05: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-08-12 20:51:05: ServiceDLL: system32\wbem\WMIsvc.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: WMIsvc.dll
2012-08-12 20:51:05: Original File Name: wmisvc.dll.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: WinRM
2012-08-12 20:51:05: Real Path: C:\Windows\system32\WsmSvc.dll
2012-08-12 20:51:05: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-08-12 20:51:05: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-08-12 20:51:05: ServiceDLL: system32\WsmSvc.dll
2012-08-12 20:51:05: File size: 1181696
2012-08-12 20:51:05: DLL File name: WsmSvc.dll
2012-08-12 20:51:05: Original File Name: WsmSvc.dll.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time: 20091009175618 20110223040027 20120810225629
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: Wlansvc
2012-08-12 20:51:05: Real Path: C:\Windows\System32\wlansvc.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-08-12 20:51:05: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-08-12 20:51:05: ServiceDLL: System32\wlansvc.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: wlansvc.dll
2012-08-12 20:51:05: Original File Name: wlansvc.dll.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: WPCSvc
2012-08-12 20:51:05: Real Path: C:\Windows\System32\wpcsvc.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-08-12 20:51:05: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-08-12 20:51:05: ServiceDLL: System32\wpcsvc.dll
2012-08-12 20:51:05: File size: 140288
2012-08-12 20:51:05: DLL File name: wpcsvc.dll
2012-08-12 20:51:05: Original File Name: wpcsvc.exe.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time: 20090410232826 20120722151844 20120810225630
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: WPDBusEnum
2012-08-12 20:51:05: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-08-12 20:51:05: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-08-12 20:51:05: ServiceDLL: system32\wpdbusenum.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: wpdbusenum.dll
2012-08-12 20:51:05: Original File Name: WpdBusEnum.DLL.MUI
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: wscsvc
2012-08-12 20:51:05: Real Path: C:\Windows\system32\wscsvc.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-08-12 20:51:05: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-08-12 20:51:05: ServiceDLL: system32\wscsvc.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: wscsvc.dll
2012-08-12 20:51:05: Original File Name: wscsvc.dll.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: wuauserv
2012-08-12 20:51:05: Real Path: C:\Windows\system32\wuaueng.dll
2012-08-12 20:51:05: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-08-12 20:51:05: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-08-12 20:51:05: ServiceDLL: system32\wuaueng.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: wuaueng.dll
2012-08-12 20:51:05: Original File Name: wuaueng.dll.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05: ---------------------------------------------------------------------
2012-08-12 20:51:05: Found Service: wudfsvc
2012-08-12 20:51:05: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-08-12 20:51:05: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-08-12 20:51:05: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-08-12 20:51:05: ServiceDLL: System32\WUDFSvc.dll
2012-08-12 20:51:05: File size: 0
2012-08-12 20:51:05: DLL File name: WUDFSvc.dll
2012-08-12 20:51:05: Original File Name: WUDFSvc.dll.mui
2012-08-12 20:51:05: Company:
2012-08-12 20:51:05: Mod/Cre/Acc time:
2012-08-12 20:51:05:
2012-08-12 20:51:05: Looking for SHELL key
2012-08-12 20:51:05: Now looking for bad DLL files in system32
2012-08-12 20:51:23: Folder: GAC
2012-08-12 20:51:23: Folder: GAC_32
2012-08-12 20:51:23: Folder: GAC_64
2012-08-12 20:51:23: Folder: GAC_MSIL
2012-08-12 20:51:23: Folder: NativeImages_v2.0.50727_32
2012-08-12 20:51:23: Folder: NativeImages_v2.0.50727_64
2012-08-12 20:51:23: Folder: NativeImages_v4.0.30319_32
2012-08-12 20:51:23: Folder: NativeImages_v4.0.30319_64
2012-08-12 20:51:23: Folder: temp
2012-08-12 20:51:23: Folder: tmp
2012-08-12 20:51:23: Checking for bad folder
2012-08-12 20:51:23: Found 1 folders.
2012-08-12 20:51:23: Checking C:\Windows\assembly\tmp
2012-08-12 20:51:23: ... Folder test returns: 1
2012-08-12 20:51:23: Done with folder list in C:\Windows\assembly\ tmp
2012-08-12 20:51:23: Autonomous mode, clearing out yt folder
2012-08-12 20:51:23: cmd.exe /c start "C:\Users\Kathy\Desktop\yorkyt.exe"
2012-08-12 20:51:29: Restarting...
2012-08-12 20:54:05: ****************************************************
2012-08-12 20:54:06: Starting UP ... v 0.0.0.220
2012-08-12 20:54:06: ****************************************************
2012-08-12 20:54:07: Stop TPSRV returns: 2
2012-08-12 20:54:22: Listing processes...
2012-08-12 20:54:22: :[System Process]:0
2012-08-12 20:54:22: :System:4
2012-08-12 20:54:22: :smss.exe:544
2012-08-12 20:54:22: :csrss.exe:676
2012-08-12 20:54:22: :wininit.exe:712
2012-08-12 20:54:22: :csrss.exe:732
2012-08-12 20:54:22: :services.exe:768
2012-08-12 20:54:22: :lsass.exe:784
2012-08-12 20:54:22: :lsm.exe:792
2012-08-12 20:54:22: :winlogon.exe:872
2012-08-12 20:54:22: :svchost.exe:988
2012-08-12 20:54:22: :SH4SER~1.EXE:288
2012-08-12 20:54:22: :svchost.exe:372
2012-08-12 20:54:22: :svchost.exe:664
2012-08-12 20:54:22: :svchost.exe:788
2012-08-12 20:54:22: :svchost.exe:536
2012-08-12 20:54:22: :stacsv64.exe:1088
2012-08-12 20:54:22: :audiodg.exe:1164
2012-08-12 20:54:22: :svchost.exe:1256
2012-08-12 20:54:22: :SLsvc.exe:1276
2012-08-12 20:54:22: :svchost.exe:1308
2012-08-12 20:54:22:

ockLogin.exe:1404
2012-08-12 20:54:22: :svchost.exe:1492
2012-08-12 20:54:22: :WLTRYSVC.EXE:1636
2012-08-12 20:54:22: :BCMWLTRY.EXE:1652
2012-08-12 20:54:22: :wlanext.exe:1668
2012-08-12 20:54:22: :AvastSvc.exe:1676
2012-08-12 20:54:22: :dwm.exe:1888
2012-08-12 20:54:22: :explorer.exe:1932
2012-08-12 20:54:22: :spoolsv.exe:2036
2012-08-12 20:54:22: :taskeng.exe:1052
2012-08-12 20:54:22: :svchost.exe:1372
2012-08-12 20:54:22: :taskeng.exe:844
2012-08-12 20:54:22: :armsvc.exe:2420
2012-08-12 20:54:22: :AESTSr64.exe:2440
2012-08-12 20:54:22: :BBSvc.EXE:2464
2012-08-12 20:54:22: :SeaPort.EXE:2480
2012-08-12 20:54:22: :BDTUpdateService.exe:2528
2012-08-12 20:54:22: :FAService.exe:2564
2012-08-12 20:54:22: :svchost.exe:2704
2012-08-12 20:54:22: :svchost.exe:2740
2012-08-12 20:54:22: :svchost.exe:2808
2012-08-12 20:54:22: :igfxsrvc.exe:832
2012-08-12 20:54:22: :SDWinSec.exe:1952
2012-08-12 20:54:22: :yorkyt.exe:3460
2012-08-12 20:54:22: :Apoint.exe:3648
2012-08-12 20:54:22: :WLTRAY.EXE:3656
2012-08-12 20:54:22: :igfxtray.exe:3664
2012-08-12 20:54:22: :hkcmd.exe:3672
2012-08-12 20:54:22: :igfxpers.exe:3680
2012-08-12 20:54:22: :sttray64.exe:3692
2012-08-12 20:54:22: :quickset.exe:3708
2012-08-12 20:54:22: :FATrayMon.exe:3740
2012-08-12 20:54:22: :PCMService.exe:3752
2012-08-12 20:54:22: :WinPatrol.exe:3760
2012-08-12 20:54:22: :jusched.exe:3820
2012-08-12 20:54:22: :FATrayAlert.exe:3868
2012-08-12 20:54:22: :WmiPrvSE.exe:4012
2012-08-12 20:54:22: :WmiPrvSE.exe:4020
2012-08-12 20:54:22: :reader_sl.exe:4056
2012-08-12 20:54:22: :GfxUI.exe:2604
2012-08-12 20:54:22: :ApMsgFwd.exe:3188
2012-08-12 20:54:22:
2012-08-12 20:54:22: Starting cleanup mode...
2012-08-12 20:55:30: ... Done with files, now folders
2012-08-12 20:55:34: All DONE
2012-08-12 20:58:50: ****************************************************
2012-08-12 20:58:50: Starting UP ... v 0.0.0.220
2012-08-12 20:58:50: ****************************************************
2012-08-12 20:58:50: Stop TPSRV returns: 2
2012-08-12 20:59:05: Listing processes...
2012-08-12 20:59:05: :[System Process]:0
2012-08-12 20:59:05: :System:4
2012-08-12 20:59:05: :smss.exe:544
2012-08-12 20:59:05: :csrss.exe:676
2012-08-12 20:59:05: :wininit.exe:712
2012-08-12 20:59:05: :csrss.exe:732
2012-08-12 20:59:05: :services.exe:768
2012-08-12 20:59:05: :lsass.exe:784
2012-08-12 20:59:05: :lsm.exe:792
2012-08-12 20:59:05: :winlogon.exe:872
2012-08-12 20:59:05: :svchost.exe:988
2012-08-12 20:59:05: :SH4SER~1.EXE:288
2012-08-12 20:59:05: :svchost.exe:372
2012-08-12 20:59:05: :svchost.exe:664
2012-08-12 20:59:05: :svchost.exe:788
2012-08-12 20:59:05: :svchost.exe:536
2012-08-12 20:59:05: :stacsv64.exe:1088
2012-08-12 20:59:05: :audiodg.exe:1164
2012-08-12 20:59:05: :svchost.exe:1256
2012-08-12 20:59:05: :SLsvc.exe:1276
2012-08-12 20:59:05: :svchost.exe:1308
2012-08-12 20:59:05:

ockLogin.exe:1404
2012-08-12 20:59:05: :svchost.exe:1492
2012-08-12 20:59:05: :WLTRYSVC.EXE:1636
2012-08-12 20:59:05: :BCMWLTRY.EXE:1652
2012-08-12 20:59:05: :wlanext.exe:1668
2012-08-12 20:59:05: :AvastSvc.exe:1676
2012-08-12 20:59:05: :dwm.exe:1888
2012-08-12 20:59:05: :explorer.exe:1932
2012-08-12 20:59:05: :spoolsv.exe:2036
2012-08-12 20:59:05: :taskeng.exe:1052
2012-08-12 20:59:05: :svchost.exe:1372
2012-08-12 20:59:05: :taskeng.exe:844
2012-08-12 20:59:05: :armsvc.exe:2420
2012-08-12 20:59:05: :AESTSr64.exe:2440
2012-08-12 20:59:05: :BBSvc.EXE:2464
2012-08-12 20:59:05: :SeaPort.EXE:2480
2012-08-12 20:59:05: :BDTUpdateService.exe:2528
2012-08-12 20:59:05: :FAService.exe:2564
2012-08-12 20:59:05: :svchost.exe:2704
2012-08-12 20:59:05: :svchost.exe:2740
2012-08-12 20:59:05: :svchost.exe:2808
2012-08-12 20:59:05: :igfxsrvc.exe:832
2012-08-12 20:59:05: :SDWinSec.exe:1952
2012-08-12 20:59:05: :Apoint.exe:3648
2012-08-12 20:59:05: :WLTRAY.EXE:3656
2012-08-12 20:59:05: :igfxtray.exe:3664
2012-08-12 20:59:05: :hkcmd.exe:3672
2012-08-12 20:59:05: :igfxpers.exe:3680
2012-08-12 20:59:05: :sttray64.exe:3692
2012-08-12 20:59:05: :quickset.exe:3708
2012-08-12 20:59:05: :FATrayMon.exe:3740
2012-08-12 20:59:05: :PCMService.exe:3752
2012-08-12 20:59:05: :WinPatrol.exe:3760
2012-08-12 20:59:05: :jusched.exe:3820
2012-08-12 20:59:05: :FATrayAlert.exe:3868
2012-08-12 20:59:05: :WmiPrvSE.exe:4020
2012-08-12 20:59:05: :ApMsgFwd.exe:3188
2012-08-12 20:59:05: :ApntEx.exe:1588
2012-08-12 20:59:05: :hidfind.exe:3128
2012-08-12 20:59:05: :svchost.exe:4076
2012-08-12 20:59:05: :firefox.exe:4012
2012-08-12 20:59:05: :svchost.exe:3260
2012-08-12 20:59:05:

lugin-container.exe:3140
2012-08-12 20:59:05: :FlashPlayerPlugin_11_3_300_270.exe:1192
2012-08-12 20:59:05: :FlashPlayerPlugin_11_3_300_270.exe:3384
2012-08-12 20:59:05: :SearchIndexer.exe:2860
2012-08-12 20:59:05: :WMIADAP.exe:4952
2012-08-12 20:59:05: :SearchProtocolHost.exe:4172
2012-08-12 20:59:05: :TrustedInstaller.exe:1020
2012-08-12 20:59:05: :SearchFilterHost.exe:884
2012-08-12 20:59:05: :yorkyt.exe:1804
2012-08-12 20:59:05: :WmiPrvSE.exe:4432
2012-08-12 20:59:05: :consent.exe:4572
2012-08-12 20:59:05:
2012-08-12 20:59:05: Setting restore point
2012-08-12 20:59:20: RUN mode
2012-08-12 20:59:20: Determining autonomous or dropped mode...
2012-08-12 20:59:20: Autonomus mode
2012-08-12 20:59:20: ---------------------------------------------------------------------
2012-08-12 20:59:20: Found Service: AeLookupSvc
2012-08-12 20:59:20: Real Path: C:\Windows\System32\aelupsvc.dll
2012-08-12 20:59:20: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-08-12 20:59:20: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-08-12 20:59:20: ServiceDLL: System32\aelupsvc.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: aelupsvc.dll
2012-08-12 20:59:20: Original File Name: aelupsvc.dll.mui
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:20: ---------------------------------------------------------------------
2012-08-12 20:59:20: Found Service: Appinfo
2012-08-12 20:59:20: Real Path: C:\Windows\System32\appinfo.dll
2012-08-12 20:59:20: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-08-12 20:59:20: Description: @%systemroot%\system32\appinfo.dll,-101
2012-08-12 20:59:20: ServiceDLL: System32\appinfo.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: appinfo.dll
2012-08-12 20:59:20: Original File Name: appinfo.dll.mui
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:20: !!!!!!!
2012-08-12 20:59:20: Found Service: AppMgmt
2012-08-12 20:59:20: Real Path: C:\Windows\System32\appmgmts.dll
2012-08-12 20:59:20: Display Name:
2012-08-12 20:59:20: Description:
2012-08-12 20:59:20: ServiceDLL: System32\appmgmts.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: appmgmts.dll
2012-08-12 20:59:20: Original File Name:
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:20: !!!!!!!!!
2012-08-12 20:59:20: ---------------------------------------------------------------------
2012-08-12 20:59:20: Found Service: AudioEndpointBuilder
2012-08-12 20:59:20: Real Path: C:\Windows\System32\Audiosrv.dll
2012-08-12 20:59:20: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-08-12 20:59:20: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-08-12 20:59:20: ServiceDLL: System32\Audiosrv.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: Audiosrv.dll
2012-08-12 20:59:20: Original File Name: audiosrv.dll.mui
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:20: ---------------------------------------------------------------------
2012-08-12 20:59:20: Found Service: AudioSrv
2012-08-12 20:59:20: Real Path: C:\Windows\System32\Audiosrv.dll
2012-08-12 20:59:20: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-08-12 20:59:20: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-08-12 20:59:20: ServiceDLL: System32\Audiosrv.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: Audiosrv.dll
2012-08-12 20:59:20: Original File Name: audiosrv.dll.mui
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:20: ---------------------------------------------------------------------
2012-08-12 20:59:20: Found Service: BFE
2012-08-12 20:59:20: Real Path: C:\Windows\System32\bfe.dll
2012-08-12 20:59:20: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-08-12 20:59:20: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-08-12 20:59:20: ServiceDLL: System32\bfe.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: bfe.dll
2012-08-12 20:59:20: Original File Name: BFE.DLL.MUI
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:20: ---------------------------------------------------------------------
2012-08-12 20:59:20: Found Service: BITS
2012-08-12 20:59:20: Real Path: C:\Windows\system32\qmgr.dll
2012-08-12 20:59:20: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-08-12 20:59:20: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-08-12 20:59:20: ServiceDLL: system32\qmgr.dll
2012-08-12 20:59:20: File size: 0
2012-08-12 20:59:20: DLL File name: qmgr.dll
2012-08-12 20:59:20: Original File Name: qmgr.dll.mui
2012-08-12 20:59:20: Company:
2012-08-12 20:59:20: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: Browser
2012-08-12 20:59:21: Real Path: C:\Windows\System32\browser.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\browser.dll,-100
2012-08-12 20:59:21: Description: @%systemroot%\system32\browser.dll,-101
2012-08-12 20:59:21: ServiceDLL: System32\browser.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: browser.dll
2012-08-12 20:59:21: Original File Name: browser.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: CertPropSvc
2012-08-12 20:59:21: Real Path: C:\Windows\System32\certprop.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-08-12 20:59:21: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-08-12 20:59:21: ServiceDLL: System32\certprop.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: certprop.dll
2012-08-12 20:59:21: Original File Name: certprop.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: CryptSvc
2012-08-12 20:59:21: Real Path: C:\Windows\system32\cryptsvc.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-08-12 20:59:21: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-08-12 20:59:21: ServiceDLL: system32\cryptsvc.dll
2012-08-12 20:59:21: File size: 133120
2012-08-12 20:59:21: DLL File name: cryptsvc.dll
2012-08-12 20:59:21: Original File Name: cryptsvc.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time: 20120423120053 20120723160529 20120810225623
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: DcomLaunch
2012-08-12 20:59:21: Real Path: C:\Windows\system32\rpcss.dll
2012-08-12 20:59:21: Display Name: @oleres.dll,-5012
2012-08-12 20:59:21: Description: @oleres.dll,-5013
2012-08-12 20:59:21: ServiceDLL: system32\rpcss.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: rpcss.dll
2012-08-12 20:59:21: Original File Name: rpcss.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: Dhcp
2012-08-12 20:59:21: Real Path: C:\Windows\System32\dhcpcsvc.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
2012-08-12 20:59:21: Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
2012-08-12 20:59:21: ServiceDLL: System32\dhcpcsvc.dll
2012-08-12 20:59:21: File size: 204288
2012-08-12 20:59:21: DLL File name: dhcpcsvc.dll
2012-08-12 20:59:21: Original File Name: dhcpcsvc.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time: 20090410232820 20120722151938 20120812202505
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: Dnscache
2012-08-12 20:59:21: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-08-12 20:59:21: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-08-12 20:59:21: ServiceDLL: System32\dnsrslvr.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: dnsrslvr.dll
2012-08-12 20:59:21: Original File Name: dnsrslvr.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: dot3svc
2012-08-12 20:59:21: Real Path: C:\Windows\System32\dot3svc.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-08-12 20:59:21: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-08-12 20:59:21: ServiceDLL: System32\dot3svc.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: dot3svc.dll
2012-08-12 20:59:21: Original File Name: dot3svc.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: DPS
2012-08-12 20:59:21: Real Path: C:\Windows\system32\dps.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\dps.dll,-500
2012-08-12 20:59:21: Description: @%systemroot%\system32\dps.dll,-501
2012-08-12 20:59:21: ServiceDLL: system32\dps.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: dps.dll
2012-08-12 20:59:21: Original File Name: dps.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: EapHost
2012-08-12 20:59:21: Real Path: C:\Windows\System32\eapsvc.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-08-12 20:59:21: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-08-12 20:59:21: ServiceDLL: System32\eapsvc.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: eapsvc.dll
2012-08-12 20:59:21: Original File Name: eapsvc.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: EMDMgmt
2012-08-12 20:59:21: Real Path: C:\Windows\system32\emdmgmt.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\system32\emdmgmt.dll,-1000
2012-08-12 20:59:21: Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
2012-08-12 20:59:21: ServiceDLL: system32\emdmgmt.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: emdmgmt.dll
2012-08-12 20:59:21: Original File Name: emdmgmt.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: EventSystem
2012-08-12 20:59:21: Real Path: C:\Windows\system32\es.dll
2012-08-12 20:59:21: Display Name: @comres.dll,-2450
2012-08-12 20:59:21: Description: @comres.dll,-2451
2012-08-12 20:59:21: ServiceDLL: system32\es.dll
2012-08-12 20:59:21: File size: 268800
2012-08-12 20:59:21: DLL File name: es.dll
2012-08-12 20:59:21: Original File Name: ES.DLL
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time: 20090410232820 20120722151934 20120810225624
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: fdPHost
2012-08-12 20:59:21: Real Path: C:\Windows\system32\fdPHost.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-08-12 20:59:21: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-08-12 20:59:21: ServiceDLL: system32\fdPHost.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: fdPHost.dll
2012-08-12 20:59:21: Original File Name: fdPHost.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: FDResPub
2012-08-12 20:59:21: Real Path: C:\Windows\system32\fdrespub.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-08-12 20:59:21: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-08-12 20:59:21: ServiceDLL: system32\fdrespub.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: fdrespub.dll
2012-08-12 20:59:21: Original File Name: FDResPub.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: !!!!!!!
2012-08-12 20:59:21: Found Service: FontCache
2012-08-12 20:59:21: Real Path: C:\Windows\system32\FntCache.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-08-12 20:59:21: Description: @%systemroot%\system32\FntCache.dll,-101
2012-08-12 20:59:21: ServiceDLL: system32\FntCache.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: FntCache.dll
2012-08-12 20:59:21: Original File Name: FontCacheService
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: !!!!!!!!!
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: gpsvc
2012-08-12 20:59:21: Real Path: C:\Windows\System32\gpsvc.dll
2012-08-12 20:59:21: Display Name: @gpapi.dll,-112
2012-08-12 20:59:21: Description: @gpapi.dll,-113
2012-08-12 20:59:21: ServiceDLL: System32\gpsvc.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: gpsvc.dll
2012-08-12 20:59:21: Original File Name: gpsvc.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: hidserv
2012-08-12 20:59:21: Real Path: C:\Windows\System32\hidserv.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-08-12 20:59:21: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-08-12 20:59:21: ServiceDLL: System32\hidserv.dll
2012-08-12 20:59:21: File size: 26112
2012-08-12 20:59:21: DLL File name: hidserv.dll
2012-08-12 20:59:21: Original File Name: HIDSERV.DLL.MUI
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time: 20090410232820 20120722151911 20120810225624
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: hkmsvc
2012-08-12 20:59:21: Real Path: C:\Windows\system32\kmsvc.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-08-12 20:59:21: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-08-12 20:59:21: ServiceDLL: system32\kmsvc.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: kmsvc.dll
2012-08-12 20:59:21: Original File Name: KmSvc.DLL.MUI
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: IKEEXT
2012-08-12 20:59:21: Real Path: C:\Windows\System32\ikeext.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-08-12 20:59:21: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-08-12 20:59:21: ServiceDLL: System32\ikeext.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: ikeext.dll
2012-08-12 20:59:21: Original File Name: IKEEXT.DLL.MUI
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: IPBusEnum
2012-08-12 20:59:21: Real Path: C:\Windows\system32\ipbusenum.dll
2012-08-12 20:59:21: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-08-12 20:59:21: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-08-12 20:59:21: ServiceDLL: system32\ipbusenum.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: ipbusenum.dll
2012-08-12 20:59:21: Original File Name: IPBusEnum.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: iphlpsvc
2012-08-12 20:59:21: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-08-12 20:59:21: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-200
2012-08-12 20:59:21: Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
2012-08-12 20:59:21: ServiceDLL: System32\iphlpsvc.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: iphlpsvc.dll
2012-08-12 20:59:21: Original File Name: iphlpsvc.dll.mui
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:21: ---------------------------------------------------------------------
2012-08-12 20:59:21: Found Service: KtmRm
2012-08-12 20:59:21: Real Path: C:\Windows\system32\msdtckrm.dll
2012-08-12 20:59:21: Display Name: @comres.dll,-2946
2012-08-12 20:59:21: Description: @comres.dll,-2947
2012-08-12 20:59:21: ServiceDLL: system32\msdtckrm.dll
2012-08-12 20:59:21: File size: 0
2012-08-12 20:59:21: DLL File name: msdtckrm.dll
2012-08-12 20:59:21: Original File Name: MSDTCKRM.DLL
2012-08-12 20:59:21: Company:
2012-08-12 20:59:21: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: LanmanServer
2012-08-12 20:59:22: Real Path: C:\Windows\System32\srvsvc.dll
2012-08-12 20:59:22: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-08-12 20:59:22: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-08-12 20:59:22: ServiceDLL: System32\srvsvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: srvsvc.dll
2012-08-12 20:59:22: Original File Name: SRVSVC.DLL.MUI
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: LanmanWorkstation
2012-08-12 20:59:22: Real Path: C:\Windows\System32\wkssvc.dll
2012-08-12 20:59:22: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-08-12 20:59:22: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-08-12 20:59:22: ServiceDLL: System32\wkssvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: wkssvc.dll
2012-08-12 20:59:22: Original File Name: WKSSVC.DLL.MUI
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: lltdsvc
2012-08-12 20:59:22: Real Path: C:\Windows\System32\lltdsvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-08-12 20:59:22: ServiceDLL: System32\lltdsvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: lltdsvc.dll
2012-08-12 20:59:22: Original File Name: LLTDSVC.DLL
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: lmhosts
2012-08-12 20:59:22: Real Path: C:\Windows\System32\lmhsvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-08-12 20:59:22: ServiceDLL: System32\lmhsvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: lmhsvc.dll
2012-08-12 20:59:22: Original File Name: lmhsvc.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: Mcx2Svc
2012-08-12 20:59:22: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-08-12 20:59:22: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-08-12 20:59:22: ServiceDLL: system32\Mcx2Svc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: Mcx2Svc.dll
2012-08-12 20:59:22: Original File Name: Mcx2Svc.dll
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: MMCSS
2012-08-12 20:59:22: Real Path: C:\Windows\system32\mmcss.dll
2012-08-12 20:59:22: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-08-12 20:59:22: Description: @%systemroot%\system32\mmcss.dll,-101
2012-08-12 20:59:22: ServiceDLL: system32\mmcss.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: mmcss.dll
2012-08-12 20:59:22: Original File Name: mmcss.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: MpsSvc
2012-08-12 20:59:22: Real Path: C:\Windows\system32\mpssvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-08-12 20:59:22: ServiceDLL: system32\mpssvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: mpssvc.dll
2012-08-12 20:59:22: Original File Name: mpssvc.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: MSiSCSI
2012-08-12 20:59:22: Real Path: C:\Windows\system32\iscsiexe.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-08-12 20:59:22: ServiceDLL: system32\iscsiexe.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: iscsiexe.dll
2012-08-12 20:59:22: Original File Name: iscsiexe.exe.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: napagent
2012-08-12 20:59:22: Real Path: C:\Windows\system32\qagentRT.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-08-12 20:59:22: ServiceDLL: system32\qagentRT.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: qagentRT.dll
2012-08-12 20:59:22: Original File Name: QAgentRT.DLL.MUI
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: Netman
2012-08-12 20:59:22: Real Path: C:\Windows\System32\netman.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\netman.dll,-110
2012-08-12 20:59:22: ServiceDLL: System32\netman.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: netman.dll
2012-08-12 20:59:22: Original File Name: netman.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: netprofm
2012-08-12 20:59:22: Real Path: C:\Windows\System32\netprofm.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\netprof.dll,-246
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\netprof.dll,-247
2012-08-12 20:59:22: ServiceDLL: System32\netprofm.dll
2012-08-12 20:59:22: File size: 237056
2012-08-12 20:59:22: DLL File name: netprofm.dll
2012-08-12 20:59:22: Original File Name: netprofm.dll
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time: 20080120224921 20080120224921 20120810225626
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: NlaSvc
2012-08-12 20:59:22: Real Path: C:\Windows\System32\nlasvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-08-12 20:59:22: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-08-12 20:59:22: ServiceDLL: System32\nlasvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: nlasvc.dll
2012-08-12 20:59:22: Original File Name: nlasvc.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: nsi
2012-08-12 20:59:22: Real Path: C:\Windows\system32\nsisvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-08-12 20:59:22: ServiceDLL: system32\nsisvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: nsisvc.dll
2012-08-12 20:59:22: Original File Name: nsisvc.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: p2pimsvc
2012-08-12 20:59:22: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8004
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\p2psvc.dll,-8005
2012-08-12 20:59:22: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:59:22: File size: 644608
2012-08-12 20:59:22: DLL File name: p2psvc.dll
2012-08-12 20:59:22: Original File Name: p2psvc.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: p2psvc
2012-08-12 20:59:22: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-08-12 20:59:22: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:59:22: File size: 644608
2012-08-12 20:59:22: DLL File name: p2psvc.dll
2012-08-12 20:59:22: Original File Name: p2psvc.dll.mui
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:59:22: !!!!!!!
2012-08-12 20:59:22: Found Service: PcaSvc
2012-08-12 20:59:22: Real Path: C:\Windows\System32\pcasvc.dll
2012-08-12 20:59:22: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-08-12 20:59:22: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-08-12 20:59:22: ServiceDLL: System32\pcasvc.dll
2012-08-12 20:59:22: File size: 0
2012-08-12 20:59:22: DLL File name: pcasvc.dll
2012-08-12 20:59:22: Original File Name:
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time:
2012-08-12 20:59:22: !!!!!!!!!
2012-08-12 20:59:22: ---------------------------------------------------------------------
2012-08-12 20:59:22: Found Service: pla
2012-08-12 20:59:22: Real Path: C:\Windows\system32\pla.dll
2012-08-12 20:59:22: Display Name: @%systemroot%\system32\pla.dll,-500
2012-08-12 20:59:22: Description: @%systemroot%\system32\pla.dll,-501
2012-08-12 20:59:22: ServiceDLL: system32\pla.dll
2012-08-12 20:59:22: File size: 1502208
2012-08-12 20:59:22: DLL File name: pla.dll
2012-08-12 20:59:22: Original File Name: PLA.DLL.MUI
2012-08-12 20:59:22: Company:
2012-08-12 20:59:22: Mod/Cre/Acc time: 20080120224823 20080120224823 20120810225626
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: PlugPlay
2012-08-12 20:59:23: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-08-12 20:59:23: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-08-12 20:59:23: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-08-12 20:59:23: ServiceDLL: system32\umpnpmgr.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: umpnpmgr.dll
2012-08-12 20:59:23: Original File Name: Umpnpmgr.DLL.MUI
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: PNRPAutoReg
2012-08-12 20:59:23: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:59:23: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8002
2012-08-12 20:59:23: Description: @%SystemRoot%\system32\p2psvc.dll,-8003
2012-08-12 20:59:23: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:59:23: File size: 644608
2012-08-12 20:59:23: DLL File name: p2psvc.dll
2012-08-12 20:59:23: Original File Name: p2psvc.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: PNRPsvc
2012-08-12 20:59:23: Real Path: C:\Windows\system32\p2psvc.dll
2012-08-12 20:59:23: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8000
2012-08-12 20:59:23: Description: @%SystemRoot%\system32\p2psvc.dll,-8001
2012-08-12 20:59:23: ServiceDLL: system32\p2psvc.dll
2012-08-12 20:59:23: File size: 644608
2012-08-12 20:59:23: DLL File name: p2psvc.dll
2012-08-12 20:59:23: Original File Name: p2psvc.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time: 20090410232824 20120722151958 20120810225626
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: PolicyAgent
2012-08-12 20:59:23: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-08-12 20:59:23: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-08-12 20:59:23: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-08-12 20:59:23: ServiceDLL: System32\ipsecsvc.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: ipsecsvc.dll
2012-08-12 20:59:23: Original File Name: ipsecsvc.dll
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: ProfSvc
2012-08-12 20:59:23: Real Path: C:\Windows\system32\profsvc.dll
2012-08-12 20:59:23: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-08-12 20:59:23: Description: @%systemroot%\system32\profsvc.dll,-301
2012-08-12 20:59:23: ServiceDLL: system32\profsvc.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: profsvc.dll
2012-08-12 20:59:23: Original File Name: ProfSvc.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: QWAVE
2012-08-12 20:59:23: Real Path: C:\Windows\system32\qwave.dll
2012-08-12 20:59:23: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-08-12 20:59:23: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-08-12 20:59:23: ServiceDLL: system32\qwave.dll
2012-08-12 20:59:23: File size: 243712
2012-08-12 20:59:23: DLL File name: qwave.dll
2012-08-12 20:59:23: Original File Name: qwave.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time: 20080120224735 20080120224735 20120810225627
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: RasAuto
2012-08-12 20:59:23: Real Path: C:\Windows\System32\rasauto.dll
2012-08-12 20:59:23: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-08-12 20:59:23: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-08-12 20:59:23: ServiceDLL: System32\rasauto.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: rasauto.dll
2012-08-12 20:59:23: Original File Name: rasauto.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: RasMan
2012-08-12 20:59:23: Real Path: C:\Windows\System32\rasmans.dll
2012-08-12 20:59:23: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-08-12 20:59:23: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-08-12 20:59:23: ServiceDLL: System32\rasmans.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: rasmans.dll
2012-08-12 20:59:23: Original File Name: Rasmans.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: RemoteAccess
2012-08-12 20:59:23: Real Path: C:\Windows\System32\mprdim.dll
2012-08-12 20:59:23: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-08-12 20:59:23: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-08-12 20:59:23: ServiceDLL: System32\mprdim.dll
2012-08-12 20:59:23: File size: 68608
2012-08-12 20:59:23: DLL File name: mprdim.dll
2012-08-12 20:59:23: Original File Name: MPRDIM.DLL.MUI
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time: 20080120224909 20080120224909 20120810225627
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: RemoteRegistry
2012-08-12 20:59:23: Real Path: C:\Windows\system32\regsvc.dll
2012-08-12 20:59:23: Display Name: @regsvc.dll,-1
2012-08-12 20:59:23: Description: @regsvc.dll,-2
2012-08-12 20:59:23: ServiceDLL: system32\regsvc.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: regsvc.dll
2012-08-12 20:59:23: Original File Name: REGSVC.DLL.MUI
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:23: ---------------------------------------------------------------------
2012-08-12 20:59:23: Found Service: RpcSs
2012-08-12 20:59:23: Real Path: C:\Windows\System32\rpcss.dll
2012-08-12 20:59:23: Display Name: @oleres.dll,-5010
2012-08-12 20:59:23: Description: @oleres.dll,-5011
2012-08-12 20:59:23: ServiceDLL: System32\rpcss.dll
2012-08-12 20:59:23: File size: 0
2012-08-12 20:59:23: DLL File name: rpcss.dll
2012-08-12 20:59:23: Original File Name: rpcss.dll.mui
2012-08-12 20:59:23: Company:
2012-08-12 20:59:23: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SCardSvr
2012-08-12 20:59:24: Real Path: C:\Windows\System32\SCardSvr.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-08-12 20:59:24: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-08-12 20:59:24: ServiceDLL: System32\SCardSvr.dll
2012-08-12 20:59:24: File size: 95232
2012-08-12 20:59:24: DLL File name: SCardSvr.dll
2012-08-12 20:59:24: Original File Name: SCardSvr.exe.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time: 20090410232826 20120722151943 20120810225627
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: Schedule
2012-08-12 20:59:24: Real Path: C:\Windows\system32\schedsvc.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-08-12 20:59:24: ServiceDLL: system32\schedsvc.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: schedsvc.dll
2012-08-12 20:59:24: Original File Name: schedsvc.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SCPolicySvc
2012-08-12 20:59:24: Real Path: C:\Windows\System32\certprop.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-08-12 20:59:24: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-08-12 20:59:24: ServiceDLL: System32\certprop.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: certprop.dll
2012-08-12 20:59:24: Original File Name: certprop.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SDRSVC
2012-08-12 20:59:24: Real Path: C:\Windows\System32\SDRSVC.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-08-12 20:59:24: ServiceDLL: System32\SDRSVC.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: SDRSVC.dll
2012-08-12 20:59:24: Original File Name: SDRSVC.DLL.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: seclogon
2012-08-12 20:59:24: Real Path: C:\Windows\system32\seclogon.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-08-12 20:59:24: ServiceDLL: system32\seclogon.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: seclogon.dll
2012-08-12 20:59:24: Original File Name: SECLOGON.EXE.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SENS
2012-08-12 20:59:24: Real Path: C:\Windows\system32\sens.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-08-12 20:59:24: ServiceDLL: system32\sens.dll
2012-08-12 20:59:24: File size: 47104
2012-08-12 20:59:24: DLL File name: sens.dll
2012-08-12 20:59:24: Original File Name: sens.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time: 20080120225007 20080120225007 20120810225628
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SessionEnv
2012-08-12 20:59:24: Real Path: C:\Windows\system32\sessenv.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-08-12 20:59:24: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-08-12 20:59:24: ServiceDLL: system32\sessenv.dll
2012-08-12 20:59:24: File size: 84992
2012-08-12 20:59:24: DLL File name: sessenv.dll
2012-08-12 20:59:24: Original File Name: SessEnv.DLL.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time: 20080120225038 20080120225038 20120810225628
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SharedAccess
2012-08-12 20:59:24: Real Path: C:\Windows\System32\ipnathlp.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-08-12 20:59:24: ServiceDLL: System32\ipnathlp.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: ipnathlp.dll
2012-08-12 20:59:24: Original File Name: IPNATHLP.DLL.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: ShellHWDetection
2012-08-12 20:59:24: Real Path: C:\Windows\System32\shsvcs.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-08-12 20:59:24: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-08-12 20:59:24: ServiceDLL: System32\shsvcs.dll
2012-08-12 20:59:24: File size: 247808
2012-08-12 20:59:24: DLL File name: shsvcs.dll
2012-08-12 20:59:24: Original File Name: SHSVCS.DLL.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time: 20090710074742 20110315221629 20120810225628
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SLUINotify
2012-08-12 20:59:24: Real Path: C:\Windows\system32\SLUINotify.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\SLUINotify.dll,-103
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\SLUINotify.dll,-102
2012-08-12 20:59:24: ServiceDLL: system32\SLUINotify.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: SLUINotify.dll
2012-08-12 20:59:24: Original File Name: SLUINotify.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SSDPSRV
2012-08-12 20:59:24: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-08-12 20:59:24: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-08-12 20:59:24: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-08-12 20:59:24: ServiceDLL: System32\ssdpsrv.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: ssdpsrv.dll
2012-08-12 20:59:24: Original File Name: ssdpsrv.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SstpSvc
2012-08-12 20:59:24: Real Path: C:\Windows\system32\sstpsvc.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-08-12 20:59:24: ServiceDLL: system32\sstpsvc.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: sstpsvc.dll
2012-08-12 20:59:24: Original File Name: sstpsvc.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: stisvc
2012-08-12 20:59:24: Real Path: C:\Windows\System32\wiaservc.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-08-12 20:59:24: ServiceDLL: System32\wiaservc.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: wiaservc.dll
2012-08-12 20:59:24: Original File Name: WIASERVC.DLL.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: swprv
2012-08-12 20:59:24: Real Path: C:\Windows\System32\swprv.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-08-12 20:59:24: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-08-12 20:59:24: ServiceDLL: System32\swprv.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: swprv.dll
2012-08-12 20:59:24: Original File Name: SWPRV.DLL.MUI
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: ---------------------------------------------------------------------
2012-08-12 20:59:24: Found Service: SysMain
2012-08-12 20:59:24: Real Path: C:\Windows\system32\sysmain.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-08-12 20:59:24: ServiceDLL: system32\sysmain.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:24: DLL File name: sysmain.dll
2012-08-12 20:59:24: Original File Name: sysmain.dll.mui
2012-08-12 20:59:24: Company:
2012-08-12 20:59:24: Mod/Cre/Acc time:
2012-08-12 20:59:24: !!!!!!!
2012-08-12 20:59:24: Found Service: TabletInputService
2012-08-12 20:59:24: Real Path: C:\Windows\System32\TabSvc.dll
2012-08-12 20:59:24: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-08-12 20:59:24: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-08-12 20:59:24: ServiceDLL: System32\TabSvc.dll
2012-08-12 20:59:24: File size: 0
2012-08-12 20:59:25: DLL File name: TabSvc.dll
2012-08-12 20:59:25: Original File Name: PenService.EXE.MUI
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:25: !!!!!!!!!
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: TapiSrv
2012-08-12 20:59:25: Real Path: C:\Windows\System32\tapisrv.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-08-12 20:59:25: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-08-12 20:59:25: ServiceDLL: System32\tapisrv.dll
2012-08-12 20:59:25: File size: 242688
2012-08-12 20:59:25: DLL File name: tapisrv.dll
2012-08-12 20:59:25: Original File Name: TAPISRV.EXE.MUI
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time: 20090410232826 20120722151849 20120810225628
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: TBS
2012-08-12 20:59:25: Real Path: C:\Windows\System32\tbssvc.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-08-12 20:59:25: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-08-12 20:59:25: ServiceDLL: System32\tbssvc.dll
2012-08-12 20:59:25: File size: 0
2012-08-12 20:59:25: DLL File name: tbssvc.dll
2012-08-12 20:59:25: Original File Name: TBSSVC.DLL.MUI
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: TermService
2012-08-12 20:59:25: Real Path: C:\Windows\System32\termsrv.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-08-12 20:59:25: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-08-12 20:59:25: ServiceDLL: System32\termsrv.dll
2012-08-12 20:59:25: File size: 0
2012-08-12 20:59:25: DLL File name: termsrv.dll
2012-08-12 20:59:25: Original File Name: termsrv.dll.mui
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: Themes
2012-08-12 20:59:25: Real Path: C:\Windows\system32\shsvcs.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\System32\shsvcs.dll,-8192
2012-08-12 20:59:25: Description: @%SystemRoot%\System32\shsvcs.dll,-8193
2012-08-12 20:59:25: ServiceDLL: system32\shsvcs.dll
2012-08-12 20:59:25: File size: 247808
2012-08-12 20:59:25: DLL File name: shsvcs.dll
2012-08-12 20:59:25: Original File Name: SHSVCS.DLL.MUI
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time: 20090710074742 20110315221629 20120810225628
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: THREADORDER
2012-08-12 20:59:25: Real Path: C:\Windows\system32\mmcss.dll
2012-08-12 20:59:25: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-08-12 20:59:25: Description: @%systemroot%\system32\mmcss.dll,-103
2012-08-12 20:59:25: ServiceDLL: system32\mmcss.dll
2012-08-12 20:59:25: File size: 0
2012-08-12 20:59:25: DLL File name: mmcss.dll
2012-08-12 20:59:25: Original File Name: mmcss.dll.mui
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: TrkWks
2012-08-12 20:59:25: Real Path: C:\Windows\System32\trkwks.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-08-12 20:59:25: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-08-12 20:59:25: ServiceDLL: System32\trkwks.dll
2012-08-12 20:59:25: File size: 0
2012-08-12 20:59:25: DLL File name: trkwks.dll
2012-08-12 20:59:25: Original File Name: trkwks.dll.mui
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:25: !!!!!!!
2012-08-12 20:59:25: Found Service: upnphost
2012-08-12 20:59:25: Real Path: C:\Windows\System32\upnphost.dll
2012-08-12 20:59:25: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-08-12 20:59:25: Description: @%systemroot%\system32\upnphost.dll,-214
2012-08-12 20:59:25: ServiceDLL: System32\upnphost.dll
2012-08-12 20:59:25: File size: 259072
2012-08-12 20:59:25: DLL File name: upnphost.dll
2012-08-12 20:59:25: Original File Name: unpnhost.dll.mui
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time: 20080120224826 20080120224826 20120810225628
2012-08-12 20:59:25: !!!!!!!!!
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: UxSms
2012-08-12 20:59:25: Real Path: C:\Windows\System32\uxsms.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-08-12 20:59:25: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-08-12 20:59:25: ServiceDLL: System32\uxsms.dll
2012-08-12 20:59:25: File size: 0
2012-08-12 20:59:25: DLL File name: uxsms.dll
2012-08-12 20:59:25: Original File Name: UxSms.dll
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:25: ---------------------------------------------------------------------
2012-08-12 20:59:25: Found Service: W32Time
2012-08-12 20:59:25: Real Path: C:\Windows\system32\w32time.dll
2012-08-12 20:59:25: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-08-12 20:59:25: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-08-12 20:59:25: ServiceDLL: system32\w32time.dll
2012-08-12 20:59:25: File size: 0
2012-08-12 20:59:25: DLL File name: w32time.dll
2012-08-12 20:59:25: Original File Name: w32time.dll.mui
2012-08-12 20:59:25: Company:
2012-08-12 20:59:25: Mod/Cre/Acc time:
2012-08-12 20:59:26: ---------------------------------------------------------------------
2012-08-12 20:59:26: Found Service: wcncsvc
2012-08-12 20:59:26: Real Path: C:\Windows\System32\wcncsvc.dll
2012-08-12 20:59:26: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-08-12 20:59:26: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-08-12 20:59:26: ServiceDLL: System32\wcncsvc.dll
2012-08-12 20:59:26: File size: 413696
2012-08-12 20:59:26: DLL File name: wcncsvc.dll
2012-08-12 20:59:26: Original File Name: WCNCSVC.DLL.MUI
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time: 20090410232826 20120722151857 20120810225629
2012-08-12 20:59:26: ---------------------------------------------------------------------
2012-08-12 20:59:26: Found Service: WcsPlugInService
2012-08-12 20:59:26: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-08-12 20:59:26: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-08-12 20:59:26: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-08-12 20:59:26: ServiceDLL: System32\WcsPlugInService.dll
2012-08-12 20:59:26: File size: 32256
2012-08-12 20:59:26: DLL File name: WcsPlugInService.dll
2012-08-12 20:59:26: Original File Name: WcsPlugInService.DLL.MUI
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time: 20061102054613 20061102081253 20120810225629
2012-08-12 20:59:26: ---------------------------------------------------------------------
2012-08-12 20:59:26: Found Service: WdiServiceHost
2012-08-12 20:59:26: Real Path: C:\Windows\system32\wdi.dll
2012-08-12 20:59:26: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-08-12 20:59:26: Description: @%systemroot%\system32\wdi.dll,-503
2012-08-12 20:59:26: ServiceDLL: system32\wdi.dll
2012-08-12 20:59:26: File size: 73728
2012-08-12 20:59:26: DLL File name: wdi.dll
2012-08-12 20:59:26: Original File Name: wdi.dll.mui
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time: 20080120225001 20080120225001 20120810225629
2012-08-12 20:59:26: ---------------------------------------------------------------------
2012-08-12 20:59:26: Found Service: WdiSystemHost
2012-08-12 20:59:26: Real Path: C:\Windows\system32\wdi.dll
2012-08-12 20:59:26: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-08-12 20:59:26: Description: @%systemroot%\system32\wdi.dll,-501
2012-08-12 20:59:26: ServiceDLL: system32\wdi.dll
2012-08-12 20:59:26: File size: 73728
2012-08-12 20:59:26: DLL File name: wdi.dll
2012-08-12 20:59:26: Original File Name: wdi.dll.mui
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time: 20080120225001 20080120225001 20120810225629
2012-08-12 20:59:26: !!!!!!!
2012-08-12 20:59:26: Found Service: WebClient
2012-08-12 20:59:26: Real Path: C:\Windows\System32\webclnt.dll
2012-08-12 20:59:26: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-08-12 20:59:26: Description: @%systemroot%\system32\webclnt.dll,-101
2012-08-12 20:59:26: ServiceDLL: System32\webclnt.dll
2012-08-12 20:59:26: File size: 199680
2012-08-12 20:59:26: DLL File name: webclnt.dll
2012-08-12 20:59:26: Original File Name: davsvc.dll.mui
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time: 20090410232826 20120722151834 20120810225629
2012-08-12 20:59:26: !!!!!!!!!
2012-08-12 20:59:26: ---------------------------------------------------------------------
2012-08-12 20:59:26: Found Service: Wecsvc
2012-08-12 20:59:26: Real Path: C:\Windows\system32\wecsvc.dll
2012-08-12 20:59:26: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-08-12 20:59:26: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-08-12 20:59:26: ServiceDLL: system32\wecsvc.dll
2012-08-12 20:59:26: File size: 0
2012-08-12 20:59:26: DLL File name: wecsvc.dll
2012-08-12 20:59:26: Original File Name: wecsvc.dll.mui
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time:
2012-08-12 20:59:26: !!!!!!!
2012-08-12 20:59:26: Found Service: wercplsupport
2012-08-12 20:59:26: Real Path: C:\Windows\System32\wercplsupport.dll
2012-08-12 20:59:26: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-08-12 20:59:26: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-08-12 20:59:26: ServiceDLL: System32\wercplsupport.dll
2012-08-12 20:59:26: File size: 0
2012-08-12 20:59:26: DLL File name: wercplsupport.dll
2012-08-12 20:59:26: Original File Name: ERC
2012-08-12 20:59:26: Company:
2012-08-12 20:59:26: Mod/Cre/Acc time:
2012-08-12 20:59:26: !!!!!!!!!
2012-08-12 20:59:27: !!!!!!!
2012-08-12 20:59:27: Found Service: WerSvc
2012-08-12 20:59:27: Real Path: C:\Windows\System32\WerSvc.dll
2012-08-12 20:59:27: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-08-12 20:59:27: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-08-12 20:59:27: ServiceDLL: System32\WerSvc.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: WerSvc.dll
2012-08-12 20:59:27: Original File Name: wersvc
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27: !!!!!!!!!
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: Winmgmt
2012-08-12 20:59:27: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-08-12 20:59:27: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-08-12 20:59:27: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-08-12 20:59:27: ServiceDLL: system32\wbem\WMIsvc.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: WMIsvc.dll
2012-08-12 20:59:27: Original File Name: wmisvc.dll.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: WinRM
2012-08-12 20:59:27: Real Path: C:\Windows\system32\WsmSvc.dll
2012-08-12 20:59:27: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-08-12 20:59:27: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-08-12 20:59:27: ServiceDLL: system32\WsmSvc.dll
2012-08-12 20:59:27: File size: 1181696
2012-08-12 20:59:27: DLL File name: WsmSvc.dll
2012-08-12 20:59:27: Original File Name: WsmSvc.dll.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time: 20091009175618 20110223040027 20120810225629
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: Wlansvc
2012-08-12 20:59:27: Real Path: C:\Windows\System32\wlansvc.dll
2012-08-12 20:59:27: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-08-12 20:59:27: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-08-12 20:59:27: ServiceDLL: System32\wlansvc.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: wlansvc.dll
2012-08-12 20:59:27: Original File Name: wlansvc.dll.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: WPCSvc
2012-08-12 20:59:27: Real Path: C:\Windows\System32\wpcsvc.dll
2012-08-12 20:59:27: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-08-12 20:59:27: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-08-12 20:59:27: ServiceDLL: System32\wpcsvc.dll
2012-08-12 20:59:27: File size: 140288
2012-08-12 20:59:27: DLL File name: wpcsvc.dll
2012-08-12 20:59:27: Original File Name: wpcsvc.exe.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time: 20090410232826 20120722151844 20120810225630
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: WPDBusEnum
2012-08-12 20:59:27: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-08-12 20:59:27: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-08-12 20:59:27: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-08-12 20:59:27: ServiceDLL: system32\wpdbusenum.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: wpdbusenum.dll
2012-08-12 20:59:27: Original File Name: WpdBusEnum.DLL.MUI
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: wscsvc
2012-08-12 20:59:27: Real Path: C:\Windows\system32\wscsvc.dll
2012-08-12 20:59:27: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-08-12 20:59:27: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-08-12 20:59:27: ServiceDLL: system32\wscsvc.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: wscsvc.dll
2012-08-12 20:59:27: Original File Name: wscsvc.dll.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: wuauserv
2012-08-12 20:59:27: Real Path: C:\Windows\system32\wuaueng.dll
2012-08-12 20:59:27: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-08-12 20:59:27: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-08-12 20:59:27: ServiceDLL: system32\wuaueng.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: wuaueng.dll
2012-08-12 20:59:27: Original File Name: wuaueng.dll.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27: ---------------------------------------------------------------------
2012-08-12 20:59:27: Found Service: wudfsvc
2012-08-12 20:59:27: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-08-12 20:59:27: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-08-12 20:59:27: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-08-12 20:59:27: ServiceDLL: System32\WUDFSvc.dll
2012-08-12 20:59:27: File size: 0
2012-08-12 20:59:27: DLL File name: WUDFSvc.dll
2012-08-12 20:59:27: Original File Name: WUDFSvc.dll.mui
2012-08-12 20:59:27: Company:
2012-08-12 20:59:27: Mod/Cre/Acc time:
2012-08-12 20:59:27:
2012-08-12 20:59:27: Looking for SHELL key
2012-08-12 20:59:27: Now looking for bad DLL files in system32
2012-08-12 21:00:09: Folder: GAC
2012-08-12 21:00:09: Folder: GAC_32
2012-08-12 21:00:09: Folder: GAC_64
2012-08-12 21:00:09: Folder: GAC_MSIL
2012-08-12 21:00:09: Folder: NativeImages_v2.0.50727_32
2012-08-12 21:00:09: Folder: NativeImages_v2.0.50727_64
2012-08-12 21:00:09: Folder: NativeImages_v4.0.30319_32
2012-08-12 21:00:09: Folder: NativeImages_v4.0.30319_64
2012-08-12 21:00:09: Folder: temp
2012-08-12 21:00:09: Folder: tmp
2012-08-12 21:00:09: Checking for bad folder
2012-08-12 21:00:09: Found 1 folders.
2012-08-12 21:00:09: Checking C:\Windows\assembly\tmp
2012-08-12 21:00:09: ... Folder test returns: 1
2012-08-12 21:00:09: Done with folder list in C:\Windows\assembly\ tmp
2012-08-12 21:00:09: Autonomous mode, clearing out yt folder
2012-08-12 21:00:09: cmd.exe /c start "C:\Users\Kathy\Desktop\yorkyt.exe"
2012-08-12 21:00:14: Restarting...
2012-08-12 21:04:37: ****************************************************
2012-08-12 21:04:37: Starting UP ... v 0.0.0.220
2012-08-12 21:04:37: ****************************************************
2012-08-12 21:04:38: Stop TPSRV returns: 2
2012-08-12 21:04:53: Listing processes...
2012-08-12 21:04:53: :[System Process]:0
2012-08-12 21:04:53: :System:4
2012-08-12 21:04:53: :smss.exe:544
2012-08-12 21:04:53: :csrss.exe:676
2012-08-12 21:04:53: :wininit.exe:712
2012-08-12 21:04:53: :csrss.exe:732
2012-08-12 21:04:53: :services.exe:768
2012-08-12 21:04:53: :lsass.exe:780
2012-08-12 21:04:53: :lsm.exe:788
2012-08-12 21:04:53: :winlogon.exe:916
2012-08-12 21:04:53: :svchost.exe:1000
2012-08-12 21:04:53: :SH4SER~1.EXE:328
2012-08-12 21:04:53: :svchost.exe:388
2012-08-12 21:04:53: :svchost.exe:668
2012-08-12 21:04:53: :svchost.exe:536
2012-08-12 21:04:53: :svchost.exe:992
2012-08-12 21:04:53: :stacsv64.exe:1052
2012-08-12 21:04:53: :audiodg.exe:1192
2012-08-12 21:04:53: :svchost.exe:1276
2012-08-12 21:04:53: :SLsvc.exe:1292
2012-08-12 21:04:53: :svchost.exe:1336
2012-08-12 21:04:53:

ockLogin.exe:1412
2012-08-12 21:04:53: :svchost.exe:1484
2012-08-12 21:04:53: :WLTRYSVC.EXE:1644
2012-08-12 21:04:53: :BCMWLTRY.EXE:1656
2012-08-12 21:04:53: :wlanext.exe:1664
2012-08-12 21:04:53: :AvastSvc.exe:1688
2012-08-12 21:04:53: :spoolsv.exe:1920
2012-08-12 21:04:53: :svchost.exe:1948
2012-08-12 21:04:53: :dwm.exe:1284
2012-08-12 21:04:53: :explorer.exe:1516
2012-08-12 21:04:53: :taskeng.exe:2128
2012-08-12 21:04:53: :armsvc.exe:2296
2012-08-12 21:04:53: :taskeng.exe:2324
2012-08-12 21:04:53: :AESTSr64.exe:2400
2012-08-12 21:04:53: :BBSvc.EXE:2432
2012-08-12 21:04:53: :SeaPort.EXE:2448
2012-08-12 21:04:53: :BDTUpdateService.exe:2668
2012-08-12 21:04:53: :FAService.exe:2708
2012-08-12 21:04:53: :svchost.exe:2840
2012-08-12 21:04:53: :svchost.exe:2956
2012-08-12 21:04:53: :svchost.exe:2996
2012-08-12 21:04:53: :SearchIndexer.exe:3032
2012-08-12 21:04:53: :SDWinSec.exe:2232
2012-08-12 21:04:53: :yorkyt.exe:3360
2012-08-12 21:04:53: :WmiPrvSE.exe:3488
2012-08-12 21:04:53: :igfxsrvc.exe:3588
2012-08-12 21:04:53: :Apoint.exe:3616
2012-08-12 21:04:53: :WLTRAY.EXE:3624
2012-08-12 21:04:53: :igfxtray.exe:3632
2012-08-12 21:04:53: :hkcmd.exe:3640
2012-08-12 21:04:53: :igfxpers.exe:3656
2012-08-12 21:04:53: :sttray64.exe:3688
2012-08-12 21:04:53: :quickset.exe:3708
2012-08-12 21:04:53: :FATrayMon.exe:3720
2012-08-12 21:04:53: :PCMService.exe:3728
2012-08-12 21:04:53: :WinPatrol.exe:3740
2012-08-12 21:04:53: :jusched.exe:3776
2012-08-12 21:04:53: :FATrayAlert.exe:3788
2012-08-12 21:04:53: :reader_sl.exe:3856
2012-08-12 21:04:53: :WmiPrvSE.exe:3932
2012-08-12 21:04:53: :ApMsgFwd.exe:4072
2012-08-12 21:04:53: :GfxUI.exe:1224
2012-08-12 21:04:53: :ApntEx.exe:3348
2012-08-12 21:04:53: :hidfind.exe:1776
2012-08-12 21:04:53:
2012-08-12 21:04:53: Starting cleanup mode...
2012-08-12 21:06:14: ... Done with files, now folders
2012-08-12 21:06:20: All DONE

Thread: Logs - Google redirect

LinkBack

Thread Tools