View Full Version : something seems wrong
rngrgreen
2009-11-03, 06:36
Hi I am not sure if I have virus or not. I have noticed that computer started runnig really slow. I looked under process see if anythning new was runnin there I normally had about 40-50 I now have 73. Also alot of svchost.exe. I have checked startup and services hiding all microsft services everything seemed normally there.
OS Vista Home Premuim
Antiviru f-secured providede by isp and spybot S&D both updated.
Ok no I really think something is here I amunable to run hijackthis I get may not have appropaite persmissions. I am administrator I also tried running as administrator same error. I have posted a list of processes with the serice next to it please help as now I really think something is here.
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 408 N/A
csrss.exe 536 N/A
csrss.exe 580 N/A
wininit.exe 588 N/A
services.exe 624 N/A
lsass.exe 636 SamSs
lsm.exe 644 N/A
winlogon.exe 696 N/A
svchost.exe 828 DcomLaunch, PlugPlay
nvvsvc.exe 872 nvsvc
svchost.exe 900 RpcSs
svchost.exe 952 WinDefend
svchost.exe 1040 Audiosrv, Dhcp, Eventlog, lmhosts, wscsvc
svchost.exe 1076 AudioEndpointBuilder, hidserv, Netman,
TabletInputService, UxSms, WPDBusEnum,
wudfsvc
svchost.exe 1088 BITS, Browser, IKEEXT, iphlpsvc,
LanmanServer, MMCSS, ProfSvc, RasMan,
Schedule, seclogon, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
audiodg.exe 1180 N/A
svchost.exe 1196 gpsvc
SLsvc.exe 1212 slsvc
rundll32.exe 1320 N/A
svchost.exe 1376 EventSystem, fdPHost, FDResPub,
LanmanWorkstation, netprofm, nsi, SSDPSRV,
SstpSvc, upnphost, W32Time, WebClient
svchost.exe 1492 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
TermService
spoolsv.exe 1704 Spooler
svchost.exe 1728 BFE, MpsSvc
fsgk32st.exe 316 F-Secure Gatekeeper Handler Starter
fsgk32.exe 492 N/A
FSMA32.EXE 504 FSMA
svchost.exe 616 hpqddsvc
LSSrvc.exe 768 LightScribeService
FSHDLL32.EXE 1084 N/A
mdm.exe 1436 MDM
sqlservr.exe 1848 MSSQL$MSIWAREHOUSE
svchost.exe 1240 PolicyAgent
sqlbrowser.exe 724 SQLBrowser
sqlwriter.exe 1948 SQLWriter
svchost.exe 2060 stisvc
dllhost.exe 2104 Symantec SymSnap VSS Provider
WDDMService.exe 2252 WDDMService
WDSmartWareBackgroundServ 2388 WDSmartWareBackgroundService
svchost.exe 2636 WerSvc
WLIDSVC.EXE 2672 wlidsvc
WUDFHost.exe 2856 N/A
fsdfwd.exe 3280 FSDFWD
fsorsp.exe 3340 FSORSPClient
fssm32.exe 3392 N/A
WLIDSVCM.EXE 3456 N/A
msdtc.exe 3580 MSDTC
taskeng.exe 3716 N/A
fsav32.exe 2228 N/A
taskeng.exe 3304 N/A
dwm.exe 3076 N/A
explorer.exe 3068 N/A
FSM32.EXE 3996 N/A
rundll32.exe 3708 N/A
daemon.exe 3300 N/A
Wallpaper.exe 3552 N/A
msnmsgr.exe 124 N/A
AnyDVDtray.exe 3064 N/A
wmpnscfg.exe 3704 N/A
WDDMStatus.exe 2760 N/A
WDSmartWare.exe 4036 N/A
wmpnetwk.exe 3672 WMPNetworkSvc
wlcomm.exe 4308 N/A
VSSVC.exe 7660 VSS
svchost.exe 6768 swprv
iexplore.exe 6240 N/A
iexplore.exe 7024 N/A
iexplore.exe 5016 N/A
cmd.exe 7692 N/A
tasklist.exe 1256 N/A
WmiPrvSE.exe 4316 N/A
Hello rngrgreen
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
You posted before and said it was solved, absence of symptoms does not necessarily mean your computer is clean.
I am going to ask you not to run any scans or programs unless instructed to or your just going to hinder trying to find out if your computer is infected .
Please download RootRepeal one of these locations and save it to your desktop
Here (http://ad13.geekstogo.com/RootRepeal.exe)
Here (http://download.bleepingcomputer.com/rootrepeal/RootRepeal.exe)
Here (http://rootrepeal.psikotick.com/RootRepeal.exe)
Open http://billy-oneal.com/forums/rootRepeal/rootRepealDesktopIcon.png on your desktop.
Click the http://billy-oneal.com/forums/rootRepeal/reportTab.png tab.
Click the http://billy-oneal.com/forums/rootRepeal/btnScan.png button.
Check just these boxes:
http://forums.whatthetech.com/uploads/monthly_08_2009/post-75503-1250480183.gif
Push Ok
Check the box for your main system drive (Usually C:, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the http://billy-oneal.com/forums/rootRepeal/saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.
rngrgreen
2009-11-05, 14:03
First let me applogize little confusion I did say it was fixed and it was actually still is. What I mean by that is it was my children computer not mine. I know there is fixed and running with no problems I thank you for recognizing that I had the same issue before, just diffrent computer. Here is the information that you requested again I thank you for assist that you can offer.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 07:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: 000.fcl
Image Path: C:\Program Files\CyberLink\PowerDVD8\000.fcl
Address: 0x9E25A000 Size: 135168 File Visible: - Signed: -
Status: -
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8C7EF000 Size: 57344 File Visible: - Signed: -
Status: -
Name: a4djtd70.SYS
Image Path: C:\Windows\System32\Drivers\a4djtd70.SYS
Address: 0x8D519000 Size: 229376 File Visible: - Signed: -
Status: -
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x86B6E000 Size: 286720 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8203A000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: adfs.SYS
Image Path: C:\Windows\System32\Drivers\adfs.SYS
Address: 0x9E10D000 Size: 69248 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8F00C000 Size: 294912 File Visible: - Signed: -
Status: -
Name: agp440.sys
Image Path: C:\Windows\system32\DRIVERS\agp440.sys
Address: 0x871D1000 Size: 65536 File Visible: - Signed: -
Status: -
Name: AGRSM.sys
Image Path: C:\Windows\system32\DRIVERS\AGRSM.sys
Address: 0x8D40F000 Size: 1028096 File Visible: - Signed: -
Status: -
Name: AnyDVD.sys
Image Path: C:\Windows\System32\Drivers\AnyDVD.sys
Address: 0x872D3000 Size: 97408 File Visible: - Signed: -
Status: -
Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0x9E0FD000 Size: 36864 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x86C86000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x86C8E000 Size: 122880 File Visible: - Signed: -
Status: -
Name: atksgt.sys
Image Path: C:\Windows\system32\DRIVERS\atksgt.sys
Address: 0x9E11E000 Size: 272384 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x9A270000 Size: 311296 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8D6F8000 Size: 28672 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8688C000 Size: 32768 File Visible: - Signed: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x8F2D4000 Size: 102400 File Visible: - Signed: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9A260000 Size: 57344 File Visible: - Signed: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9E2BF000 Size: 90112 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x872EB000 Size: 98304 File Visible: - Signed: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x868D5000 Size: 917504 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x871B0000 Size: 135168 File Visible: - Signed: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x86894000 Size: 266240 File Visible: - Signed: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8F1CD000 Size: 53248 File Visible: - Signed: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x871E1000 Size: 36864 File Visible: - Signed: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8F123000 Size: 94208 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8719F000 Size: 69632 File Visible: - Signed: -
Status: -
Name: Dot4.sys
Image Path: C:\Windows\system32\DRIVERS\Dot4.sys
Address: 0x8F175000 Size: 151552 File Visible: - Signed: -
Status: -
Name: Dot4Prt.sys
Image Path: C:\Windows\system32\DRIVERS\Dot4Prt.sys
Address: 0x8F19A000 Size: 36864 File Visible: - Signed: -
Status: -
Name: dot4usb.sys
Image Path: C:\Windows\system32\DRIVERS\dot4usb.sys
Address: 0x8F168000 Size: 53248 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x87370000 Size: 151552 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8F1E5000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8F1DA000 Size: 45056 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8F1ED000 Size: 40960 File Visible: - Signed: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8C713000 Size: 659456 File Visible: - Signed: -
Status: -
Name: e100b325.sys
Image Path: C:\Windows\system32\DRIVERS\e100b325.sys
Address: 0x8726B000 Size: 159744 File Visible: - Signed: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x87178000 Size: 159744 File Visible: - Signed: -
Status: -
Name: ElbyCDFL.sys
Image Path: C:\Windows\System32\Drivers\ElbyCDFL.sys
Address: 0x8C000000 Size: 27392 File Visible: - Signed: -
Status: -
Name: ElbyCDIO.sys
Image Path: C:\Windows\System32\Drivers\ElbyCDIO.sys
Address: 0x8F11E000 Size: 17408 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x872B0000 Size: 45056 File Visible: - Signed: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x86CDE000 Size: 65536 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\Windows\system32\DRIVERS\flpydisk.sys
Address: 0x8D6CD000 Size: 40960 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x86CAC000 Size: 204800 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8D6E8000 Size: 36864 File Visible: - Signed: -
Status: -
Name: fsbts.sys
Image Path: C:\Windows\system32\Drivers\fsbts.sys
Address: 0x8716C000 Size: 49152 File Visible: - Signed: -
Status: -
Name: fsdfw.sys
Image Path: C:\Windows\System32\drivers\fsdfw.sys
Address: 0x8F0F7000 Size: 64288 File Visible: - Signed: -
Status: -
Name: fses.sys
Image Path: C:\Windows\System32\drivers\fses.sys
Address: 0x8F107000 Size: 28928 File Visible: - Signed: -
Status: -
Name: fsgk.sys
Image Path: C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys
Address: 0x9E2A2000 Size: 118784 File Visible: - Signed: -
Status: -
Name: fshs.sys
Image Path: C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys
Address: 0x8F10F000 Size: 61312 File Visible: - Signed: -
Status: -
Name: fsvista.sys
Image Path: C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsvista.sys
Address: 0x8F0DA000 Size: 32768 File Visible: - Signed: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x86FBA000 Size: 110592 File Visible: - Signed: -
Status: -
Name: giveio.sys
Image Path: C:\Windows\system32\giveio.sys
Address: 0x8716B000 Size: 1664 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82007000 Size: 208896 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8F1AC000 Size: 65536 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8D71B000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8F1A3000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x8F24C000 Size: 438272 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8D6FF000 Size: 77824 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x86C61000 Size: 28672 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8721E000 Size: 61440 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8D674000 Size: 45056 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8F1BC000 Size: 36864 File Visible: - Signed: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x86804000 Size: 28672 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\drivers\ks.sys
Address: 0x87395000 Size: 172032 File Visible: - Signed: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x86CEE000 Size: 462848 File Visible: - Signed: -
Status: -
Name: lirsgt.sys
Image Path: C:\Windows\system32\DRIVERS\lirsgt.sys
Address: 0x9E161000 Size: 18560 File Visible: - Signed: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8F229000 Size: 65536 File Visible: - Signed: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8F206000 Size: 110592 File Visible: - Signed: -
Status: -
Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8680B000 Size: 458752 File Visible: - Signed: -
Status: -
Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8D50C000 Size: 53248 File Visible: - Signed: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8F1F7000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x872A5000 Size: 45056 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8F1C5000 Size: 32768 File Visible: - Signed: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x86C76000 Size: 65536 File Visible: - Signed: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x8F2ED000 Size: 86016 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x8F302000 Size: 135168 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8F323000 Size: 126976 File Visible: - Signed: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8F342000 Size: 233472 File Visible: - Signed: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8F37B000 Size: 98304 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8D75F000 Size: 45056 File Visible: - Signed: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x86BB4000 Size: 32768 File Visible: - Signed: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8D551000 Size: 192512 File Visible: - Signed: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x86E6A000 Size: 176128 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8D681000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8715C000 Size: 61440 File Visible: - Signed: -
Status: -
Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x86D5F000 Size: 1093632 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8D5EB000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8D5F6000 Size: 143360 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8D6D7000 Size: 69632 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8F073000 Size: 57344 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8D7B0000 Size: 204800 File Visible: - Signed: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x86E95000 Size: 241664 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8D76A000 Size: 57344 File Visible: - Signed: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8F0D0000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87009000 Size: 1114112 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x8203A000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8D6F1000 Size: 28672 File Visible: - Signed: -
Status: -
Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8C009000 Size: 7380896 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8C7DF000 Size: 62208 File Visible: - Signed: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F05D000 Size: 90112 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x872BB000 Size: 98304 File Visible: - Signed: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x86BE3000 Size: 61440 File Visible: - Signed: -
Status: -
Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x9E106000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x86BBC000 Size: 159744 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x86C68000 Size: 57344 File Visible: - Signed: -
Status: -
Name: pcouffin.sys
Image Path: C:\Windows\System32\Drivers\pcouffin.sys
Address: 0x8D651000 Size: 47360 File Visible: - Signed: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9E166000 Size: 909312 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8203A000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x87343000 Size: 184320 File Visible: - Signed: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8687B000 Size: 69632 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8D778000 Size: 36864 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8D5D4000 Size: 94208 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8D619000 Size: 61440 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8D628000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8D63C000 Size: 86016 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8203A000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8F094000 Size: 245760 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8D74F000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8D757000 Size: 32768 File Visible: - Signed: -
Status: -
Name: RimSerial.sys
Image Path: C:\Windows\system32\DRIVERS\RimSerial.sys
Address: 0x8D65D000 Size: 26496 File Visible: - Signed: -
Status: -
Name: RootMdm.sys
Image Path: C:\Windows\System32\Drivers\RootMdm.sys
Address: 0x8D5CC000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9E2D5000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x8F239000 Size: 77824 File Visible: - Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x86B48000 Size: 155648 File Visible: - Signed: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9E244000 Size: 40960 File Visible: - Signed: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8D79C000 Size: 81920 File Visible: - Signed: -
Status: -
Name: smwdm.sys
Image Path: C:\Windows\system32\drivers\smwdm.sys
Address: 0x87303000 Size: 259648 File Visible: - Signed: -
Status: -
Name: speedfan.sys
Image Path: C:\Windows\system32\speedfan.sys
Address: 0x8715A000 Size: 5248 File Visible: - Signed: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x87152000 Size: 32768 File Visible: - Signed: -
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x9E04D000 Size: 720896 File Visible: - Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: spvp.sys
Image Path: C:\Windows\System32\Drivers\spvp.sys
Address: 0x86A3E000 Size: 1052672 File Visible: No Signed: -
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9E001000 Size: 311296 File Visible: - Signed: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x8F393000 Size: 159744 File Visible: - Signed: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x8F2B7000 Size: 118784 File Visible: - Signed: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8D580000 Size: 266240 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8D67F000 Size: 4992 File Visible: - Signed: -
Status: -
Name: swmsflt.sys
Image Path: C:\Windows\System32\drivers\swmsflt.sys
Address: 0x8C7C0000 Size: 20096 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x86ED0000 Size: 958464 File Visible: - Signed: -
Status: -
Name: tcpipBM.SYS
Image Path: C:\Windows\System32\Drivers\tcpipBM.SYS
Address: 0x8D797000 Size: 18816 File Visible: - Signed: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9E24E000 Size: 49152 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8D5C1000 Size: 45056 File Visible: - Signed: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8D781000 Size: 90112 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8D664000 Size: 65536 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9A240000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x87215000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8720A000 Size: 45056 File Visible: - Signed: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8D68B000 Size: 53248 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8F13A000 Size: 94208 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8D50A000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8C7D0000 Size: 61440 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8D698000 Size: 217088 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8722D000 Size: 253952 File Visible: - Signed: -
Status: -
Name: usbprint.sys
Image Path: C:\Windows\system32\DRIVERS\usbprint.sys
Address: 0x8F15E000 Size: 40960 File Visible: - Signed: -
Status: -
Name: usbscan.sys
Image Path: C:\Windows\system32\DRIVERS\usbscan.sys
Address: 0x8F151000 Size: 53248 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8F0E2000 Size: 86016 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8C7C5000 Size: 45056 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8D722000 Size: 49152 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8D72E000 Size: 135168 File Visible: - Signed: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x86C08000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x86C17000 Size: 303104 File Visible: - Signed: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87119000 Size: 233472 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F081000 Size: 77824 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8C7B4000 Size: 49152 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x869B5000 Size: 507904 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x86A31000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9A020000 Size: 2105344 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9A020000 Size: 2105344 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x86B3F000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8203A000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x8F054000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9E290000 Size: 73728 File Visible: - Signed: -
Status: -
Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9E27B000 Size: 83328 File Visible: - Signed: -
Status: -
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 07:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32.exe
PID: 316 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 360 Status: -
Path: C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe
PID: 384 Status: -
Path: C:\Windows\System32\smss.exe
PID: 472 Status: -
Path: C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE
PID: 484 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 540 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 588 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 592 Status: -
Path: C:\Windows\System32\wininit.exe
PID: 596 Status: -
Path: C:\Windows\System32\services.exe
PID: 632 Status: -
Path: C:\Windows\System32\lsass.exe
PID: 644 Status: -
Path: C:\Windows\System32\lsm.exe
PID: 652 Status: -
Path: C:\Program Files\CenturyLink Online Security\Common\FSHDLL32.EXE
PID: 680 Status: -
Path: C:\Windows\System32\winlogon.exe
PID: 708 Status: -
Path: C:\Program Files\Wallpaper Master\Wallpaper.exe
PID: 812 Status: -
Path: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 824 Status: -
Path: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PID: 832 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 836 Status: -
Path: C:\Windows\System32\nvvsvc.exe
PID: 880 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 908 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 956 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1036 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1084 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1100 Status: -
Path: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 1196 Status: -
Path: C:\Windows\System32\audiodg.exe
PID: 1216 Status: Locked to the Windows API!
Path: C:\Windows\System32\svchost.exe
PID: 1240 Status: -
Path: C:\Windows\System32\SLsvc.exe
PID: 1260 Status: -
Path: C:\Windows\System32\rundll32.exe
PID: 1320 Status: -
Path: C:\Windows\System32\dllhost.exe
PID: 1332 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1360 Status: -
Path: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PID: 1500 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1508 Status: -
Path: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PID: 1516 Status: -
Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 1592 Status: -
Path: C:\Windows\System32\spoolsv.exe
PID: 1704 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1728 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 1752 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1960 Status: -
Path: C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
PID: 2128 Status: -
Path: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PID: 2196 Status: -
Path: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PID: 2300 Status: -
Path: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PID: 2340 Status: -
Path: C:\Windows\explorer.exe
PID: 2548 Status: -
Path: C:\Windows\System32\dwm.exe
PID: 2600 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 2684 Status: -
Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PID: 2716 Status: -
Path: C:\Windows\System32\rundll32.exe
PID: 2804 Status: -
Path: C:\Windows\System32\WUDFHost.exe
PID: 2880 Status: -
Path: C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PID: 3028 Status: -
Path: C:\Program Files\CenturyLink Online Security\Anti-Virus\fsav32.exe
PID: 3080 Status: -
Path: C:\Windows\System32\dllhost.exe
PID: 3248 Status: -
Path: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PID: 3260 Status: -
Path: C:\Program Files\CenturyLink Online Security\FWES\program\fsdfwd.exe
PID: 3308 Status: -
Path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 3320 Status: -
Path: C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe
PID: 3360 Status: -
Path: C:\Program Files\CenturyLink Online Security\Anti-Virus\fssm32.exe
PID: 3420 Status: -
Path: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PID: 3520 Status: -
Path: C:\Windows\System32\msdtc.exe
PID: 3680 Status: -
Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 3760 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 3764 Status: -
Path: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 4020 Status: -
Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4240 Status: -
Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4284 Status: -
Path: C:\Program Files\Windows Live\Contacts\wlcomm.exe
PID: 4956 Status: -
Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PID: 4992 Status: -
Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5764 Status: -
Path: C:\Users\Barry W. Green\Desktop\RootRepeal.exe
PID: 6116 Status: -
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 07:49
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAddDriverEntry
Status: Not hooked
#: 011 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 012 Function Name: NtAdjustPrivilegesToken
Status: Not hooked
#: 013 Function Name: NtAlertResumeThread
Status: Not hooked
#: 014 Function Name: NtAlertThread
Status: Not hooked
#: 015 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 016 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 017 Function Name: NtAllocateUuids
Status: Not hooked
#: 018 Function Name: NtAllocateVirtualMemory
Status: Not hooked
#: 019 Function Name: NtAlpcAcceptConnectPort
Status: Not hooked
#: 020 Function Name: NtAlpcCancelMessage
Status: Not hooked
#: 021 Function Name: NtAlpcConnectPort
Status: Not hooked
#: 022 Function Name: NtAlpcCreatePort
Status: Not hooked
#: 023 Function Name: NtAlpcCreatePortSection
Status: Not hooked
#: 024 Function Name: NtAlpcCreateResourceReserve
Status: Not hooked
#: 025 Function Name: NtAlpcCreateSectionView
Status: Not hooked
#: 026 Function Name: NtAlpcCreateSecurityContext
Status: Not hooked
#: 027 Function Name: NtAlpcDeletePortSection
Status: Not hooked
#: 028 Function Name: NtAlpcDeleteResourceReserve
Status: Not hooked
#: 029 Function Name: NtAlpcDeleteSectionView
Status: Not hooked
#: 030 Function Name: NtAlpcDeleteSecurityContext
Status: Not hooked
#: 031 Function Name: NtAlpcDisconnectPort
Status: Not hooked
#: 032 Function Name: NtAlpcImpersonateClientOfPort
Status: Not hooked
#: 033 Function Name: NtAlpcOpenSenderProcess
Status: Not hooked
#: 034 Function Name: NtAlpcOpenSenderThread
Status: Not hooked
#: 035 Function Name: NtAlpcQueryInformation
Status: Not hooked
#: 036 Function Name: NtAlpcQueryInformationMessage
Status: Not hooked
#: 037 Function Name: NtAlpcRevokeSecurityContext
Status: Not hooked
#: 038 Function Name: NtAlpcSendWaitReceivePort
Status: Not hooked
#: 039 Function Name: NtAlpcSetInformation
Status: Not hooked
#: 040 Function Name: NtApphelpCacheControl
Status: Not hooked
#: 041 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 042 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 043 Function Name: NtCallbackReturn
Status: Not hooked
#: 044 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 045 Function Name: NtCancelIoFile
Status: Not hooked
#: 046 Function Name: NtCancelTimer
Status: Not hooked
#: 047 Function Name: NtClearEvent
Status: Not hooked
#: 048 Function Name: NtClose
Status: Not hooked
#: 049 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 050 Function Name: NtCompactKeys
Status: Not hooked
#: 051 Function Name: NtCompareTokens
Status: Not hooked
#: 052 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 053 Function Name: NtCompressKey
Status: Not hooked
#: 054 Function Name: NtConnectPort
Status: Not hooked
#: 055 Function Name: NtContinue
Status: Not hooked
#: 056 Function Name: NtCreateDebugObject
Status: Not hooked
#: 057 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 058 Function Name: NtCreateEvent
Status: Not hooked
#: 059 Function Name: NtCreateEventPair
Status: Not hooked
#: 060 Function Name: NtCreateFile
Status: Not hooked
#: 061 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 062 Function Name: NtCreateJobObject
Status: Not hooked
#: 063 Function Name: NtCreateJobSet
Status: Not hooked
#: 064 Function Name: NtCreateKey
Status: Not hooked
#: 065 Function Name: NtCreateKeyTransacted
Status: Not hooked
#: 066 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 067 Function Name: NtCreateMutant
Status: Not hooked
#: 068 Function Name: NtCreateNamedPipeFile
Status: Not hooked
#: 069 Function Name: NtCreatePrivateNamespace
Status: Not hooked
#: 070 Function Name: NtCreatePagingFile
Status: Not hooked
#: 071 Function Name: NtCreatePort
Status: Not hooked
#: 072 Function Name: NtCreateProcess
Status: Not hooked
#: 073 Function Name: NtCreateProcessEx
Status: Not hooked
#: 074 Function Name: NtCreateProfile
Status: Not hooked
#: 075 Function Name: NtCreateSection
Status: Not hooked
#: 076 Function Name: NtCreateSemaphore
Status: Not hooked
#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked
#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110e8c
#: 079 Function Name: NtCreateTimer
Status: Not hooked
#: 080 Function Name: NtCreateToken
Status: Not hooked
#: 081 Function Name: NtCreateTransaction
Status: Not hooked
#: 082 Function Name: NtOpenTransaction
Status: Not hooked
#: 083 Function Name: NtQueryInformationTransaction
Status: Not hooked
#: 084 Function Name: NtQueryInformationTransactionManager
Status: Not hooked
#: 085 Function Name: NtPrePrepareEnlistment
Status: Not hooked
#: 086 Function Name: NtPrepareEnlistment
Status: Not hooked
#: 087 Function Name: NtCommitEnlistment
Status: Not hooked
#: 088 Function Name: NtReadOnlyEnlistment
Status: Not hooked
#: 089 Function Name: NtRollbackComplete
Status: Not hooked
#: 090 Function Name: NtRollbackEnlistment
Status: Not hooked
#: 091 Function Name: NtCommitTransaction
Status: Not hooked
#: 092 Function Name: NtRollbackTransaction
Status: Not hooked
#: 093 Function Name: NtPrePrepareComplete
Status: Not hooked
#: 094 Function Name: NtPrepareComplete
Status: Not hooked
#: 095 Function Name: NtCommitComplete
Status: Not hooked
#: 096 Function Name: NtSinglePhaseReject
Status: Not hooked
#: 097 Function Name: NtSetInformationTransaction
Status: Not hooked
#: 098 Function Name: NtSetInformationTransactionManager
Status: Not hooked
#: 099 Function Name: NtSetInformationResourceManager
Status: Not hooked
#: 100 Function Name: NtCreateTransactionManager
Status: Not hooked
#: 101 Function Name: NtOpenTransactionManager
Status: Not hooked
#: 102 Function Name: NtRenameTransactionManager
Status: Not hooked
#: 103 Function Name: NtRollforwardTransactionManager
Status: Not hooked
#: 104 Function Name: NtRecoverEnlistment
Status: Not hooked
#: 105 Function Name: NtRecoverResourceManager
Status: Not hooked
#: 106 Function Name: NtRecoverTransactionManager
Status: Not hooked
#: 107 Function Name: NtCreateResourceManager
Status: Not hooked
#: 108 Function Name: NtOpenResourceManager
Status: Not hooked
#: 109 Function Name: NtGetNotificationResourceManager
Status: Not hooked
#: 110 Function Name: NtQueryInformationResourceManager
Status: Not hooked
#: 111 Function Name: NtCreateEnlistment
Status: Not hooked
#: 112 Function Name: NtOpenEnlistment
Status: Not hooked
#: 113 Function Name: NtSetInformationEnlistment
Status: Not hooked
#: 114 Function Name: NtQueryInformationEnlistment
Status: Not hooked
#: 115 Function Name: NtCreateWaitablePort
Status: Not hooked
#: 116 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 117 Function Name: NtDebugContinue
Status: Not hooked
#: 118 Function Name: NtDelayExecution
Status: Not hooked
#: 119 Function Name: NtDeleteAtom
Status: Not hooked
#: 120 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 121 Function Name: NtDeleteDriverEntry
Status: Not hooked
#: 122 Function Name: NtDeleteFile
Status: Not hooked
#: 123 Function Name: NtDeleteKey
Status: Not hooked
#: 124 Function Name: NtDeletePrivateNamespace
Status: Not hooked
#: 125 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 126 Function Name: NtDeleteValueKey
Status: Not hooked
#: 127 Function Name: NtDeviceIoControlFile
Status: Not hooked
#: 128 Function Name: NtDisplayString
Status: Not hooked
#: 129 Function Name: NtDuplicateObject
Status: Not hooked
#: 130 Function Name: NtDuplicateToken
Status: Not hooked
#: 131 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 132 Function Name: NtEnumerateDriverEntries
Status: Not hooked
#: 133 Function Name: NtEnumerateKey
Status: Not hooked
#: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 135 Function Name: NtEnumerateTransactionObject
Status: Not hooked
#: 136 Function Name: NtEnumerateValueKey
Status: Not hooked
#: 137 Function Name: NtExtendSection
Status: Not hooked
#: 138 Function Name: NtFilterToken
Status: Not hooked
#: 139 Function Name: NtFindAtom
Status: Not hooked
#: 140 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 141 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 142 Function Name: NtFlushKey
Status: Not hooked
#: 143 Function Name: NtFlushProcessWriteBuffers
Status: Not hooked
#: 144 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 145 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 146 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 147 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 148 Function Name: NtFreezeRegistry
Status: Not hooked
#: 149 Function Name: NtFreezeTransactions
Status: Not hooked
#: 150 Function Name: NtFsControlFile
Status: Not hooked
#: 151 Function Name: NtGetContextThread
Status: Not hooked
#: 152 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 153 Function Name: NtGetNlsSectionPtr
Status: Not hooked
#: 154 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 155 Function Name: NtGetWriteWatch
Status: Not hooked
#: 156 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 157 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 158 Function Name: NtImpersonateThread
Status: Not hooked
#: 159 Function Name: NtInitializeNlsFiles
Status: Not hooked
#: 160 Function Name: NtInitializeRegistry
Status: Not hooked
#: 161 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 162 Function Name: NtIsProcessInJob
Status: Not hooked
#: 163 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 164 Function Name: NtListenPort
Status: Not hooked
#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f1111bc
#: 166 Function Name: NtLoadKey
Status: Not hooked
#: 167 Function Name: NtLoadKey2
Status: Not hooked
#: 168 Function Name: NtLoadKeyEx
Status: Not hooked
#: 169 Function Name: NtLockFile
Status: Not hooked
#: 170 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 171 Function Name: NtLockRegistryKey
Status: Not hooked
#: 172 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 173 Function Name: NtMakePermanentObject
Status: Not hooked
#: 174 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 175 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 176 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110bcc
#: 178 Function Name: NtModifyBootEntry
Status: Not hooked
#: 179 Function Name: NtModifyDriverEntry
Status: Not hooked
#: 180 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 181 Function Name: NtNotifyChangeKey
Status: Not hooked
#: 182 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 183 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 184 Function Name: NtOpenEvent
Status: Not hooked
#: 185 Function Name: NtOpenEventPair
Status: Not hooked
#: 186 Function Name: NtOpenFile
Status: Not hooked
#: 187 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 188 Function Name: NtOpenJobObject
Status: Not hooked
#: 189 Function Name: NtOpenKey
Status: Not hooked
#: 190 Function Name: NtOpenKeyTransacted
Status: Not hooked
#: 191 Function Name: NtOpenMutant
Status: Not hooked
#: 192 Function Name: NtOpenPrivateNamespace
Status: Not hooked
#: 193 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 194 Function Name: NtOpenProcess
Status: Not hooked
#: 195 Function Name: NtOpenProcessToken
Status: Not hooked
#: 196 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f1115ee
#: 198 Function Name: NtOpenSemaphore
Status: Not hooked
#: 199 Function Name: NtOpenSession
Status: Not hooked
#: 200 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 201 Function Name: NtOpenThread
Status: Not hooked
#: 202 Function Name: NtOpenThreadToken
Status: Not hooked
#: 203 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 204 Function Name: NtOpenTimer
Status: Not hooked
#: 205 Function Name: NtPlugPlayControl
Status: Not hooked
#: 206 Function Name: NtPowerInformation
Status: Not hooked
#: 207 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 208 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 209 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 210 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 211 Function Name: NtPulseEvent
Status: Not hooked
#: 212 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 213 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 214 Function Name: NtQueryBootOptions
Status: Not hooked
#: 215 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 216 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 217 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 219 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 220 Function Name: NtQueryDriverEntryOrder
Status: Not hooked
#: 221 Function Name: NtQueryEaFile
Status: Not hooked
#: 222 Function Name: NtQueryEvent
Status: Not hooked
#: 223 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 224 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 225 Function Name: NtQueryInformationFile
Status: Not hooked
#: 226 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 227 Function Name: NtQueryInformationPort
Status: Not hooked
#: 228 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 229 Function Name: NtQueryInformationThread
Status: Not hooked
#: 230 Function Name: NtQueryInformationToken
Status: Not hooked
#: 231 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 232 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 233 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 234 Function Name: NtQueryKey
Status: Not hooked
#: 235 Function Name: NtQueryMultipleValueKey
Status: Not hooked
#: 236 Function Name: NtQueryMutant
Status: Not hooked
#: 237 Function Name: NtQueryObject
Status: Not hooked
#: 238 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 239 Function Name: NtQueryOpenSubKeysEx
Status: Not hooked
#: 240 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 241 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 242 Function Name: NtQuerySection
Status: Not hooked
#: 243 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 244 Function Name: NtQuerySemaphore
Status: Not hooked
#: 245 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 246 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 247 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 248 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 249 Function Name: NtQuerySystemTime
Status: Not hooked
#: 250 Function Name: NtQueryTimer
Status: Not hooked
#: 251 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 252 Function Name: NtQueryValueKey
Status: Not hooked
#: 253 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 254 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 255 Function Name: NtQueueApcThread
Status: Not hooked
#: 256 Function Name: NtRaiseException
Status: Not hooked
#: 257 Function Name: NtRaiseHardError
Status: Not hooked
#: 258 Function Name: NtReadFile
Status: Not hooked
#: 259 Function Name: NtReadFileScatter
Status: Not hooked
#: 260 Function Name: NtReadRequestData
Status: Not hooked
#: 261 Function Name: NtReadVirtualMemory
Status: Not hooked
#: 262 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 263 Function Name: NtReleaseMutant
Status: Not hooked
#: 264 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 265 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 266 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f11288c
#: 268 Function Name: NtReplaceKey
Status: Not hooked
#: 269 Function Name: NtReplacePartitionUnit
Status: Not hooked
#: 270 Function Name: NtReplyPort
Status: Not hooked
#: 271 Function Name: NtReplyWaitReceivePort
Status: Not hooked
#: 272 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 273 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 274 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 275 Function Name: NtRequestPort
Status: Not hooked
#: 276 Function Name: NtRequestWaitReplyPort
Status: Not hooked
#: 277 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 278 Function Name: NtResetEvent
Status: Not hooked
#: 279 Function Name: NtResetWriteWatch
Status: Not hooked
#: 280 Function Name: NtRestoreKey
Status: Not hooked
#: 281 Function Name: NtResumeProcess
Status: Not hooked
#: 282 Function Name: NtResumeThread
Status: Not hooked
#: 283 Function Name: NtSaveKey
Status: Not hooked
#: 284 Function Name: NtSaveKeyEx
Status: Not hooked
#: 285 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 286 Function Name: NtSecureConnectPort
Status: Not hooked
#: 287 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 288 Function Name: NtSetBootOptions
Status: Not hooked
#: 289 Function Name: NtSetContextThread
Status: Not hooked
#: 290 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 291 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 292 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 293 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 294 Function Name: NtSetDriverEntryOrder
Status: Not hooked
#: 295 Function Name: NtSetEaFile
Status: Not hooked
#: 296 Function Name: NtSetEvent
Status: Not hooked
#: 297 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 298 Function Name: NtSetHighEventPair
Status: Not hooked
#: 299 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 300 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 301 Function Name: NtSetInformationFile
Status: Not hooked
#: 302 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 303 Function Name: NtSetInformationKey
Status: Not hooked
#: 304 Function Name: NtSetInformationObject
Status: Not hooked
#: 305 Function Name: NtSetInformationProcess
Status: Not hooked
#: 306 Function Name: NtSetInformationThread
Status: Not hooked
#: 307 Function Name: NtSetInformationToken
Status: Not hooked
#: 308 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 309 Function Name: NtSetIoCompletion
Status: Not hooked
#: 310 Function Name: NtSetLdtEntries
Status: Not hooked
#: 311 Function Name: NtSetLowEventPair
Status: Not hooked
#: 312 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 313 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 314 Function Name: NtSetSecurityObject
Status: Not hooked
#: 315 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 316 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f11143e
#: 318 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 319 Function Name: NtSetSystemTime
Status: Not hooked
#: 320 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 321 Function Name: NtSetTimer
Status: Not hooked
#: 322 Function Name: NtSetTimerResolution
Status: Not hooked
#: 323 Function Name: NtSetUuidSeed
Status: Not hooked
#: 324 Function Name: NtSetValueKey
Status: Not hooked
#: 325 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 326 Function Name: NtShutdownSystem
Status: Not hooked
#: 327 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 328 Function Name: NtStartProfile
Status: Not hooked
#: 329 Function Name: NtStopProfile
Status: Not hooked
#: 330 Function Name: NtSuspendProcess
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110a4c
#: 331 Function Name: NtSuspendThread
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110ec0
#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f111042
#: 333 Function Name: NtTerminateJobObject
Status: Not hooked
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f1109a6
#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110b06
#: 336 Function Name: NtTestAlert
Status: Not hooked
#: 337 Function Name: NtThawRegistry
Status: Not hooked
#: 338 Function Name: NtThawTransactions
Status: Not hooked
#: 339 Function Name: NtTraceEvent
Status: Not hooked
#: 340 Function Name: NtTraceControl
Status: Not hooked
#: 341 Function Name: NtTranslateFilePath
Status: Not hooked
#: 342 Function Name: NtUnloadDriver
Status: Not hooked
#: 343 Function Name: NtUnloadKey
Status: Not hooked
#: 344 Function Name: NtUnloadKey2
Status: Not hooked
#: 345 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 346 Function Name: NtUnlockFile
Status: Not hooked
#: 347 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 348 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 349 Function Name: NtVdmControl
Status: Not hooked
#: 350 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 351 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 352 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 353 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 354 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 355 Function Name: NtWriteFile
Status: Not hooked
#: 356 Function Name: NtWriteFileGather
Status: Not hooked
#: 357 Function Name: NtWriteRequestData
Status: Not hooked
#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110f86
#: 359 Function Name: NtYieldExecution
Status: Not hooked
#: 360 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 361 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 362 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 363 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 364 Function Name: NtQueryPortInformationProcess
Status: Not hooked
#: 365 Function Name: NtGetCurrentProcessorNumber
Status: Not hooked
#: 366 Function Name: NtWaitForMultipleObjects32
Status: Not hooked
#: 367 Function Name: NtGetNextProcess
Status: Not hooked
#: 368 Function Name: NtGetNextThread
Status: Not hooked
#: 369 Function Name: NtCancelIoFileEx
Status: Not hooked
#: 370 Function Name: NtCancelSynchronousIoFile
Status: Not hooked
#: 371 Function Name: NtRemoveIoCompletionEx
Status: Not hooked
#: 372 Function Name: NtRegisterProtocolAddressInformation
Status: Not hooked
#: 373 Function Name: NtPropagationComplete
Status: Not hooked
#: 374 Function Name: NtPropagationFailed
Status: Not hooked
#: 375 Function Name: NtCreateWorkerFactory
Status: Not hooked
#: 376 Function Name: NtReleaseWorkerFactoryWorker
Status: Not hooked
#: 377 Function Name: NtWaitForWorkViaWorkerFactory
Status: Not hooked
#: 378 Function Name: NtSetInformationWorkerFactory
Status: Not hooked
#: 379 Function Name: NtQueryInformationWorkerFactory
Status: Not hooked
#: 380 Function Name: NtWorkerFactoryWorkerReady
Status: Not hooked
#: 381 Function Name: NtShutdownWorkerFactory
Status: Not hooked
#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys" at address 0x8f110ea6
#: 383 Function Name: NtCreateUserProcess
Status: Not hooked
#: 384 Function Name: NtQueryLicenseValue
Status: Not hooked
#: 385 Function Name: NtMapCMFModule
Status: Not hooked
#: 386 Function Name: NtIsUILanguageComitted
Status: Not hooked
#: 387 Function Name: NtFlushInstallUILanguage
Status: Not hooked
#: 388 Function Name: NtGetMUIRegistryInfo
Status: Not hooked
#: 389 Function Name: NtAcquireCMFViewOwnership
Status: Not hooked
#: 390 Function Name: NtReleaseCMFViewOwnership
Status: Not hooked
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 07:59
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Hidden Services
-------------------
nothing comes up here
Run this other one please
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.
rngrgreen
2009-11-05, 22:35
Scan complete uploaded as text file. I probally will not have a chance to come back until tomorrow night. Again I thank you.
Hi,
I was looking for Rootkit activity and I cant see any.
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
rngrgreen
2009-11-06, 16:37
can run TFC I get BSOD error code of ox000000f4 (0x00000003, 0x84ed2888, ox84ed29d4, 0x82200d50) Critical program has unexpedetly stopped happens when TFC is stopping process do not know which one. I was able to run malware bytes It has found 6 infected files of adware I did not remove I wanted to let you about TFC first. I have posted log from malware I remove if you confirm to.
Hi,
Yes, go ahead and remove those entries that Malwarebytes found.
You can try this other cleaner.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
rngrgreen
2009-11-07, 13:35
Succesfully removed itmes deteced by malwarebytes. Successfully removed items by atf cleaner ran rsit. Chekced just see if computer would allow me to hijackthis and still will not allow me to run I still get the error uploaded as picture. I also am uploading the loags by rsit.Log file exceeds limit broke it two files log-1 and log-2
Hi,
I prefer that you copy and paste any logs or reports to this thread instead of attaching them, its easier for me to see and analyze . RSIT successfully installed Hijackthis. Looking over your logs, be back in a bit
Logfile of random's system information tool 1.06 (written by random/random)
Run by Barry W. Green at 2009-11-07 07:20:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 39 GB (26%) free of 153 GB
Total RAM: 1535 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0720, on 11/7/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Wallpaper Master\Wallpaper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Radmin Viewer 3\Radmin.exe
C:\Users\Barry W. Green\Desktop\RSIT.exe
C:\Program Files\trend micro\Barry W. Green.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\Embarq Unlimited Music\DMDownload.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 5987 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Scheduled scanning task.job
C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\Windows\tasks\SpyHunter Scanner.job
C:\Windows\tasks\User_Feed_Synchronization-{65E46740-470D-432C-8A73-4568AF0B9A35}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-28 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]
Browsing Protection Class - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll [2009-11-06 535136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-06-26 658552]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Program Files\CenturyLink Online Security\NRS\iescript\baselitmus.dll [2009-11-06 535136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NPSStartup"= []
"F-Secure Manager"=C:\Program Files\CenturyLink Online Security\Common\FSM32.EXE [2009-08-05 199264]
"F-Secure TNB"=C:\Program Files\CenturyLink Online Security\FSGUI\TNBUtil.exe [2009-08-05 2349664]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-10-07 13584928]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-10-07 92704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"WallpaperChanger"=C:\Program Files\Wallpaper Master\Wallpaper.exe [2005-11-08 321536]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2009-09-25 3058624]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-11-13 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2009-09-25 3058624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk.disabled]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk.disabled []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE /tsr []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2009-08-17 2043904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2009-08-17 8919040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Barry W. Green^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Barry W. Green^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Raptr.lnk]
C:\PROGRA~1\Raptr\RAPTRS~1.EXE [2009-04-02 42424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Cursors\services.exe"="C:\WINDOWS\Cursors\services.exe"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c42e281-48c8-11de-b906-0011d825fc87}]
shell\AutoRun\command - O:\Installer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{291af96c-f0ad-11dd-97f6-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af9a97ae-c572-11de-a771-0011d825fc87}]
shell\AutoRun\command - "P:\WD SmartWare.exe" autoplay=true
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2009-11-07 07:06:16 ----D---- C:\rsit
2009-11-06 10:20:58 ----D---- C:\Users\Barry W. Green\AppData\Roaming\Malwarebytes
2009-11-06 10:20:50 ----D---- C:\ProgramData\Malwarebytes
2009-11-06 10:20:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-04 15:27:26 ----A---- C:\Windows\system32\mshtml.dll
2009-11-03 00:25:05 ----A---- C:\svc.txt
2009-11-03 00:21:21 ----A---- C:\list.txt
2009-11-02 17:54:35 ----D---- C:\Program Files\Windows Portable Devices
2009-11-02 08:38:16 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-02 08:38:14 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-02 08:38:13 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-02 08:37:22 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-02 08:37:18 ----A---- C:\Windows\system32\cdd.dll
2009-11-02 08:37:15 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-02 08:37:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-02 08:37:13 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-02 08:37:13 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-02 08:37:13 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-02 08:37:13 ----A---- C:\Windows\system32\d2d1.dll
2009-11-02 08:37:12 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-02 08:37:12 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-02 08:37:12 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-02 08:37:12 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-02 08:37:12 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-02 08:37:12 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-02 08:37:11 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-02 08:37:11 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-02 08:37:11 ----A---- C:\Windows\system32\FntCache.dll
2009-11-02 08:37:11 ----A---- C:\Windows\system32\DWrite.dll
2009-11-02 08:37:11 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-02 08:37:10 ----A---- C:\Windows\system32\dxgi.dll
2009-11-02 08:37:10 ----A---- C:\Windows\system32\d3d11.dll
2009-11-02 08:37:10 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-02 08:37:10 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-02 08:37:10 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-02 08:37:09 ----A---- C:\Windows\system32\d3d10.dll
2009-11-02 08:36:27 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-02 08:36:26 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-02 08:36:26 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-02 08:36:17 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-02 08:36:08 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-02 08:36:07 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-02 08:33:41 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-02 08:33:34 ----A---- C:\Windows\system32\oleacc.dll
2009-11-02 08:33:33 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-10-30 16:24:46 ----D---- C:\Users\Barry W. Green\AppData\Roaming\Western Digital
2009-10-30 16:24:28 ----D---- C:\ProgramData\Western Digital
2009-10-30 16:20:54 ----D---- C:\Program Files\Western Digital
2009-10-30 12:39:52 ----D---- C:\Users\Barry W. Green\AppData\Roaming\Activision
2009-10-30 12:38:26 ----A---- C:\Windows\game.ini
2009-10-30 11:49:50 ----D---- C:\Program Files\Activision
2009-10-30 11:36:20 ----D---- C:\Windows\nvtmpinst
2009-10-29 07:39:49 ----D---- C:\$WINDOWS.~BT
2009-10-28 20:54:30 ----D---- C:\ProgramData\Startup Manager
2009-10-28 20:54:30 ----D---- C:\Program Files\Startup Manager
2009-10-28 14:26:33 ----D---- C:\ProgramData\SSScanAppDataDir
2009-10-28 14:24:59 ----D---- C:\ProgramData\MSScanAppDataDir
2009-10-28 08:23:31 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 08:23:28 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 08:23:25 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 14:52:14 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 14:52:14 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 14:52:14 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 14:52:13 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 14:51:58 ----A---- C:\Windows\system32\wups.dll
2009-10-26 14:51:58 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 14:51:58 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 14:51:49 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 14:51:49 ----A---- C:\Windows\system32\wuapp.exe
2009-10-26 14:20:18 ----D---- C:\ProgramData\Media Center Programs
2009-10-26 13:19:03 ----D---- C:\Program Files\LucasArts
2009-10-25 19:40:12 ----D---- C:\from_old_computer
2009-10-25 19:17:29 ----A---- C:\Windows\Splitterpro.INI
2009-10-25 19:15:13 ----D---- C:\Program Files\SplitterPro
2009-10-25 14:46:12 ----D---- C:\Program Files\CenturyLink Online Security
2009-10-25 02:30:15 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-10-23 17:30:03 ----A---- C:\Windows\Model.txt
2009-10-21 10:00:18 ----D---- C:\Windows\system32\eu-ES
2009-10-21 10:00:18 ----D---- C:\Windows\system32\ca-ES
2009-10-21 10:00:17 ----D---- C:\Windows\system32\vi-VN
2009-10-21 06:22:35 ----D---- C:\Windows\system32\EventProviders
2009-10-20 12:54:27 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-10-20 12:54:06 ----A---- C:\Windows\system32\SLCExt.dll
2009-10-20 12:54:05 ----A---- C:\Windows\system32\SLsvc.exe
2009-10-20 12:53:49 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-10-20 12:53:48 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-10-20 12:53:38 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-10-20 12:53:23 ----A---- C:\Windows\system32\mssrch.dll
2009-10-20 12:53:09 ----A---- C:\Windows\system32\tquery.dll
2009-10-20 12:53:03 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-10-20 12:53:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-10-20 12:52:58 ----A---- C:\Windows\system32\scavenge.dll
2009-10-20 12:52:57 ----A---- C:\Windows\system32\RMActivate.exe
2009-10-20 12:52:53 ----A---- C:\Windows\system32\msi.dll
2009-10-20 12:52:48 ----A---- C:\Windows\system32\imapi2fs.dll
2009-10-20 12:52:44 ----A---- C:\Windows\system32\WscEapPr.dll
2009-10-20 12:52:44 ----A---- C:\Windows\system32\secproc_isv.dll
2009-10-20 12:52:43 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-10-20 12:52:42 ----A---- C:\Windows\system32\sysmain.dll
2009-10-20 12:52:33 ----A---- C:\Windows\system32\icardagt.exe
2009-10-20 12:52:27 ----A---- C:\Windows\system32\EhStorShell.dll
2009-10-20 12:52:27 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-10-20 12:52:20 ----A---- C:\Windows\system32\spreview.exe
2009-10-20 12:52:20 ----A---- C:\Windows\system32\spinstall.exe
2009-10-20 12:52:18 ----A---- C:\Windows\system32\drmv2clt.dll
2009-10-20 12:52:12 ----A---- C:\Windows\system32\spwizui.dll
2009-10-20 12:52:11 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-10-20 12:52:10 ----A---- C:\Windows\system32\secproc.dll
2009-10-20 12:52:04 ----A---- C:\Windows\system32\shell32.dll
2009-10-20 12:51:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-10-20 12:51:57 ----A---- C:\Windows\system32\p2psvc.dll
2009-10-20 12:51:54 ----A---- C:\Windows\system32\mssvp.dll
2009-10-20 12:51:50 ----A---- C:\Windows\system32\mscoree.dll
2009-10-20 12:51:49 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-10-20 12:51:48 ----A---- C:\Windows\system32\mssphtb.dll
2009-10-20 12:51:48 ----A---- C:\Windows\system32\mssph.dll
2009-10-20 12:51:47 ----A---- C:\Windows\system32\imapi2.dll
2009-10-20 12:51:42 ----A---- C:\Windows\system32\sdohlp.dll
2009-10-20 12:51:38 ----A---- C:\Windows\system32\esent.dll
2009-10-20 12:51:37 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-10-20 12:51:36 ----A---- C:\Windows\system32\DevicePairing.dll
2009-10-20 12:51:32 ----A---- C:\Windows\system32\sperror.dll
2009-10-20 12:51:31 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-10-20 12:51:31 ----A---- C:\Windows\system32\korwbrkr.dll
2009-10-20 12:51:30 ----A---- C:\Windows\system32\wevtsvc.dll
2009-10-20 12:51:29 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-10-20 12:51:28 ----A---- C:\Windows\system32\SLC.dll
2009-10-20 12:51:28 ----A---- C:\Windows\system32\IasMigReader.exe
2009-10-20 12:51:27 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-10-20 12:51:26 ----A---- C:\Windows\system32\msshsq.dll
2009-10-20 12:51:16 ----A---- C:\Windows\system32\msjet40.dll
2009-10-20 12:51:15 ----A---- C:\Windows\system32\MPSSVC.dll
2009-10-20 12:51:11 ----A---- C:\Windows\system32\msxml6.dll
2009-10-20 12:51:08 ----A---- C:\Windows\system32\Query.dll
2009-10-20 12:51:07 ----A---- C:\Windows\system32\qmgr.dll
2009-10-20 12:51:04 ----A---- C:\Windows\system32\msexch40.dll
2009-10-20 12:51:03 ----A---- C:\Windows\system32\diagperf.dll
2009-10-20 12:51:02 ----A---- C:\Windows\system32\P2PGraph.dll
2009-10-20 12:51:01 ----A---- C:\Windows\system32\ole32.dll
2009-10-20 12:50:59 ----A---- C:\Windows\system32\ntdll.dll
2009-10-20 12:50:58 ----A---- C:\Windows\system32\srchadmin.dll
2009-10-20 12:50:57 ----A---- C:\Windows\system32\msxml3.dll
2009-10-20 12:50:56 ----A---- C:\Windows\system32\winload.exe
2009-10-20 12:50:54 ----A---- C:\Windows\system32\mblctr.exe
2009-10-20 12:50:53 ----A---- C:\Windows\system32\EncDec.dll
2009-10-20 12:50:52 ----A---- C:\Windows\system32\uDWM.dll
2009-10-20 12:50:51 ----A---- C:\Windows\system32\mmc.exe
2009-10-20 12:50:50 ----A---- C:\Windows\system32\dfsr.exe
2009-10-20 12:50:49 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-10-20 12:50:48 ----A---- C:\Windows\system32\riched20.dll
2009-10-20 12:50:47 ----A---- C:\Windows\system32\WerFault.exe
2009-10-20 12:50:46 ----A---- C:\Windows\system32\fdBth.dll
2009-10-20 12:50:44 ----A---- C:\Windows\system32\RacEngn.dll
2009-10-20 12:50:40 ----A---- C:\Windows\system32\kernel32.dll
2009-10-20 12:50:38 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-10-20 12:50:38 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-10-20 12:50:37 ----A---- C:\Windows\system32\milcore.dll
2009-10-20 12:50:36 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-10-20 12:50:35 ----A---- C:\Windows\system32\spoolss.dll
2009-10-20 12:50:35 ----A---- C:\Windows\system32\CertEnroll.dll
2009-10-20 12:50:33 ----A---- C:\Windows\system32\schedsvc.dll
2009-10-20 12:50:33 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-10-20 12:50:27 ----A---- C:\Windows\system32\msjtes40.dll
2009-10-20 12:50:27 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-10-20 12:50:26 ----A---- C:\Windows\system32\msvcp60.dll
2009-10-20 12:50:25 ----A---- C:\Windows\system32\gpedit.dll
2009-10-20 12:50:24 ----A---- C:\Windows\system32\infocardapi.dll
2009-10-20 12:50:18 ----A---- C:\Windows\system32\WinSAT.exe
2009-10-20 12:50:17 ----A---- C:\Windows\system32\es.dll
2009-10-20 12:50:15 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-10-20 12:50:14 ----A---- C:\Windows\system32\Magnify.exe
2009-10-20 12:50:13 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-10-20 12:50:12 ----A---- C:\Windows\system32\mstext40.dll
2009-10-20 12:50:11 ----A---- C:\Windows\system32\advapi32.dll
2009-10-20 12:50:04 ----A---- C:\Windows\system32\WebClnt.dll
2009-10-20 12:50:03 ----A---- C:\Windows\system32\slwmi.dll
2009-10-20 12:50:03 ----A---- C:\Windows\system32\msexcl40.dll
2009-10-20 12:50:02 ----A---- C:\Windows\system32\comsvcs.dll
2009-10-20 12:50:01 ----A---- C:\Windows\system32\msxbde40.dll
2009-10-20 12:50:00 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-10-20 12:49:58 ----A---- C:\Windows\system32\vssapi.dll
2009-10-20 12:49:55 ----A---- C:\Windows\system32\authui.dll
2009-10-20 12:49:51 ----A---- C:\Windows\system32\NetProjW.dll
2009-10-20 12:49:50 ----A---- C:\Windows\system32\msrepl40.dll
2009-10-20 12:49:49 ----A---- C:\Windows\system32\PresentationHost.exe
2009-10-20 12:49:47 ----A---- C:\Windows\system32\propsys.dll
2009-10-20 12:49:47 ----A---- C:\Windows\system32\newdev.dll
2009-10-20 12:49:46 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-20 12:49:46 ----A---- C:\Windows\system32\iasrecst.dll
2009-10-20 12:49:45 ----A---- C:\Windows\system32\gpsvc.dll
2009-10-20 12:49:45 ----A---- C:\Windows\system32\eudcedit.exe
2009-10-20 12:49:44 ----A---- C:\Windows\system32\crypt32.dll
2009-10-20 12:49:42 ----A---- C:\Windows\explorer.exe
2009-10-20 12:49:40 ----A---- C:\Windows\system32\rpcss.dll
2009-10-20 12:49:38 ----A---- C:\Windows\system32\setupapi.dll
2009-10-20 12:49:37 ----A---- C:\Windows\system32\mspbde40.dll
2009-10-20 12:49:35 ----A---- C:\Windows\system32\d3d9.dll
2009-10-20 12:49:33 ----A---- C:\Windows\system32\davclnt.dll
2009-10-20 12:49:32 ----A---- C:\Windows\system32\msltus40.dll
2009-10-20 12:49:31 ----A---- C:\Windows\system32\mfc42.dll
2009-10-20 12:49:30 ----A---- C:\Windows\system32\shlwapi.dll
2009-10-20 12:49:30 ----A---- C:\Windows\system32\msrd3x40.dll
2009-10-20 12:49:30 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-10-20 12:49:30 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-10-20 12:49:27 ----A---- C:\Windows\system32\msdtctm.dll
2009-10-20 12:49:26 ----A---- C:\Windows\system32\browseui.dll
2009-10-20 12:49:25 ----A---- C:\Windows\system32\wevtapi.dll
2009-10-20 12:49:23 ----A---- C:\Windows\system32\photowiz.dll
2009-10-20 12:49:23 ----A---- C:\Windows\system32\nlhtml.dll
2009-10-20 12:49:16 ----A---- C:\Windows\system32\user32.dll
2009-10-20 12:49:14 ----A---- C:\Windows\system32\samsrv.dll
2009-10-20 12:49:13 ----A---- C:\Windows\system32\quartz.dll
2009-10-20 12:49:13 ----A---- C:\Windows\system32\ci.dll
2009-10-20 12:49:11 ----A---- C:\Windows\system32\win32spl.dll
2009-10-20 12:49:10 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-10-20 12:49:10 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-10-20 12:49:09 ----A---- C:\Windows\system32\oleaut32.dll
2009-10-20 12:49:07 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-10-20 12:49:04 ----A---- C:\Windows\system32\netshell.dll
2009-10-20 12:49:03 ----A---- C:\Windows\system32\compcln.exe
2009-10-20 12:49:02 ----A---- C:\Windows\system32\apds.dll
2009-10-20 12:49:01 ----A---- C:\Windows\system32\winhttp.dll
2009-10-20 12:49:00 ----A---- C:\Windows\system32\mswstr10.dll
2009-10-20 12:48:59 ----A---- C:\Windows\system32\audiosrv.dll
2009-10-20 12:48:58 ----A---- C:\Windows\system32\xmlfilter.dll
2009-10-20 12:48:57 ----A---- C:\Windows\system32\msctf.dll
2009-10-20 12:48:57 ----A---- C:\Windows\system32\emdmgmt.dll
2009-10-20 12:48:54 ----A---- C:\Windows\system32\msvcrt.dll
2009-10-20 12:48:54 ----A---- C:\Windows\system32\gdi32.dll
2009-10-20 12:48:53 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-10-20 12:48:52 ----A---- C:\Windows\system32\VSSVC.exe
2009-10-20 12:48:52 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-10-20 12:48:51 ----A---- C:\Windows\system32\mfc42u.dll
2009-10-20 12:48:49 ----A---- C:\Windows\system32\SLUI.exe
2009-10-20 12:48:49 ----A---- C:\Windows\system32\eapphost.dll
2009-10-20 12:48:48 ----A---- C:\Windows\system32\msrd2x40.dll
2009-10-20 12:48:47 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-10-20 12:48:44 ----A---- C:\Windows\system32\propdefs.dll
2009-10-20 12:48:44 ----A---- C:\Windows\system32\odbc32.dll
2009-10-20 12:48:43 ----A---- C:\Windows\system32\winresume.exe
2009-10-20 12:48:40 ----A---- C:\Windows\system32\shdocvw.dll
2009-10-20 12:48:36 ----A---- C:\Windows\system32\wevtutil.exe
2009-10-20 12:48:36 ----A---- C:\Windows\system32\dbgeng.dll
2009-10-20 12:48:35 ----A---- C:\Windows\system32\mssitlb.dll
2009-10-20 12:48:26 ----A---- C:\Windows\system32\WsmSvc.dll
2009-10-20 12:48:25 ----A---- C:\Windows\system32\swprv.dll
2009-10-20 12:48:24 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-10-20 12:48:21 ----A---- C:\Windows\system32\usp10.dll
2009-10-20 12:48:19 ----A---- C:\Windows\system32\vds.exe
2009-10-20 12:48:18 ----A---- C:\Windows\system32\drvinst.exe
2009-10-20 12:48:17 ----A---- C:\Windows\system32\msctfp.dll
2009-10-20 12:48:17 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-10-20 12:48:17 ----A---- C:\Windows\system32\devmgr.dll
2009-10-20 12:48:16 ----A---- C:\Windows\system32\netlogon.dll
2009-10-20 12:48:16 ----A---- C:\Windows\system32\msscb.dll
2009-10-20 12:48:16 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-10-20 12:48:16 ----A---- C:\Windows\system32\adsldpc.dll
2009-10-20 12:48:15 ----A---- C:\Windows\system32\BFE.DLL
2009-10-20 12:48:13 ----A---- C:\Windows\system32\evr.dll
2009-10-20 12:48:11 ----A---- C:\Windows\system32\Wldap32.dll
2009-10-20 12:48:11 ----A---- C:\Windows\system32\wcnwiz.dll
2009-10-20 12:48:09 ----A---- C:\Windows\system32\WSDApi.dll
2009-10-20 12:48:09 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-10-20 12:48:06 ----A---- C:\Windows\system32\services.exe
2009-10-20 12:48:04 ----A---- C:\Windows\system32\wercon.exe
2009-10-20 12:48:03 ----A---- C:\Windows\system32\comdlg32.dll
2009-10-20 12:48:03 ----A---- C:\Windows\system32\adtschema.dll
2009-10-20 12:48:02 ----A---- C:\Windows\system32\wcncsvc.dll
2009-10-20 12:48:02 ----A---- C:\Windows\system32\mimefilt.dll
2009-10-20 12:48:01 ----A---- C:\Windows\system32\certcli.dll
2009-10-20 12:48:00 ----A---- C:\Windows\system32\msdrm.dll
2009-10-20 12:47:59 ----A---- C:\Windows\system32\msjter40.dll
2009-10-20 12:47:59 ----A---- C:\Windows\system32\msdtcprx.dll
2009-10-20 12:47:59 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-10-20 12:47:58 ----A---- C:\Windows\system32\taskeng.exe
2009-10-20 12:47:58 ----A---- C:\Windows\system32\mswdat10.dll
2009-10-20 12:47:57 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-10-20 12:47:57 ----A---- C:\Windows\system32\rtffilt.dll
2009-10-20 12:47:57 ----A---- C:\Windows\system32\reg.exe
2009-10-20 12:47:57 ----A---- C:\Windows\system32\dnsapi.dll
2009-10-20 12:47:56 ----A---- C:\Windows\system32\certutil.exe
2009-10-20 12:47:54 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-10-20 12:47:53 ----A---- C:\Windows\system32\w32time.dll
2009-10-20 12:47:52 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-10-20 12:47:50 ----A---- C:\Windows\system32\msshooks.dll
2009-10-20 12:47:50 ----A---- C:\Windows\system32\msscntrs.dll
2009-10-20 12:47:50 ----A---- C:\Windows\system32\bthserv.dll
2009-10-20 12:47:50 ----A---- C:\Windows\system32\bcrypt.dll
2009-10-20 12:47:48 ----A---- C:\Windows\system32\rsaenh.dll
2009-10-20 12:47:47 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-10-20 12:47:47 ----A---- C:\Windows\system32\msihnd.dll
2009-10-20 12:47:47 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-10-20 12:47:46 ----A---- C:\Windows\system32\msstrc.dll
2009-10-20 12:47:44 ----A---- C:\Windows\system32\inetcomm.dll
2009-10-20 12:47:43 ----A---- C:\Windows\system32\netapi32.dll
2009-10-20 12:47:43 ----A---- C:\Windows\system32\dfshim.dll
2009-10-20 12:47:42 ----A---- C:\Windows\system32\inetpp.dll
2009-10-20 12:47:41 ----A---- C:\Windows\system32\mtxclu.dll
2009-10-20 12:47:41 ----A---- C:\Windows\system32\mscories.dll
2009-10-20 12:47:41 ----A---- C:\Windows\system32\hidserv.dll
2009-10-20 12:47:41 ----A---- C:\Windows\system32\fundisc.dll
2009-10-20 12:47:41 ----A---- C:\Windows\system32\cryptsvc.dll
2009-10-20 12:47:39 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-10-20 12:47:38 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-10-20 12:47:37 ----A---- C:\Windows\system32\termsrv.dll
2009-10-20 12:47:37 ----A---- C:\Windows\system32\profsvc.dll
2009-10-20 12:47:33 ----A---- C:\Windows\system32\imapi.dll
2009-10-20 12:47:32 ----A---- C:\Windows\system32\shsvcs.dll
2009-10-20 12:47:32 ----A---- C:\Windows\system32\msiexec.exe
2009-10-20 12:47:30 ----A---- C:\Windows\system32\wdc.dll
2009-10-20 12:47:29 ----A---- C:\Windows\system32\chsbrkr.dll
2009-10-20 12:47:28 ----A---- C:\Windows\system32\iassdo.dll
2009-10-20 12:47:27 ----A---- C:\Windows\system32\rasmans.dll
2009-10-20 12:47:26 ----A---- C:\Windows\system32\pnidui.dll
2009-10-20 12:47:25 ----A---- C:\Windows\system32\spoolsv.exe
2009-10-20 12:47:25 ----A---- C:\Windows\system32\icardres.dll
2009-10-20 12:47:24 ----A---- C:\Windows\system32\autofmt.exe
2009-10-20 12:47:23 ----A---- C:\Windows\system32\scrrun.dll
2009-10-20 12:47:22 ----A---- C:\Windows\system32\wersvc.dll
2009-10-20 12:47:22 ----A---- C:\Windows\system32\slmgr.vbs
2009-10-20 12:47:22 ----A---- C:\Windows\system32\PSHED.DLL
2009-10-20 12:47:21 ----A---- C:\Windows\system32\pdh.dll
2009-10-20 12:47:21 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-10-20 12:47:20 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-10-20 12:47:20 ----A---- C:\Windows\system32\azroles.dll
2009-10-20 12:47:16 ----A---- C:\Windows\system32\pidgenx.dll
2009-10-20 12:47:14 ----A---- C:\Windows\system32\wmpmde.dll
2009-10-20 12:47:13 ----A---- C:\Windows\system32\winlogon.exe
2009-10-20 12:47:09 ----A---- C:\Windows\system32\SyncCenter.dll
2009-10-20 12:47:03 ----A---- C:\Windows\system32\SLUINotify.dll
2009-10-20 12:47:02 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-10-20 12:47:02 ----A---- C:\Windows\system32\comuid.dll
2009-10-20 12:47:00 ----A---- C:\Windows\system32\certmgr.dll
2009-10-20 12:46:59 ----A---- C:\Windows\system32\sethc.exe
2009-10-20 12:46:59 ----A---- C:\Windows\system32\ncrypt.dll
2009-10-20 12:46:59 ----A---- C:\Windows\system32\kd1394.dll
2009-10-20 12:46:58 ----A---- C:\Windows\system32\iassam.dll
2009-10-20 12:46:57 ----A---- C:\Windows\system32\untfs.dll
2009-10-20 12:46:57 ----A---- C:\Windows\system32\spp.dll
2009-10-20 12:46:57 ----A---- C:\Windows\system32\scrobj.dll
2009-10-20 12:46:56 ----A---- C:\Windows\system32\wisptis.exe
2009-10-20 12:46:56 ----A---- C:\Windows\system32\rtutils.dll
2009-10-20 12:46:55 ----A---- C:\Windows\system32\taskcomp.dll
2009-10-20 12:46:55 ----A---- C:\Windows\system32\dwm.exe
2009-10-20 12:46:53 ----A---- C:\Windows\system32\autochk.exe
2009-10-20 12:46:51 ----A---- C:\Windows\system32\iasnap.dll
2009-10-20 12:46:50 ----A---- C:\Windows\system32\printui.dll
2009-10-20 12:46:49 ----A---- C:\Windows\system32\autoconv.exe
2009-10-20 12:46:47 ----A---- C:\Windows\system32\winsrv.dll
2009-10-20 12:46:46 ----A---- C:\Windows\system32\cscript.exe
2009-10-20 12:46:45 ----A---- C:\Windows\system32\kdcom.dll
2009-10-20 12:46:45 ----A---- C:\Windows\system32\basecsp.dll
2009-10-20 12:46:44 ----A---- C:\Windows\system32\onex.dll
2009-10-20 12:46:43 ----A---- C:\Windows\system32\wow32.dll
2009-10-20 12:46:43 ----A---- C:\Windows\system32\userenv.dll
2009-10-20 12:46:43 ----A---- C:\Windows\system32\audiodg.exe
2009-10-20 12:46:42 ----A---- C:\Windows\system32\osk.exe
2009-10-20 12:46:42 ----A---- C:\Windows\system32\mswsock.dll
2009-10-20 12:46:38 ----A---- C:\Windows\system32\kdusb.dll
2009-10-20 12:46:37 ----A---- C:\Windows\system32\winmm.dll
2009-10-20 12:46:37 ----A---- C:\Windows\system32\spcmsg.dll
2009-10-20 12:46:37 ----A---- C:\Windows\system32\RelMon.dll
2009-10-20 12:46:36 ----A---- C:\Windows\system32\rdpencom.dll
2009-10-20 12:46:35 ----A---- C:\Windows\system32\WinSCard.dll
2009-10-20 12:46:35 ----A---- C:\Windows\system32\msftedit.dll
2009-10-20 12:46:34 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-10-20 12:46:33 ----A---- C:\Windows\system32\offfilt.dll
2009-10-20 12:46:33 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-10-20 12:46:24 ----A---- C:\Windows\system32\Utilman.exe
2009-10-20 12:46:23 ----A---- C:\Windows\system32\wsepno.dll
2009-10-20 12:46:23 ----A---- C:\Windows\system32\stobject.dll
2009-10-20 12:46:23 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-10-20 12:46:23 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-10-20 12:46:22 ----A---- C:\Windows\system32\mfplat.dll
2009-10-20 12:46:22 ----A---- C:\Windows\system32\diskraid.exe
2009-10-20 12:46:22 ----A---- C:\Windows\system32\apphelp.dll
2009-10-20 12:46:21 ----A---- C:\Windows\system32\SndVol.exe
2009-10-20 12:46:20 ----A---- C:\Windows\system32\mcmde.dll
2009-10-20 12:46:19 ----A---- C:\Windows\system32\msnetobj.dll
2009-10-20 12:46:19 ----A---- C:\Windows\system32\mscms.dll
2009-10-20 12:46:19 ----A---- C:\Windows\system32\adsmsext.dll
2009-10-20 12:46:18 ----A---- C:\Windows\system32\wiaservc.dll
2009-10-20 12:46:18 ----A---- C:\Windows\system32\sysclass.dll
2009-10-20 12:46:18 ----A---- C:\Windows\system32\prnntfy.dll
2009-10-20 12:46:17 ----A---- C:\Windows\system32\wscript.exe
2009-10-20 12:46:17 ----A---- C:\Windows\system32\odbccp32.dll
2009-10-20 12:46:16 ----A---- C:\Windows\system32\ulib.dll
2009-10-20 12:46:16 ----A---- C:\Windows\system32\iasdatastore.dll
2009-10-20 12:46:15 ----A---- C:\Windows\system32\dsound.dll
2009-10-20 12:46:14 ----A---- C:\Windows\system32\cryptui.dll
2009-10-20 12:46:13 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-10-20 12:46:12 ----A---- C:\Windows\system32\wscntfy.dll
2009-10-20 12:46:12 ----A---- C:\Windows\system32\rastapi.dll
2009-10-20 12:46:12 ----A---- C:\Windows\system32\pnpsetup.dll
2009-10-20 12:46:11 ----A---- C:\Windows\system32\fdProxy.dll
2009-10-20 12:46:10 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-10-20 12:46:09 ----A---- C:\Windows\system32\brcpl.dll
2009-10-20 12:46:08 ----A---- C:\Windows\system32\wlangpui.dll
2009-10-20 12:46:08 ----A---- C:\Windows\system32\rastls.dll
2009-10-20 12:46:08 ----A---- C:\Windows\system32\gpapi.dll
2009-10-20 12:46:08 ----A---- C:\Windows\system32\diskpart.exe
2009-10-20 12:46:07 ----A---- C:\Windows\system32\wscsvc.dll
2009-10-20 12:46:07 ----A---- C:\Windows\system32\vdsdyn.dll
2009-10-20 12:46:07 ----A---- C:\Windows\system32\iashlpr.dll
2009-10-20 12:46:06 ----A---- C:\Windows\system32\logman.exe
2009-10-20 12:46:05 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-10-20 12:46:04 ----A---- C:\Windows\system32\rasapi32.dll
2009-10-20 12:46:04 ----A---- C:\Windows\system32\ntprint.dll
2009-10-20 12:46:03 ----A---- C:\Windows\system32\wusa.exe
2009-10-20 12:46:03 ----A---- C:\Windows\system32\regsvc.dll
2009-10-20 12:46:03 ----A---- C:\Windows\system32\mscorier.dll
2009-10-20 12:46:02 ----A---- C:\Windows\system32\zipfldr.dll
2009-10-20 12:46:02 ----A---- C:\Windows\system32\iasrad.dll
2009-10-20 12:46:02 ----A---- C:\Windows\system32\findstr.exe
2009-10-20 12:46:01 ----A---- C:\Windows\system32\wshext.dll
2009-10-20 12:46:00 ----A---- C:\Windows\system32\wpccpl.dll
2009-10-20 12:45:58 ----A---- C:\Windows\system32\netcenter.dll
2009-10-20 12:45:56 ----A---- C:\Windows\system32\rasdlg.dll
2009-10-20 12:45:55 ----A---- C:\Windows\system32\wer.dll
2009-10-20 12:45:55 ----A---- C:\Windows\system32\iassvcs.dll
2009-10-20 12:45:53 ----A---- C:\Windows\system32\wsnmp32.dll
2009-10-20 12:45:52 ----A---- C:\Windows\system32\themecpl.dll
2009-10-20 12:45:47 ----A---- C:\Windows\system32\uxsms.dll
2009-10-20 12:45:47 ----A---- C:\Windows\system32\tsbyuv.dll
2009-10-20 12:45:47 ----A---- C:\Windows\system32\srvsvc.dll
2009-10-20 12:45:47 ----A---- C:\Windows\system32\mssprxy.dll
2009-10-20 12:45:46 ----A---- C:\Windows\system32\scansetting.dll
2009-10-20 12:45:46 ----A---- C:\Windows\system32\ntmarta.dll
2009-10-20 12:45:46 ----A---- C:\Windows\system32\msutb.dll
2009-10-20 12:45:46 ----A---- C:\Windows\system32\iasads.dll
2009-10-20 12:45:45 ----A---- C:\Windows\system32\slcc.dll
2009-10-20 12:45:45 ----A---- C:\Windows\system32\mstlsapi.dll
2009-10-20 12:45:44 ----A---- C:\Windows\system32\powrprof.dll
2009-10-20 12:45:43 ----A---- C:\Windows\system32\mstsc.exe
2009-10-20 12:45:42 ----A---- C:\Windows\system32\iasacct.dll
2009-10-20 12:45:40 ----A---- C:\Windows\system32\networkmap.dll
2009-10-20 12:45:38 ----A---- C:\Windows\system32\powercpl.dll
2009-10-20 12:45:37 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-10-20 12:45:36 ----A---- C:\Windows\system32\authz.dll
2009-10-20 12:45:34 ----A---- C:\Windows\system32\newdev.exe
2009-10-20 12:45:33 ----A---- C:\Windows\system32\connect.dll
2009-10-20 12:45:32 ----A---- C:\Windows\system32\sud.dll
2009-10-20 12:45:32 ----A---- C:\Windows\system32\dot3svc.dll
2009-10-20 12:45:30 ----A---- C:\Windows\system32\systemcpl.dll
2009-10-20 12:45:29 ----A---- C:\Windows\system32\pcaui.dll
2009-10-20 12:45:28 ----A---- C:\Windows\system32\themeui.dll
2009-10-20 12:45:27 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-10-20 12:45:26 ----A---- C:\Windows\system32\samlib.dll
2009-10-20 12:45:25 ----A---- C:\Windows\system32\mmci.dll
2009-10-20 12:45:23 ----A---- C:\Windows\system32\usercpl.dll
2009-10-20 12:45:22 ----A---- C:\Windows\system32\autoplay.dll
2009-10-20 12:45:21 ----A---- C:\Windows\system32\qdvd.dll
2009-10-20 12:45:20 ----A---- C:\Windows\system32\wlanpref.dll
2009-10-20 12:45:19 ----A---- C:\Windows\system32\rpchttp.dll
2009-10-20 12:45:17 ----A---- C:\Windows\system32\regapi.dll
2009-10-20 12:45:16 ----A---- C:\Windows\system32\wpcao.dll
2009-10-20 12:45:16 ----A---- C:\Windows\system32\msinfo32.exe
2009-10-20 12:45:15 ----A---- C:\Windows\system32\vdsutil.dll
2009-10-20 12:45:14 ----A---- C:\Windows\system32\tapisrv.dll
2009-10-20 12:45:13 ----A---- C:\Windows\system32\scksp.dll
2009-10-20 12:45:13 ----A---- C:\Windows\system32\mpr.dll
2009-10-20 12:45:13 ----A---- C:\Windows\system32\feclient.dll
2009-10-20 12:45:12 ----A---- C:\Windows\system32\scesrv.dll
2009-10-20 12:45:12 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-20 12:45:12 ----A---- C:\Windows\system32\oleprn.dll
2009-10-20 12:45:12 ----A---- C:\Windows\system32\AudioSes.dll
2009-10-20 12:45:11 ----A---- C:\Windows\system32\rekeywiz.exe
2009-10-20 12:45:11 ----A---- C:\Windows\system32\imm32.dll
2009-10-20 12:45:11 ----A---- C:\Windows\system32\Faultrep.dll
2009-10-20 12:45:11 ----A---- C:\Windows\system32\dot3msm.dll
2009-10-20 12:45:10 ----A---- C:\Windows\system32\wscisvif.dll
2009-10-20 12:45:10 ----A---- C:\Windows\system32\iaspolcy.dll
2009-10-20 12:45:09 ----A---- C:\Windows\system32\DeviceEject.exe
2009-10-20 12:45:08 ----A---- C:\Windows\system32\sdclt.exe
2009-10-20 12:45:07 ----A---- C:\Windows\system32\dpapimig.exe
2009-10-20 12:45:05 ----A---- C:\Windows\system32\qedit.dll
2009-10-20 12:45:05 ----A---- C:\Windows\system32\perfdisk.dll
2009-10-20 12:45:05 ----A---- C:\Windows\system32\ncryptui.dll
2009-10-20 12:45:04 ----A---- C:\Windows\system32\pnpui.dll
2009-10-20 12:45:04 ----A---- C:\Windows\system32\hdwwiz.exe
2009-10-20 12:45:04 ----A---- C:\Windows\system32\certreq.exe
2009-10-20 12:45:03 ----A---- C:\Windows\system32\scecli.dll
2009-10-20 12:45:03 ----A---- C:\Windows\system32\rasgcw.dll
2009-10-20 12:45:02 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-10-20 12:45:01 ----A---- C:\Windows\system32\TSTheme.exe
2009-10-20 12:45:01 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-10-20 12:45:01 ----A---- C:\Windows\system32\rasplap.dll
2009-10-20 12:45:00 ----A---- C:\Windows\system32\spwinsat.dll
2009-10-20 12:44:58 ----A---- C:\Windows\system32\tcpmon.dll
2009-10-20 12:44:58 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-10-20 12:44:58 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-10-20 12:44:58 ----A---- C:\Windows\system32\fdWSD.dll
2009-10-20 12:44:58 ----A---- C:\Windows\system32\cmmon32.exe
2009-10-20 12:44:57 ----A---- C:\Windows\system32\whealogr.dll
2009-10-20 12:44:55 ----A---- C:\Windows\system32\srcore.dll
2009-10-20 12:44:55 ----A---- C:\Windows\system32\cmdial32.dll
2009-10-20 12:44:54 ----A---- C:\Windows\system32\SCardSvr.dll
2009-10-20 12:44:54 ----A---- C:\Windows\system32\conime.exe
2009-10-20 12:44:53 ----A---- C:\Windows\system32\SnippingTool.exe
2009-10-20 12:44:53 ----A---- C:\Windows\system32\raschap.dll
2009-10-20 12:44:53 ----A---- C:\Windows\system32\fontext.dll
2009-10-20 12:44:52 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-10-20 12:44:51 ----A---- C:\Windows\system32\wiaaut.dll
2009-10-20 12:44:50 ----A---- C:\Windows\system32\wlanui.dll
2009-10-20 12:44:49 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-10-20 12:44:49 ----A---- C:\Windows\system32\rasppp.dll
2009-10-20 12:44:49 ----A---- C:\Windows\system32\PnPutil.exe
2009-10-20 12:44:49 ----A---- C:\Windows\system32\dsprop.dll
2009-10-20 12:44:48 ----A---- C:\Windows\system32\shwebsvc.dll
2009-10-20 12:44:47 ----A---- C:\Windows\system32\dimsroam.dll
2009-10-20 12:44:46 ----A---- C:\Windows\system32\oobefldr.dll
2009-10-20 12:44:44 ----A---- C:\Windows\system32\shsetup.dll
2009-10-20 12:44:43 ----A---- C:\Windows\system32\rasmontr.dll
2009-10-20 12:44:43 ----A---- C:\Windows\system32\modemui.dll
2009-10-20 12:44:42 ----A---- C:\Windows\system32\mscandui.dll
2009-10-20 12:44:40 ----A---- C:\Windows\system32\chtbrkr.dll
2009-10-20 12:44:37 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-10-20 12:44:37 ----A---- C:\Windows\system32\dataclen.dll
2009-10-20 12:44:35 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-10-20 12:44:35 ----A---- C:\Windows\system32\blackbox.dll
2009-10-20 12:44:34 ----A---- C:\Windows\system32\rdpwsx.dll
2009-10-20 12:44:33 ----A---- C:\Windows\system32\smss.exe
2009-10-20 12:44:33 ----A---- C:\Windows\system32\credui.dll
2009-10-20 12:44:32 ----A---- C:\Windows\system32\WSDMon.dll
2009-10-20 12:44:32 ----A---- C:\Windows\system32\wmpeffects.dll
2009-10-20 12:44:32 ----A---- C:\Windows\system32\netplwiz.dll
2009-10-20 12:44:31 ----A---- C:\Windows\system32\certprop.dll
2009-10-20 12:44:28 ----A---- C:\Windows\system32\networkexplorer.dll
2009-10-20 12:44:27 ----A---- C:\Windows\system32\wpcsvc.dll
2009-10-20 12:44:27 ----A---- C:\Windows\system32\logagent.exe
2009-10-20 12:44:27 ----A---- C:\Windows\system32\ifmon.dll
2009-10-20 12:44:27 ----A---- C:\Windows\system32\cipher.exe
2009-10-20 12:44:26 ----A---- C:\Windows\system32\msscp.dll
2009-10-20 12:44:26 ----A---- C:\Windows\system32\InkEd.dll
2009-10-20 12:44:25 ----A---- C:\Windows\system32\wscapi.dll
2009-10-20 12:44:25 ----A---- C:\Windows\system32\msimtf.dll
2009-10-20 12:44:25 ----A---- C:\Windows\system32\gpresult.exe
2009-10-20 12:44:24 ----A---- C:\Windows\system32\thawbrkr.dll
2009-10-20 12:44:24 ----A---- C:\Windows\system32\softkbd.dll
2009-10-20 12:44:24 ----A---- C:\Windows\system32\sendmail.dll
2009-10-20 12:44:20 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-10-20 12:44:19 ----A---- C:\Windows\system32\olepro32.dll
2009-10-20 12:44:19 ----A---- C:\Windows\system32\msctfui.dll
2009-10-20 12:44:18 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-10-20 12:44:18 ----A---- C:\Windows\system32\dmsynth.dll
2009-10-20 12:44:17 ----A---- C:\Windows\system32\puiapi.dll
2009-10-20 12:44:16 ----A---- C:\Windows\system32\version.dll
2009-10-20 12:44:16 ----A---- C:\Windows\system32\input.dll
2009-10-20 12:44:16 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-10-20 12:44:15 ----A---- C:\Windows\system32\wshbth.dll
2009-10-20 12:44:15 ----A---- C:\Windows\system32\SLLUA.exe
2009-10-20 12:44:15 ----A---- C:\Windows\system32\msisip.dll
2009-10-20 12:44:15 ----A---- C:\Windows\system32\mprapi.dll
2009-10-20 12:44:14 ----A---- C:\Windows\system32\fc.exe
2009-10-20 12:44:11 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-10-20 12:44:11 ----A---- C:\Windows\system32\fdSSDP.dll
2009-10-20 12:44:11 ----A---- C:\Windows\system32\dmusic.dll
2009-10-20 12:44:11 ----A---- C:\Windows\system32\cscapi.dll
2009-10-20 12:44:10 ----A---- C:\Windows\system32\msjint40.dll
2009-10-20 12:44:10 ----A---- C:\Windows\system32\l2nacp.dll
2009-10-20 12:44:10 ----A---- C:\Windows\system32\ftp.exe
2009-10-20 12:44:10 ----A---- C:\Windows\system32\eapp3hst.dll
2009-10-20 12:44:09 ----A---- C:\Windows\system32\wsdchngr.dll
2009-10-20 12:44:09 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-10-20 12:44:09 ----A---- C:\Windows\system32\cscdll.dll
2009-10-20 12:44:08 ----A---- C:\Windows\system32\Storprop.dll
2009-10-20 12:44:08 ----A---- C:\Windows\system32\rasdial.exe
2009-10-20 12:44:08 ----A---- C:\Windows\system32\rasdiag.dll
2009-10-20 12:44:08 ----A---- C:\Windows\system32\bthudtask.exe
2009-10-20 12:44:08 ----A---- C:\Windows\system32\bthci.dll
2009-10-20 12:44:07 ----A---- C:\Windows\system32\fdWCN.dll
2009-10-20 12:44:07 ----A---- C:\Windows\system32\dot3cfg.dll
2009-10-20 12:44:06 ----A---- C:\Windows\system32\ipconfig.exe
2009-10-20 12:44:06 ----A---- C:\Windows\system32\eappcfg.dll
2009-10-20 12:44:05 ----A---- C:\Windows\system32\tscupgrd.exe
2009-10-20 12:44:05 ----A---- C:\Windows\system32\slcinst.dll
2009-10-20 12:44:05 ----A---- C:\Windows\system32\nslookup.exe
2009-10-20 12:44:05 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-10-20 12:44:05 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-10-20 12:44:04 ----A---- C:\Windows\system32\ocsetup.exe
2009-10-20 12:44:04 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-10-20 12:44:04 ----A---- C:\Windows\system32\eappgnui.dll
2009-10-20 12:44:03 ----A---- C:\Windows\system32\hbaapi.dll
2009-10-20 12:44:03 ----A---- C:\Windows\system32\fdeploy.dll
2009-10-20 12:44:01 ----A---- C:\Windows\system32\mmcico.dll
2009-10-20 12:43:59 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-10-20 12:43:58 ----A---- C:\Windows\system32\gpupdate.exe
2009-10-20 12:43:57 ----A---- C:\Windows\system32\cbsra.exe
2009-10-20 12:43:56 ----A---- C:\Windows\system32\csrstub.exe
2009-10-20 12:43:56 ----A---- C:\Windows\system32\bitsigd.dll
2009-10-20 12:43:55 ----A---- C:\Windows\system32\NcdProp.dll
2009-10-20 12:43:55 ----A---- C:\Windows\system32\iscsilog.dll
2009-10-20 12:43:54 ----A---- C:\Windows\system32\vdmdbg.dll
2009-10-20 12:43:53 ----A---- C:\Windows\system32\slwga.dll
2009-10-20 12:43:53 ----A---- C:\Windows\system32\odbcconf.dll
2009-10-20 12:43:52 ----A---- C:\Windows\system32\winrnr.dll
2009-10-20 12:43:52 ----A---- C:\Windows\system32\inetppui.dll
2009-10-20 12:43:51 ----A---- C:\Windows\system32\midimap.dll
2009-10-20 12:43:36 ----A---- C:\Windows\system32\msimsg.dll
2009-10-20 12:43:36 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-10-20 12:42:57 ----A---- C:\Windows\system32\SmiEngine.dll
2009-10-20 12:42:53 ----A---- C:\Windows\system32\wdscore.dll
2009-10-20 12:42:53 ----A---- C:\Windows\system32\PkgMgr.exe
2009-10-20 12:42:42 ----A---- C:\Windows\system32\drvstore.dll
2009-10-20 05:56:32 ----D---- C:\Program Files\GrassSoft
2009-10-16 14:58:23 ----D---- C:\Users\Barry W. Green\AppData\Roaming\F-Secure
2009-10-16 14:02:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-16 14:01:44 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-10-16 13:59:44 ----D---- C:\Program Files\Microsoft Sync Framework
2009-10-16 13:56:13 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-10-16 02:06:18 ----D---- C:\Windows\SQLTools9_KB970892_ENU
2009-10-16 02:04:10 ----D---- C:\Windows\SQL9_KB970892_ENU
2009-10-16 02:01:36 ----D---- C:\Program Files\NeoSmart Technologies
2009-10-15 21:53:13 ----A---- C:\Windows\system32\ieframe.dll
2009-10-15 21:53:07 ----A---- C:\Windows\system32\iertutil.dll
2009-10-15 21:53:05 ----A---- C:\Windows\system32\urlmon.dll
2009-10-15 21:53:04 ----A---- C:\Windows\system32\wininet.dll
2009-10-15 21:53:03 ----A---- C:\Windows\system32\occache.dll
2009-10-15 21:53:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-15 21:53:03 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-15 21:53:01 ----A---- C:\Windows\system32\ieui.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-15 21:53:00 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-15 21:53:00 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\iesetup.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\iernonce.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\iepeers.dll
2009-10-15 21:53:00 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-15 21:51:45 ----A---- C:\Windows\system32\msasn1.dll
2009-10-15 21:51:14 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-15 21:51:03 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-15 21:51:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-15 21:49:24 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-15 05:53:21 ----D---- C:\Users\Barry W. Green\AppData\Roaming\Move Networks
======List of files/folders modified in the last 1 months======
2009-11-07 07:20:40 ----D---- C:\Windows\temp
2009-11-07 07:20:37 ----D---- C:\Program Files\Trend Micro
2009-11-07 02:27:15 ----SHD---- C:\System Volume Information
2009-11-07 02:20:10 ----D---- C:\Windows\Registration
2009-11-07 00:15:03 ----A---- C:\Windows\system32\UninitializedDebugLog.txt
2009-11-06 17:58:38 ----D---- C:\Windows\System32
2009-11-06 17:58:38 ----D---- C:\Windows\inf
2009-11-06 17:58:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-06 15:52:48 ----D---- C:\Windows\pss
2009-11-06 15:39:16 ----D---- C:\Windows\Prefetch
2009-11-06 15:28:16 ----D---- C:\Windows\Minidump
2009-11-06 15:28:06 ----AD---- C:\Windows
2009-11-06 10:20:53 ----D---- C:\Windows\system32\drivers
2009-11-06 10:20:50 ----RD---- C:\Program Files
2009-11-06 10:20:50 ----HD---- C:\ProgramData
2009-11-06 09:59:57 ----A---- C:\Windows\ntbtlog.txt
2009-11-05 13:52:14 ----D---- C:\Windows\Tasks
2009-11-05 03:05:14 ----D---- C:\Windows\winsxs
2009-11-04 15:25:14 ----D---- C:\Windows\system32\catroot
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-02 18:16:16 ----D---- C:\Windows\rescache
2009-11-02 18:00:40 ----D---- C:\Windows\system32\Tasks
2009-11-02 17:54:37 ----D---- C:\Windows\system32\en-US
2009-11-02 17:54:34 ----D---- C:\Windows\system32\wbem
2009-11-02 17:54:29 ----D---- C:\Windows\system32\zh-HK
2009-11-02 17:54:29 ----D---- C:\Windows\system32\uk-UA
2009-11-02 17:54:29 ----D---- C:\Windows\system32\tr-TR
2009-11-02 17:54:29 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-02 17:54:29 ----D---- C:\Windows\system32\sl-SI
2009-11-02 17:54:29 ----D---- C:\Windows\system32\pt-PT
2009-11-02 17:54:29 ----D---- C:\Windows\system32\pt-BR
2009-11-02 17:54:29 ----D---- C:\Windows\system32\pl-PL
2009-11-02 17:54:29 ----D---- C:\Windows\system32\nl-NL
2009-11-02 17:54:29 ----D---- C:\Windows\system32\ko-KR
2009-11-02 17:54:29 ----D---- C:\Windows\system32\it-IT
2009-11-02 17:54:29 ----D---- C:\Windows\system32\hu-HU
2009-11-02 17:54:29 ----D---- C:\Windows\system32\hr-HR
2009-11-02 17:54:29 ----D---- C:\Windows\system32\he-IL
2009-11-02 17:54:29 ----D---- C:\Windows\system32\fr-FR
2009-11-02 17:54:29 ----D---- C:\Windows\system32\fi-FI
2009-11-02 17:54:29 ----D---- C:\Windows\system32\el-GR
2009-11-02 17:54:29 ----D---- C:\Windows\system32\bg-BG
2009-11-02 17:54:28 ----D---- C:\Windows\system32\zh-TW
2009-11-02 17:54:28 ----D---- C:\Windows\system32\zh-CN
2009-11-02 17:54:28 ----D---- C:\Windows\system32\th-TH
2009-11-02 17:54:28 ----D---- C:\Windows\system32\sv-SE
2009-11-02 17:54:28 ----D---- C:\Windows\system32\sk-SK
2009-11-02 17:54:28 ----D---- C:\Windows\system32\ru-RU
2009-11-02 17:54:28 ----D---- C:\Windows\system32\ro-RO
2009-11-02 17:54:28 ----D---- C:\Windows\system32\nb-NO
2009-11-02 17:54:28 ----D---- C:\Windows\system32\lv-LV
2009-11-02 17:54:28 ----D---- C:\Windows\system32\lt-LT
2009-11-02 17:54:28 ----D---- C:\Windows\system32\ja-JP
2009-11-02 17:54:28 ----D---- C:\Windows\system32\et-EE
2009-11-02 17:54:28 ----D---- C:\Windows\system32\es-ES
2009-11-02 17:54:28 ----D---- C:\Windows\system32\de-DE
2009-11-02 17:54:28 ----D---- C:\Windows\system32\da-DK
2009-11-02 17:54:28 ----D---- C:\Windows\system32\cs-CZ
2009-11-02 17:54:28 ----D---- C:\Windows\system32\ar-SA
2009-11-02 08:37:50 ----D---- C:\Windows\system32\catroot2
2009-11-01 21:44:41 ----D---- C:\ProgramData\Microsoft Help
2009-10-31 16:05:42 ----SHD---- C:\Windows\Installer
2009-10-31 16:05:41 ----HD---- C:\Config.Msi
2009-10-31 16:05:40 ----D---- C:\Windows\system32\rserver30
2009-10-31 14:37:54 ----D---- C:\Program Files\Red Alert 3
2009-10-30 12:38:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-30 11:42:37 ----D---- C:\ProgramData\NVIDIA
2009-10-29 02:17:37 ----D---- C:\Program Files\Internet Explorer
2009-10-29 02:17:34 ----D---- C:\Program Files\Windows Media Player
2009-10-28 08:39:33 ----SD---- C:\Users\Barry W. Green\AppData\Roaming\Microsoft
2009-10-26 12:12:05 ----RD---- C:\Users
2009-10-26 12:11:45 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-10-25 19:39:44 ----D---- C:\Windows\system32\migwiz
2009-10-25 14:47:10 ----D---- C:\ProgramData\f-secure
2009-10-25 14:45:23 ----D---- C:\ProgramData\fssg
2009-10-24 12:05:40 ----D---- C:\Program Files\Mozilla Firefox
2009-10-23 16:59:45 ----D---- C:\ProgramData\Adobe
2009-10-23 10:24:00 ----D---- C:\Program Files\Common Files\Adobe
2009-10-23 02:11:18 ----D---- C:\Windows\Microsoft.NET
2009-10-23 02:11:06 ----RSD---- C:\Windows\assembly
2009-10-21 16:12:49 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-21 10:09:33 ----SHDC---- C:\Boot
2009-10-21 10:01:10 ----D---- C:\Program Files\Windows Mail
2009-10-21 10:01:10 ----D---- C:\Program Files\Windows Calendar
2009-10-21 10:01:10 ----D---- C:\Program Files\Movie Maker
2009-10-21 10:01:09 ----D---- C:\Program Files\Windows Sidebar
2009-10-21 10:01:09 ----D---- C:\Program Files\Windows Journal
2009-10-21 10:01:09 ----D---- C:\Program Files\Windows Collaboration
2009-10-21 10:01:08 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-21 10:01:08 ----D---- C:\Program Files\Common Files\System
2009-10-21 10:01:01 ----D---- C:\Windows\servicing
2009-10-21 10:01:01 ----D---- C:\Windows\ehome
2009-10-21 10:01:01 ----D---- C:\Program Files\Windows Defender
2009-10-21 10:00:57 ----D---- C:\Windows\system32\XPSViewer
2009-10-21 10:00:57 ----D---- C:\Windows\IME
2009-10-21 10:00:53 ----D---- C:\Windows\system32\oobe
2009-10-21 10:00:53 ----D---- C:\Windows\system32\migration
2009-10-21 10:00:51 ----D---- C:\Windows\system32\setup
2009-10-21 10:00:51 ----D---- C:\Windows\system32\AdvancedInstallers
2009-10-21 10:00:50 ----D---- C:\Windows\system32\SLUI
2009-10-21 10:00:49 ----D---- C:\Windows\system32\manifeststore
2009-10-21 10:00:49 ----D---- C:\Windows\system32\en
2009-10-21 10:00:25 ----RSD---- C:\Windows\Fonts
2009-10-21 10:00:25 ----D---- C:\Windows\AppPatch
2009-10-21 10:00:17 ----D---- C:\Windows\system32\Boot
2009-10-20 07:28:42 ----D---- C:\Windows\system32\LogFiles
2009-10-20 07:28:19 ----D---- C:\Users\Barry W. Green\AppData\Roaming\LimeWire
2009-10-16 15:09:35 ----D---- C:\Program Files\Luxor Quest For The Afterlife
2009-10-16 14:00:50 ----D---- C:\Program Files\Windows Live
2009-10-16 13:59:30 ----SD---- C:\ProgramData\Microsoft
2009-10-16 13:53:37 ----D---- C:\Program Files\Microsoft
2009-10-16 02:06:29 ----D---- C:\Program Files\Microsoft SQL Server
2009-10-15 10:52:22 ----SD---- C:\Windows\Downloaded Program Files
2009-10-13 06:11:41 ----D---- C:\Users\Barry W. Green\AppData\Roaming\Vso
2009-10-10 10:04:00 ----D---- C:\Windows\ModemLogs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-09-11 24744]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\CenturyLink Online Security\HIPS\drivers\fshs.sys [2009-08-05 68064]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2009-08-05 35680]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2009-08-05 71040]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2009-05-19 18816]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-10-07 61424]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-04-25 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-04-25 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-09-24 104512]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
R3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-18 159744]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\CenturyLink Online Security\Anti-Virus\minifilter\fsgk.sys [2009-10-25 101496]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-10-07 7380896]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-06-27 47360]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-08-22 26760]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 afzwjcu4;afzwjcu4; C:\Windows\system32\drivers\afzwjcu4.sys []
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2008-11-25 9728]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2008-11-25 3072]
S3 fsbl;F-Secure BlackLight Engine Driver; \??\C:\Program Files\CenturyLink Online Security\Anti-Virus\fsbldrv.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-02-12 36608]
S3 mirrorv3;mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-18 18432]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\PCTINDIS5.SYS [2009-05-19 32408]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Winachcf;Winachcf; C:\Windows\system32\DRIVERS\winachcf.sys [2001-08-15 737975]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\CenturyLink Online Security\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\CenturyLink Online Security\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 MSSQL$MSIWAREHOUSE;SQL Server (MSIWAREHOUSE); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [2006-11-02 7168]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R4 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\CenturyLink Online Security\FWES\Program\fsdfwd.exe [2009-10-29 522848]
R4 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\CenturyLink Online Security\Anti-Virus\fsgk32st.exe [2009-08-05 215648]
R4 FSMA;F-Secure Management Agent; C:\Program Files\CenturyLink Online Security\Common\FSMA32.EXE [2009-08-05 186976]
R4 FSORSPClient;F-Secure ORSP Client; C:\Program Files\CenturyLink Online Security\ORSP Client\fsorsp.exe [2009-10-27 55928]
R4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-10-07 203296]
R4 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 ATTRcAppSvc;AT&T RcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2009-05-19 121344]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CAATT;AT&T Con App Svc; C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe [2009-05-19 125440]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-19 655624]
S4 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-02-12 233472]
S4 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 MSI Studio Warehouse;MSI Studio Warehouse; C:\Program Files\ScriptLogic Corporation\MSI Studio\MSIStudio Web Service\MSISWarehouseMonitor.exe [2008-08-27 27792]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S4 NoIPDUCService;NoIPDUCService; C:\Program Files\No-IP\DUC20.exe [2009-07-05 1172992]
S4 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-16 2849757]
S4 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
-----------------EOF-----------------
Hi,
Not really looking at anything out of line.
Did you set this proxy ?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
Due to inactivity, this thread will now be closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.