Inactive [A] Browser redirect -- scour.com and findsearchenginerepair

[Nyssa]

Hi there,
First, thank you in advance for your assistance.

I'm encountering a browser redirect in both Firefox and IE. I believe it began when I was searching in Google (not Images, but Search) and accidently clicked the top ad rather than the first search result.

I have tried malware bytes, ccleaner, spyware doctor, mcaffee, and norton's NPE. Right now, everything comes up as clean. Yet, both browsers still redirect if I click on anything in search results. (Those products did find issues but after allowing them to clean, nothing shows up now.)

I should note that I've tried uninstalling Firefox through both Control Panel and ccleaner and nothing happens.

The PC is very slow and frequently locks up - even in Safe Mode. Still redirects.

I didn't find your forums until today - otherwise I would have started here.

Below, please find the Malware Bytes log. GMER refused to launch. (I downloaded it twice and tried to run it a couple of times. Tried rebooting.) DDS runs and the hashmarks get 3/4 of the way across then it seems to lock up. Tried a couple of times also.

The stickied thread said to try these in normal mode. Shall I try in Safe Mode? Other suggestions?
Thank you.
---------------------------------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nyssa :: DANA-PC [administrator]

3/29/2012 8:35:04 PM
mbam-log-2012-03-29 (20-35-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222802
Time elapsed: 13 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Nyssa]

Oh, I should add, haven't had any pop-ups, no porn.
Just redirects on anything that I click on in searches on either browser.
Thanks.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Nyssa]

Hi Broni,
Thanks for your assistance.

I will have access to the laptop again tomorrow and will attempt to run the logs again and post results.

 

[Nyssa]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nyssa :: DANA-PC [administrator]

3/29/2012 8:35:04 PM
mbam-log-2012-03-29 (20-35-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222802
Time elapsed: 13 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Nyssa]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-30 21:30:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: 9nejlgc2.exe; Driver: C:\Users\Nyssa\AppData\Local\Temp\pxldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Nyssa at 12:50:57 on 2012-03-31
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3543.2266 [GMT -5:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120330090114.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8448DD7B-5738-4FFD-9967-31BEC9ED3C03} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{97E2053B-368F-4C64-B78E-A695F28B6D08} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-4 464176]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-27 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-27 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-27 909728]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-27 54328]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-27 574424]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-12 64880]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-12 165680]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-27 253352]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-27 185560]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-4 81920]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-3-27 550864]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-12 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-12 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-12 150856]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-12 57600]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-4 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-4 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-12 338176]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-27 35264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-30 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-30 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-12 87656]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-4 40552]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-27 70536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-3-27 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-3-27 1117624]
S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-30 13:45:56 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9cd1710a-40cc-4d8e-9557-a41244290f19}\mpengine.dll
2012-03-30 01:29:51 -------- d-----w- c:\users\nyssa\appdata\roaming\Malwarebytes
2012-03-29 22:50:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-29 22:50:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-29 22:50:42 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-29 22:50:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-29 22:50:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-29 22:50:39 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-03-29 22:50:35 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-29 14:14:31 -------- d-----w- c:\program files\Windows Portable Devices
2012-03-29 14:03:50 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-03-29 14:03:49 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-03-29 14:03:49 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-03-29 14:01:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-29 14:01:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-29 14:01:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-29 14:01:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-29 14:01:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-29 14:01:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-29 14:01:00 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-29 13:06:01 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-29 13:05:53 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-03-29 13:05:53 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-29 13:05:52 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-29 13:05:51 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-29 13:05:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-29 13:05:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-29 13:05:49 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-29 13:01:23 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-03-29 13:01:22 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-03-29 13:01:13 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-03-29 13:01:12 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-03-29 13:01:12 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-03-29 13:01:11 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-29 13:00:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-29 13:00:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-29 13:00:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-03-29 13:00:22 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-29 13:00:22 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-03-29 13:00:22 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-29 13:00:21 9728 ----a-w- c:\windows\system32\lsass.exe
2012-03-29 13:00:21 72704 ----a-w- c:\windows\system32\secur32.dll
2012-03-29 13:00:18 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:00:14 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-29 13:00:10 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-29 12:59:44 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-29 12:59:44 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-29 12:59:43 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-03-29 12:59:42 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-03-29 12:59:39 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-29 12:59:36 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-03-29 12:59:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-29 12:59:03 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-03-29 12:58:59 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-29 12:58:50 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-03-29 12:58:50 189952 ----a-w- c:\windows\system32\winmm.dll
2012-03-29 12:58:46 66560 ----a-w- c:\windows\system32\packager.dll
2012-03-29 12:58:44 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2012-03-29 12:58:42 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-03-29 12:58:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-29 12:57:50 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-03-29 06:01:46 -------- d-----w- c:\windows\system32\vi-VN
2012-03-29 06:01:46 -------- d-----w- c:\windows\system32\eu-ES
2012-03-29 06:01:46 -------- d-----w- c:\windows\system32\ca-ES
2012-03-29 05:54:34 -------- d-----w- c:\windows\system32\SPReview
2012-03-29 05:32:49 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-03-29 05:32:42 57856 ----a-w- c:\windows\system32\compcln.exe
2012-03-29 05:30:51 93696 ----a-w- c:\windows\system32\eappgnui.dll
2012-03-29 05:29:59 84992 ----a-w- c:\windows\system32\mstlsapi.dll
2012-03-29 05:28:59 92918 ----a-w- c:\windows\system32\slmgr.vbs
2012-03-29 05:24:47 -------- d-----w- c:\windows\system32\EventProviders
2012-03-29 03:33:51 -------- d-----w- c:\users\nyssa\appdata\local\NPE
2012-03-29 03:33:51 -------- d-----w- c:\programdata\Norton
2012-03-29 03:05:21 -------- d-----w- c:\users\nyssa\appdata\roaming\PCTools
2012-03-29 02:25:52 -------- d-----w- c:\users\nyssa\appdata\local\Stardock_Corporation
2012-03-28 16:44:11 -------- d-----w- C:\6b043e67185721d370cac201
2012-03-28 16:24:04 -------- d-----w- c:\windows\system32\WCID
2012-03-28 03:21:42 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-28 03:21:42 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-28 03:21:42 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-28 02:56:31 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-28 02:55:51 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-28 02:55:49 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-28 02:41:47 767952 ----a-w- c:\windows\BDTSupport.dll0342.old
2012-03-28 02:41:47 767952 ----a-w- c:\windows\BDTSupport.dll0321.old
2012-03-28 02:41:47 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-28 02:41:46 149456 ----a-w- c:\windows\SGDetectionTool.dll0342.old
2012-03-28 02:41:46 149456 ----a-w- c:\windows\SGDetectionTool.dll0321.old
2012-03-28 02:41:46 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-28 02:41:45 2250704 ----a-w- c:\windows\PCTBDCore.dll0342.old
2012-03-28 02:41:45 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-28 02:41:45 1996752 ----a-w- c:\windows\PCTBDCore.dll0321.old
2012-03-28 02:41:44 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-28 00:53:25 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-28 00:53:25 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-28 00:53:23 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-28 00:53:22 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-28 00:53:18 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-28 00:53:17 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-28 00:52:59 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-28 00:52:33 -------- d-----w- c:\program files\common files\PC Tools
2012-03-28 00:52:32 -------- d-----w- c:\programdata\PC Tools
2012-03-28 00:52:32 -------- d-----w- c:\program files\PC Tools Security
2012-03-28 00:07:00 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-28 00:06:59 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-28 00:02:35 -------- d-----w- c:\users\nyssa\appdata\local\Mozilla
.
==================== Find3M ====================
.
2012-03-29 23:23:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-29 23:23:04 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-29 23:23:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-29 23:23:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-29 23:23:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-29 23:23:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-29 23:23:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-29 23:23:01 367104 ----a-w- c:\windows\system32\html.iec
2012-03-29 23:23:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-29 23:22:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-29 23:22:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-29 23:22:57 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-29 23:22:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-29 23:22:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-29 23:22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-29 23:22:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-29 23:22:55 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-29 23:22:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-29 23:22:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-29 23:22:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-29 23:22:52 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 02:45:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:51:56.02 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 4/4/2009 1:55:02 AM
System Uptime: 3/31/2012 9:13:54 AM (3 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 155.642 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 8.664 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP415: 2/13/2012 8:45:13 PM - Scheduled Checkpoint
RP416: 2/15/2012 4:15:47 PM - Scheduled Checkpoint
RP417: 2/21/2012 5:57:59 PM - Scheduled Checkpoint
RP418: 2/21/2012 8:46:45 PM - Good - Before WinUpdate
RP419: 2/21/2012 8:52:14 PM - Windows Update
RP420: 2/23/2012 7:19:31 PM - Scheduled Checkpoint
RP421: 3/5/2012 3:58:17 PM - Scheduled Checkpoint
RP422: 3/8/2012 9:45:26 PM - Scheduled Checkpoint
RP423: 3/17/2012 4:24:48 PM - Scheduled Checkpoint
RP424: 3/19/2012 8:28:49 AM - Scheduled Checkpoint
RP425: 3/25/2012 1:39:58 PM - Scheduled Checkpoint
RP426: 3/27/2012 7:12:26 PM - Restore Operation
RP427: 3/28/2012 11:43:42 AM - Windows Update
RP428: 3/28/2012 10:59:36 PM - Norton_Power_Eraser_20120328225936057
RP429: 3/28/2012 11:36:19 PM - Removed Dell Dock
RP430: 3/28/2012 11:38:46 PM - Removed FedEx Office Printer.
RP431: 3/28/2012 11:39:58 PM - Removed Google Earth.
RP432: 3/29/2012 12:27:41 AM - Windows Vista™ Service Pack 2
RP433: 3/29/2012 8:06:12 AM - Windows Update
RP434: 3/29/2012 5:50:46 PM - Windows Update
RP435: 3/29/2012 6:19:58 PM - Windows Update
RP436: 3/30/2012 8:45:18 AM - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Banctec Service Agreement
Big Fish Games: Game Manager
Bonjour
BufferChm
CCleaner
CDDRV_Installer
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Remote Access
Dell Resource CD
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
DELL0604
Destination Component
DeviceManagementQFolder
DocProc
DocProcQFolder
Drivers Install For Linksys Easylink Advisor
erLT
eSupportQFolder
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart Essential
HP Scanjet 4800 series 9.0
HP Solution Center 9.0
hpg4850
hpg4850QFolder
HPProductAssistant
Integrated Webcam Driver (1.02.01.0320)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 24
KhalInstallWrapper
Linksys EasyLink Advisor 1.6 (0032)
Live! Cam Avatar Creator
Logitech SetPoint
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Streets & Trips 2011
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OverDrive Media Console
PanoStandAlone
PC Tools Spyware Doctor with AntiVirus 9.0
PowerDVD
Quicken 2009
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SolutionCenter
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VoiceOver Kit
Web Games Player Plugin
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
3/30/2012 9:28:03 PM, Error: netbt [4321] - The name "THE_ONE_RING :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
3/30/2012 8:53:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SMR250
3/30/2012 8:53:43 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/30/2012 8:53:43 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/30/2012 8:53:04 AM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
3/30/2012 8:52:29 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:59 AM on 3/30/2012 was unexpected.
3/30/2012 8:31:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
3/30/2012 8:29:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/30/2012 8:29:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/30/2012 8:29:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb SMR250 spldr tdx Wanarpv6 ws2ifsl
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 8:28:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/30/2012 8:28:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/30/2012 8:28:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 8:28:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/30/2012 8:27:35 AM, Error: EventLog [6008] - The previous system shutdown at 8:25:14 AM on 3/30/2012 was unexpected.
3/30/2012 8:22:36 AM, Error: EventLog [6008] - The previous system shutdown at 8:21:22 AM on 3/30/2012 was unexpected.
3/30/2012 12:00:05 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
3/29/2012 9:10:57 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/29/2012 9:10:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows Vista (KB2633171).
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-8_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-7_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-6_neutral_GDR from package KB2633171(Security Update) into Staging(Staging) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-30_neutral_PACKAGE from package KB2633171(Security Update) into Absent(Absent) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-3_neutral_GDR from package KB2633171(Security Update) into Staging(Staging) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-29_neutral_PACKAGE from package KB2633171(Security Update) into Absent(Absent) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-28_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-25_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633171 (Security Update) into Install Requested(Install Requested) state
3/29/2012 8:56:17 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/29/2012 8:54:13 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/29/2012 7:34:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2644615 (Security Update) into Resolved(Resolved) state
3/29/2012 7:22:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/29/2012 10:40:14 PM, Error: PCTCore [280] - The item store is corrupted: @5512.
3/29/2012 10:32:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer THE_ONE_RING that believes that it is the master browser for the domain on transport NetBT_Tcpip_{97E2053B-368F-4C64-B78E-A695F. The master browser is stopping or an election is being forced.
3/29/2012 1:10:10 AM, Error: Service Control Manager [7023] - The McAfee VirusScan Announcer service terminated with the following error: Operation aborted
.
==== End Of File ===========================

Broni, I think those are all of the logs to start with.

I should also mention that I was able to remove Firefox (by re-installing, then uninstalling it.) Immediately, speed went back to normal. However, I do not want to assume that everything is good to go. These logs are after the Firefox uninstall. (They wouldn't even run beofre hte uninstall...)

Please let me know what next steps you recommend.
Thanks much.

 

[Nyssa]

Question. I'm ran these logs onthe infected machine, using a different profile, since the infected profile is stalling. Is this okay, or are you looking for info that will only be logged if I'm using the infected profile?
Thanks.
Dana

 

[Broni]

You did fine.

You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and McAfee.
One of them has to go.
If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Broni]

You did fine.

You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and McAfee.
One of them has to go.
If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Then...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Nyssa]

Uninstalled McAffee.
Let me know if/when you would like me to see if the browser is still re-directing.
Thanks.


____________________________________________________

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 11:17:13
-----------------------------
11:17:13.580 OS Version: Windows 6.0.6002 Service Pack 2
11:17:13.581 Number of processors: 2 586 0x170A
11:17:13.582 ComputerName: DANA-PC UserName: Nyssa
11:17:46.873 Initialize success
11:20:35.899 AVAST engine defs: 12040100
11:34:36.662 The log file has been saved successfully to "C:\Users\Nyssa\Desktop\aswMBR.txt"


___________________________________________________

Next log forthcoming.

 

[Nyssa]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`ac000000
Boot sector MD5 is: fe5642739ba66ba18c128543669678a2

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

aswMBR log looks incomplete.
Re-run it, be patient and let it finish.

 

[Nyssa]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 15:31:07
-----------------------------
15:31:07.082 OS Version: Windows 6.0.6002 Service Pack 2
15:31:07.083 Number of processors: 2 586 0x170A
15:31:07.083 ComputerName: DANA-PC UserName: Nyssa
15:31:22.517 Initialize success
15:31:37.705 AVAST engine defs: 12040100
15:31:39.009 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:31:39.014 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:31:39.037 Disk 0 MBR read successfully
15:31:39.042 Disk 0 MBR scan
15:31:39.237 Disk 0 Windows VISTA default MBR code
15:31:39.245 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:31:39.424 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
15:31:39.668 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
15:31:39.827 Disk 0 scanning sectors +625140400
15:31:40.091 Disk 0 scanning C:\Windows\system32\drivers
15:32:30.521 Service scanning
15:33:16.278 Modules scanning
15:33:30.162 Disk 0 trace - called modules:
15:33:30.204 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iastor.sys hal.dll
15:33:30.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ea7820]
15:33:30.226 3 CLASSPNP.SYS[8c1a38b3] -> nt!IofCallDriver -> [0x8696f390]
15:33:30.236 5 PCTCore.sys[82afa407] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f24028]
15:33:31.839 AVAST engine scan C:\Windows
15:33:41.034 AVAST engine scan C:\Windows\system32
15:40:16.018 AVAST engine scan C:\Windows\system32\drivers
15:40:53.163 AVAST engine scan C:\Users\Nyssa
15:43:54.141 AVAST engine scan C:\ProgramData
15:46:51.875 Scan finished successfully
15:52:19.075 Disk 0 MBR has been saved successfully to "C:\Users\Nyssa\Desktop\MBR.dat"
15:52:19.086 The log file has been saved successfully to "C:\Users\Nyssa\Desktop\aswMBR.txt"

 

[Broni]

Good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Nyssa]

ComboFix 12-04-01.01 - Nyssa 04/01/2012 16:46:04.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3543.2037 [GMT -5:00]
Running from: c:\users\Nyssa\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dana\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 21:57 . 2012-04-01 21:57 -------- d-----w- c:\users\Nyssa\AppData\Local\CrashDumps
2012-04-01 21:57 . 2012-04-01 21:58 -------- d-----w- c:\users\Nyssa\AppData\Local\temp
2012-03-30 13:45 . 2012-03-20 08:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CD1710A-40CC-4D8E-9557-A41244290F19}\mpengine.dll
2012-03-30 01:29 . 2012-03-30 01:29 -------- d-----w- c:\users\Nyssa\AppData\Roaming\Malwarebytes
2012-03-29 22:50 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-29 22:50 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-29 22:50 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-29 22:50 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-29 22:50 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-29 22:50 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-03-29 22:50 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-29 14:14 . 2012-03-29 14:14 -------- d-----w- c:\program files\Windows Portable Devices
2012-03-29 14:03 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-03-29 14:03 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-03-29 14:03 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-03-29 14:01 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-29 14:01 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-29 14:01 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-29 14:01 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-29 14:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-29 14:01 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-29 14:01 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-29 13:06 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-29 13:05 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-03-29 13:05 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-29 13:05 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-29 13:05 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-29 13:05 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-29 13:05 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-29 13:05 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-29 13:01 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-03-29 13:01 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-03-29 13:01 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-03-29 13:01 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-03-29 13:01 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-03-29 13:01 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-29 13:00 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-29 13:00 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-29 13:00 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-03-29 13:00 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-29 13:00 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-03-29 13:00 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-29 13:00 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-03-29 13:00 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-03-29 13:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:00 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-29 13:00 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-29 12:59 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-29 12:59 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-29 12:59 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-03-29 12:59 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-03-29 12:59 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-29 12:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-03-29 12:59 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-29 12:59 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-03-29 12:58 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-29 12:58 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-03-29 12:58 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-03-29 12:58 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-03-29 12:58 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-03-29 12:58 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-03-29 12:58 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-29 12:57 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-03-29 06:01 . 2012-03-29 06:02 -------- d-----w- c:\windows\system32\ca-ES
2012-03-29 06:01 . 2012-03-29 06:02 -------- d-----w- c:\windows\system32\eu-ES
2012-03-29 06:01 . 2012-03-29 06:02 -------- d-----w- c:\windows\system32\vi-VN
2012-03-29 05:54 . 2012-03-29 05:54 -------- d-----w- c:\windows\system32\SPReview
2012-03-29 05:32 . 2009-04-11 04:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-03-29 05:32 . 2009-04-11 04:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-03-29 05:30 . 2009-04-11 04:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2012-03-29 05:29 . 2009-04-11 04:28 84992 ----a-w- c:\windows\system32\mstlsapi.dll
2012-03-29 05:28 . 2009-04-11 04:28 777216 ----a-w- c:\windows\system32\slcc.dll
2012-03-29 05:24 . 2012-03-29 05:24 -------- d-----w- c:\windows\system32\EventProviders
2012-03-29 04:15 . 2012-03-29 04:24 -------- d-----w- c:\users\Dana\AppData\Local\NPE
2012-03-29 03:33 . 2012-03-29 16:03 -------- d-----w- c:\users\Nyssa\AppData\Local\NPE
2012-03-29 03:33 . 2012-03-29 03:34 -------- d-----w- c:\programdata\Norton
2012-03-29 03:05 . 2012-03-29 03:05 -------- d-----w- c:\users\Nyssa\AppData\Roaming\PCTools
2012-03-29 02:25 . 2012-03-29 02:25 -------- d-----w- c:\users\Nyssa\AppData\Local\Stardock_Corporation
2012-03-29 01:06 . 2012-03-29 01:07 -------- d-----w- c:\users\Dana2
2012-03-28 16:44 . 2012-03-28 16:47 -------- d-----w- C:\6b043e67185721d370cac201
2012-03-28 16:24 . 2012-04-01 21:35 -------- d-----w- c:\windows\system32\WCID
2012-03-28 03:21 . 2012-02-24 14:16 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-28 03:21 . 2012-02-24 14:16 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-28 03:21 . 2012-02-24 14:16 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-28 03:11 . 2012-03-28 03:11 -------- d-----w- c:\users\Dana\AppData\Local\Threat Expert
2012-03-28 02:56 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-28 02:55 . 2012-02-24 15:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-28 02:55 . 2012-02-24 15:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-28 02:49 . 2012-03-28 02:49 -------- d-----w- c:\users\Dana\AppData\Roaming\TestApp
2012-03-28 02:41 . 2012-02-17 20:08 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-28 02:41 . 2012-02-17 20:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-28 02:41 . 2012-02-17 20:08 2250704 ----a-w- c:\windows\PCTBDCore.dll
2012-03-28 02:41 . 2012-02-17 20:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-28 00:53 . 2011-12-01 21:07 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-28 00:53 . 2011-12-01 21:07 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-28 00:53 . 2012-02-24 15:31 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-28 00:53 . 2012-02-24 15:31 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-28 00:53 . 2011-11-14 20:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-28 00:53 . 2011-11-14 20:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-28 00:52 . 2012-02-24 15:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-28 00:52 . 2012-03-28 01:10 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-28 00:52 . 2012-04-01 21:39 -------- d-----w- c:\program files\PC Tools Security
2012-03-28 00:52 . 2012-03-28 03:21 -------- d-----w- c:\programdata\PC Tools
2012-03-28 00:52 . 2012-03-28 00:52 -------- d-----w- c:\users\Dana\AppData\Roaming\PC Tools
2012-03-28 00:07 . 2012-03-18 05:11 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-28 00:06 . 2012-03-18 05:11 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-28 00:02 . 2012-03-28 00:02 -------- d-----w- c:\users\Nyssa\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2010-05-16 04:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 02:45 . 2011-05-15 14:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 19:01 . 2010-09-13 01:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
.
c:\users\Dana2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-24 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Nyssa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Nyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 23:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 20:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 18:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2012-02-24 15:36 2659768 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2009-01-09 17:06 1735760 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-30 22:26]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-30 22:26]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 16:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,2b,7e,25,4f,69,75,4c,b5,b6,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,2b,7e,25,4f,69,75,4c,b5,b6,52,\
.
Completion time: 2012-04-01 17:00:21
ComboFix-quarantined-files.txt 2012-04-01 22:00
.
Pre-Run: 166,464,172,032 bytes free
Post-Run: 166,688,366,592 bytes free
.
- - End Of File - - 00AD3CFC14DB63352E63026AB42B6903


Looks like Windows Defender was still running.
Ack!
Let me know if you want me to run it again.

 

[Broni]

You did fine.

How is redirection?

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Nyssa]

19:01:08.0229 3256 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:01:09.0570 3256 ============================================================
19:01:09.0570 3256 Current date / time: 2012/04/01 19:01:09.0570
19:01:09.0570 3256 SystemInfo:
19:01:09.0570 3256
19:01:09.0570 3256 OS Version: 6.0.6002 ServicePack: 2.0
19:01:09.0570 3256 Product type: Workstation
19:01:09.0570 3256 ComputerName: DANA-PC
19:01:09.0570 3256 UserName: Nyssa
19:01:09.0570 3256 Windows directory: C:\Windows
19:01:09.0570 3256 System windows directory: C:\Windows
19:01:09.0570 3256 Processor architecture: Intel x86
19:01:09.0570 3256 Number of processors: 2
19:01:09.0570 3256 Page size: 0x1000
19:01:09.0570 3256 Boot type: Normal boot
19:01:09.0570 3256 ============================================================
19:01:10.0147 3256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:01:10.0147 3256 \Device\Harddisk0\DR0:
19:01:10.0163 3256 MBR used
19:01:10.0163 3256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:01:10.0163 3256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
19:01:10.0225 3256 Initialize success
19:01:10.0225 3256 ============================================================
19:01:29.0367 5252 ============================================================
19:01:29.0367 5252 Scan started
19:01:29.0367 5252 Mode: Manual;
19:01:29.0367 5252 ============================================================
19:01:29.0959 5252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:01:29.0975 5252 ACPI - ok
19:01:30.0100 5252 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:01:30.0115 5252 adp94xx - ok
19:01:30.0162 5252 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:01:30.0162 5252 adpahci - ok
19:01:30.0193 5252 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:01:30.0193 5252 adpu160m - ok
19:01:30.0225 5252 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:01:30.0225 5252 adpu320 - ok
19:01:30.0303 5252 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:01:30.0303 5252 AeLookupSvc - ok
19:01:30.0396 5252 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
19:01:30.0396 5252 AESTFilters - ok
19:01:30.0537 5252 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:01:30.0552 5252 AFD - ok
19:01:30.0615 5252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:01:30.0615 5252 agp440 - ok
19:01:30.0646 5252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:01:30.0646 5252 aic78xx - ok
19:01:30.0693 5252 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:01:30.0693 5252 ALG - ok
19:01:30.0739 5252 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:01:30.0739 5252 aliide - ok
19:01:30.0802 5252 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:01:30.0802 5252 amdagp - ok
19:01:30.0817 5252 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:01:30.0833 5252 amdide - ok
19:01:30.0849 5252 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:01:30.0849 5252 AmdK7 - ok
19:01:30.0880 5252 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:01:30.0880 5252 AmdK8 - ok
19:01:30.0927 5252 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:01:30.0942 5252 ApfiltrService - ok
19:01:31.0036 5252 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:01:31.0036 5252 Appinfo - ok
19:01:31.0129 5252 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:01:31.0129 5252 Apple Mobile Device - ok
19:01:31.0285 5252 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:01:31.0285 5252 arc - ok
19:01:31.0395 5252 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:01:31.0395 5252 arcsas - ok
19:01:31.0535 5252 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:01:31.0535 5252 aspnet_state - ok
19:01:31.0613 5252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:01:31.0613 5252 AsyncMac - ok
19:01:31.0644 5252 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
19:01:31.0644 5252 atapi - ok
19:01:31.0722 5252 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:01:31.0738 5252 AudioEndpointBuilder - ok
19:01:31.0753 5252 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:01:31.0753 5252 Audiosrv - ok
19:01:31.0878 5252 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
19:01:31.0878 5252 BCM42RLY - ok
19:01:31.0972 5252 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:01:31.0972 5252 BCM43XX - ok
19:01:32.0065 5252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:01:32.0065 5252 Beep - ok
19:01:32.0128 5252 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:01:32.0128 5252 BFE - ok
19:01:32.0253 5252 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:01:32.0253 5252 BITS - ok
19:01:32.0315 5252 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:01:32.0315 5252 blbdrive - ok
19:01:32.0393 5252 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
19:01:32.0409 5252 Bonjour Service - ok
19:01:32.0502 5252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:01:32.0502 5252 bowser - ok
19:01:32.0565 5252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:01:32.0565 5252 BrFiltLo - ok
19:01:32.0596 5252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:01:32.0596 5252 BrFiltUp - ok
19:01:32.0627 5252 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:01:32.0627 5252 Browser - ok
19:01:32.0767 5252 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
19:01:32.0767 5252 Browser Defender Update Service - ok
19:01:32.0877 5252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:01:32.0877 5252 Brserid - ok
19:01:32.0923 5252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:01:32.0923 5252 BrSerWdm - ok
19:01:32.0939 5252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:01:32.0939 5252 BrUsbMdm - ok
19:01:32.0955 5252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:01:32.0955 5252 BrUsbSer - ok
19:01:32.0986 5252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:01:32.0986 5252 BTHMODEM - ok
19:01:33.0079 5252 catchme - ok
19:01:33.0189 5252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:01:33.0189 5252 cdfs - ok
19:01:33.0251 5252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:01:33.0251 5252 cdrom - ok
19:01:33.0313 5252 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:01:33.0313 5252 CertPropSvc - ok
19:01:33.0376 5252 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:01:33.0376 5252 circlass - ok
19:01:33.0423 5252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:01:33.0423 5252 CLFS - ok
19:01:33.0501 5252 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:01:33.0501 5252 clr_optimization_v2.0.50727_32 - ok
19:01:33.0563 5252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:01:33.0563 5252 clr_optimization_v4.0.30319_32 - ok
19:01:33.0641 5252 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:01:33.0641 5252 CmBatt - ok
19:01:33.0688 5252 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:01:33.0688 5252 cmdide - ok
19:01:33.0719 5252 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:01:33.0719 5252 Compbatt - ok
19:01:33.0719 5252 COMSysApp - ok
19:01:33.0735 5252 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:01:33.0735 5252 crcdisk - ok
19:01:33.0766 5252 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:01:33.0766 5252 Crusoe - ok
19:01:33.0844 5252 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:01:33.0844 5252 CryptSvc - ok
19:01:33.0937 5252 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:01:33.0937 5252 DcomLaunch - ok
19:01:33.0984 5252 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:01:34.0000 5252 DfsC - ok
19:01:34.0078 5252 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:01:34.0078 5252 Dhcp - ok
19:01:34.0125 5252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:01:34.0125 5252 disk - ok
19:01:34.0171 5252 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:01:34.0187 5252 Dnscache - ok
19:01:34.0249 5252 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:01:34.0249 5252 dot3svc - ok
19:01:34.0296 5252 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:01:34.0296 5252 DPS - ok
19:01:34.0374 5252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:01:34.0374 5252 drmkaud - ok
19:01:34.0421 5252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:01:34.0421 5252 DXGKrnl - ok
19:01:34.0483 5252 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:01:34.0483 5252 e1express - ok
19:01:34.0499 5252 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:01:34.0499 5252 E1G60 - ok
19:01:34.0561 5252 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:01:34.0561 5252 EapHost - ok
19:01:34.0655 5252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:01:34.0655 5252 Ecache - ok
19:01:34.0702 5252 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
19:01:34.0702 5252 elagopro - ok
19:01:34.0749 5252 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
19:01:34.0749 5252 elaunidr - ok
19:01:34.0795 5252 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:01:34.0811 5252 elxstor - ok
19:01:34.0889 5252 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:01:34.0889 5252 EMDMgmt - ok
19:01:34.0920 5252 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:01:34.0920 5252 ErrDev - ok
19:01:34.0998 5252 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:01:34.0998 5252 EventSystem - ok
19:01:35.0045 5252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:01:35.0061 5252 exfat - ok
19:01:35.0107 5252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:01:35.0107 5252 fastfat - ok
19:01:35.0154 5252 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:01:35.0154 5252 fdc - ok
19:01:35.0201 5252 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:01:35.0201 5252 fdPHost - ok
19:01:35.0217 5252 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:01:35.0232 5252 FDResPub - ok
19:01:35.0279 5252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:01:35.0279 5252 FileInfo - ok
19:01:35.0310 5252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:01:35.0310 5252 Filetrace - ok
19:01:35.0341 5252 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:01:35.0341 5252 flpydisk - ok
19:01:35.0388 5252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:01:35.0404 5252 FltMgr - ok
19:01:35.0513 5252 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:01:35.0544 5252 FontCache - ok
19:01:35.0638 5252 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:01:35.0638 5252 FontCache3.0.0.0 - ok
19:01:35.0716 5252 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:01:35.0716 5252 Fs_Rec - ok
19:01:35.0747 5252 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:01:35.0747 5252 gagp30kx - ok
19:01:35.0794 5252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:01:35.0794 5252 GEARAspiWDM - ok
19:01:35.0872 5252 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:01:35.0872 5252 GoToAssist - ok
19:01:35.0981 5252 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:01:35.0981 5252 gpsvc - ok
19:01:36.0075 5252 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:01:36.0075 5252 gupdate - ok
19:01:36.0090 5252 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:01:36.0090 5252 gupdatem - ok
19:01:36.0199 5252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:01:36.0199 5252 HDAudBus - ok
19:01:36.0262 5252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:01:36.0262 5252 HidBth - ok
19:01:36.0277 5252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:01:36.0277 5252 HidIr - ok
19:01:36.0324 5252 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:01:36.0340 5252 hidserv - ok
19:01:36.0387 5252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:01:36.0387 5252 HidUsb - ok
19:01:36.0402 5252 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:01:36.0418 5252 hkmsvc - ok
19:01:36.0496 5252 hnmsvc (26018afa49f03032ccd3c26eaa384a4c) c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
19:01:36.0511 5252 hnmsvc - ok
19:01:36.0621 5252 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:01:36.0621 5252 HpCISSs - ok
19:01:36.0699 5252 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:01:36.0699 5252 hpqcxs08 - ok
19:01:36.0808 5252 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
19:01:36.0823 5252 HTTP - ok
19:01:36.0870 5252 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:01:36.0870 5252 i2omp - ok
19:01:36.0917 5252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:01:36.0917 5252 i8042prt - ok
19:01:36.0995 5252 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:01:36.0995 5252 IAANTMON - ok
19:01:37.0104 5252 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
19:01:37.0120 5252 iaStor - ok
19:01:37.0167 5252 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:01:37.0167 5252 iaStorV - ok
19:01:37.0260 5252 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:01:37.0291 5252 idsvc - ok
19:01:37.0510 5252 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:01:37.0557 5252 igfx - ok
19:01:37.0619 5252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:01:37.0619 5252 iirsp - ok
19:01:37.0697 5252 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:01:37.0697 5252 IKEEXT - ok
19:01:37.0744 5252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:01:37.0744 5252 intelide - ok
19:01:37.0775 5252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:01:37.0775 5252 intelppm - ok
19:01:37.0791 5252 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:01:37.0806 5252 IPBusEnum - ok
19:01:37.0837 5252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:01:37.0837 5252 IpFilterDriver - ok
19:01:37.0884 5252 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:01:37.0884 5252 iphlpsvc - ok
19:01:37.0900 5252 IpInIp - ok
19:01:37.0931 5252 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:01:37.0947 5252 IPMIDRV - ok
19:01:37.0962 5252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:01:37.0962 5252 IPNAT - ok
19:01:38.0040 5252 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
19:01:38.0056 5252 iPod Service - ok
19:01:38.0181 5252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:01:38.0181 5252 IRENUM - ok
19:01:38.0227 5252 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:01:38.0227 5252 isapnp - ok
19:01:38.0290 5252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:01:38.0290 5252 iScsiPrt - ok
19:01:38.0321 5252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:01:38.0321 5252 iteatapi - ok
19:01:38.0383 5252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:01:38.0383 5252 iteraid - ok
19:01:38.0399 5252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:01:38.0399 5252 kbdclass - ok
19:01:38.0446 5252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:01:38.0446 5252 kbdhid - ok
19:01:38.0493 5252 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:01:38.0508 5252 KeyIso - ok
19:01:38.0555 5252 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:01:38.0571 5252 KSecDD - ok
19:01:38.0617 5252 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:01:38.0633 5252 KtmRm - ok
19:01:38.0664 5252 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:01:38.0680 5252 LanmanServer - ok
19:01:38.0727 5252 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:01:38.0727 5252 LanmanWorkstation - ok
19:01:38.0820 5252 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
19:01:38.0836 5252 LBTServ - ok
19:01:38.0945 5252 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:01:38.0945 5252 LHidFilt - ok
19:01:39.0007 5252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:01:39.0007 5252 lltdio - ok
19:01:39.0039 5252 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:01:39.0039 5252 lltdsvc - ok
19:01:39.0070 5252 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:01:39.0070 5252 lmhosts - ok
19:01:39.0148 5252 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:01:39.0148 5252 LMouFilt - ok
19:01:39.0195 5252 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:01:39.0195 5252 LSI_FC - ok
19:01:39.0241 5252 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:01:39.0241 5252 LSI_SAS - ok
19:01:39.0273 5252 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:01:39.0273 5252 LSI_SCSI - ok
19:01:39.0319 5252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:01:39.0319 5252 luafv - ok
19:01:39.0366 5252 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:01:39.0366 5252 megasas - ok
19:01:39.0397 5252 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:01:39.0413 5252 MegaSR - ok
19:01:39.0444 5252 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
19:01:39.0444 5252 mferkdk - ok
19:01:39.0475 5252 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
19:01:39.0491 5252 mfesmfk - ok
19:01:39.0522 5252 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:01:39.0522 5252 MMCSS - ok
19:01:39.0553 5252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:01:39.0553 5252 Modem - ok
19:01:39.0600 5252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:01:39.0600 5252 monitor - ok
19:01:39.0616 5252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:01:39.0616 5252 mouclass - ok
19:01:39.0647 5252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:01:39.0647 5252 mouhid - ok
19:01:39.0663 5252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:01:39.0663 5252 MountMgr - ok
19:01:39.0725 5252 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:01:39.0725 5252 mpio - ok
19:01:39.0756 5252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:01:39.0756 5252 mpsdrv - ok
19:01:39.0819 5252 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:01:39.0819 5252 MpsSvc - ok
19:01:39.0865 5252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:01:39.0865 5252 Mraid35x - ok
19:01:39.0928 5252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:01:39.0928 5252 MRxDAV - ok
19:01:39.0975 5252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:01:39.0975 5252 mrxsmb - ok
19:01:40.0037 5252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:01:40.0037 5252 mrxsmb10 - ok
19:01:40.0068 5252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:01:40.0068 5252 mrxsmb20 - ok
19:01:40.0099 5252 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:01:40.0099 5252 msahci - ok
19:01:40.0115 5252 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:01:40.0115 5252 msdsm - ok
19:01:40.0162 5252 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:01:40.0162 5252 MSDTC - ok
19:01:40.0193 5252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:01:40.0209 5252 Msfs - ok
19:01:40.0240 5252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:01:40.0240 5252 msisadrv - ok
19:01:40.0271 5252 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:01:40.0271 5252 MSiSCSI - ok
19:01:40.0287 5252 msiserver - ok
19:01:40.0333 5252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:01:40.0333 5252 MSKSSRV - ok
19:01:40.0380 5252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:01:40.0380 5252 MSPCLOCK - ok
19:01:40.0427 5252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:01:40.0427 5252 MSPQM - ok
19:01:40.0489 5252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:01:40.0489 5252 MsRPC - ok
19:01:40.0536 5252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:01:40.0536 5252 mssmbios - ok
19:01:40.0552 5252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:01:40.0552 5252 MSTEE - ok
19:01:40.0583 5252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:01:40.0599 5252 Mup - ok
19:01:40.0645 5252 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:01:40.0661 5252 napagent - ok
19:01:40.0708 5252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:01:40.0708 5252 NativeWifiP - ok
19:01:40.0786 5252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:01:40.0786 5252 NDIS - ok
19:01:40.0848 5252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:01:40.0848 5252 NdisTapi - ok
19:01:40.0864 5252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:01:40.0864 5252 Ndisuio - ok
19:01:40.0879 5252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:01:40.0879 5252 NdisWan - ok
19:01:40.0911 5252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:01:40.0911 5252 NDProxy - ok
19:01:40.0926 5252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:01:40.0926 5252 NetBIOS - ok
19:01:40.0973 5252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:01:40.0973 5252 netbt - ok
19:01:41.0020 5252 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:01:41.0020 5252 Netlogon - ok
19:01:41.0082 5252 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:01:41.0098 5252 Netman - ok
19:01:41.0160 5252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:01:41.0160 5252 NetMsmqActivator - ok
19:01:41.0176 5252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:01:41.0176 5252 NetPipeActivator - ok
19:01:41.0207 5252 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:01:41.0223 5252 netprofm - ok
19:01:41.0223 5252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:01:41.0223 5252 NetTcpActivator - ok
19:01:41.0238 5252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:01:41.0238 5252 NetTcpPortSharing - ok
19:01:41.0316 5252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:01:41.0316 5252 nfrd960 - ok
19:01:41.0363 5252 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:01:41.0379 5252 NlaSvc - ok
19:01:41.0425 5252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:01:41.0425 5252 Npfs - ok
19:01:41.0472 5252 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:01:41.0472 5252 nsi - ok
19:01:41.0503 5252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:01:41.0503 5252 nsiproxy - ok
19:01:41.0597 5252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:01:41.0628 5252 Ntfs - ok
19:01:41.0659 5252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:01:41.0659 5252 ntrigdigi - ok
19:01:41.0722 5252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:01:41.0722 5252 Null - ok
19:01:41.0753 5252 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:01:41.0753 5252 nvraid - ok
19:01:41.0800 5252 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:01:41.0800 5252 nvstor - ok
19:01:41.0862 5252 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:01:41.0862 5252 nv_agp - ok
19:01:41.0878 5252 NwlnkFlt - ok
19:01:41.0893 5252 NwlnkFwd - ok
19:01:42.0003 5252 OA009Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys
19:01:42.0003 5252 OA009Ufd - ok
19:01:42.0049 5252 OA009Vid (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys
19:01:42.0065 5252 OA009Vid - ok
19:01:42.0174 5252 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:01:42.0190 5252 odserv - ok
19:01:42.0330 5252 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:01:42.0330 5252 ohci1394 - ok
19:01:42.0455 5252 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:01:42.0455 5252 ose - ok
19:01:42.0533 5252 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:01:42.0564 5252 p2pimsvc - ok
19:01:42.0580 5252 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:01:42.0580 5252 p2psvc - ok
19:01:42.0642 5252 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
19:01:42.0642 5252 Packet - ok
19:01:42.0689 5252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:01:42.0689 5252 Parport - ok
19:01:42.0751 5252 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:01:42.0751 5252 partmgr - ok
19:01:42.0798 5252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:01:42.0798 5252 Parvdm - ok
19:01:42.0829 5252 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:01:42.0845 5252 PcaSvc - ok
19:01:42.0892 5252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:01:42.0892 5252 pci - ok
19:01:42.0923 5252 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:01:42.0923 5252 pciide - ok
19:01:42.0954 5252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:01:42.0954 5252 pcmcia - ok
19:01:43.0017 5252 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
19:01:43.0017 5252 PCTCore - ok
19:01:43.0063 5252 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
19:01:43.0079 5252 pctDS - ok
19:01:43.0126 5252 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
19:01:43.0126 5252 pctEFA - ok
19:01:43.0188 5252 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\Windows\System32\drivers\pctgntdi.sys
19:01:43.0188 5252 pctgntdi - ok
19:01:43.0219 5252 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\Windows\System32\drivers\pctplsg.sys
19:01:43.0219 5252 pctplsg - ok
19:01:43.0251 5252 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
19:01:43.0251 5252 PCTSD - ok
19:01:43.0329 5252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:01:43.0360 5252 PEAUTH - ok
19:01:43.0469 5252 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:01:43.0516 5252 pla - ok
19:01:43.0594 5252 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:01:43.0609 5252 PlugPlay - ok
19:01:43.0656 5252 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:01:43.0672 5252 PNRPAutoReg - ok
19:01:43.0734 5252 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:01:43.0734 5252 PNRPsvc - ok
19:01:43.0797 5252 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:01:43.0812 5252 PolicyAgent - ok
19:01:43.0859 5252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:01:43.0859 5252 PptpMiniport - ok
19:01:43.0890 5252 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:01:43.0890 5252 Processor - ok
19:01:43.0953 5252 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:01:43.0953 5252 ProfSvc - ok
19:01:43.0999 5252 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:01:43.0999 5252 ProtectedStorage - ok
19:01:44.0062 5252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:01:44.0062 5252 PSched - ok
19:01:44.0109 5252 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:01:44.0109 5252 PxHelp20 - ok
19:01:44.0187 5252 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:01:44.0218 5252 ql2300 - ok
19:01:44.0265 5252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:01:44.0265 5252 ql40xx - ok
19:01:44.0311 5252 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:01:44.0311 5252 QWAVE - ok
19:01:44.0343 5252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:01:44.0343 5252 QWAVEdrv - ok
19:01:44.0436 5252 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:01:44.0452 5252 R300 - ok
19:01:44.0499 5252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:01:44.0499 5252 RasAcd - ok
19:01:44.0514 5252 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:01:44.0514 5252 RasAuto - ok
19:01:44.0545 5252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:01:44.0545 5252 Rasl2tp - ok
19:01:44.0623 5252 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:01:44.0623 5252 RasMan - ok
19:01:44.0655 5252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:01:44.0655 5252 RasPppoe - ok
19:01:44.0686 5252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:01:44.0686 5252 RasSstp - ok
19:01:44.0748 5252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:01:44.0748 5252 rdbss - ok
19:01:44.0779 5252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:01:44.0779 5252 RDPCDD - ok
19:01:44.0811 5252 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:01:44.0811 5252 rdpdr - ok
19:01:44.0826 5252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:01:44.0826 5252 RDPENCDD - ok
19:01:44.0889 5252 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:01:44.0889 5252 RDPWD - ok
19:01:44.0951 5252 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:01:44.0951 5252 RemoteAccess - ok
19:01:44.0998 5252 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:01:44.0998 5252 RemoteRegistry - ok
19:01:45.0029 5252 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:01:45.0029 5252 RpcLocator - ok
19:01:45.0091 5252 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:01:45.0107 5252 RpcSs - ok
19:01:45.0169 5252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:01:45.0169 5252 rspndr - ok
19:01:45.0201 5252 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
19:01:45.0201 5252 RTSTOR - ok
19:01:45.0263 5252 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:01:45.0263 5252 SamSs - ok
19:01:45.0294 5252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:01:45.0294 5252 sbp2port - ok
19:01:45.0372 5252 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:01:45.0372 5252 SCardSvr - ok
19:01:45.0435 5252 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:01:45.0435 5252 Schedule - ok
19:01:45.0497 5252 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:01:45.0497 5252 SCPolicySvc - ok
19:01:45.0591 5252 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe
19:01:45.0591 5252 sdAuxService - ok
19:01:45.0669 5252 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe
19:01:45.0684 5252 sdCoreService - ok
19:01:45.0715 5252 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:01:45.0715 5252 SDRSVC - ok
19:01:45.0762 5252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:01:45.0762 5252 secdrv - ok
19:01:45.0793 5252 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:01:45.0793 5252 seclogon - ok
19:01:45.0809 5252 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:01:45.0809 5252 SENS - ok
19:01:45.0840 5252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:01:45.0840 5252 Serenum - ok
19:01:45.0856 5252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:01:45.0856 5252 Serial - ok
19:01:45.0887 5252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:01:45.0887 5252 sermouse - ok
19:01:45.0918 5252 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:01:45.0918 5252 SessionEnv - ok
19:01:45.0949 5252 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:01:45.0949 5252 sffdisk - ok
19:01:45.0981 5252 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:01:45.0981 5252 sffp_mmc - ok
19:01:45.0996 5252 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:01:45.0996 5252 sffp_sd - ok
19:01:46.0027 5252 sfloppy (46ed8e91793b2e6f848015445a0ac188)

 

[Nyssa]

C:\Windows\system32\drivers\sfloppy.sys
19:01:46.0027 5252 sfloppy - ok
19:01:46.0059 5252 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:01:46.0074 5252 SharedAccess - ok
19:01:46.0121 5252 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:01:46.0121 5252 ShellHWDetection - ok
19:01:46.0152 5252 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:01:46.0152 5252 sisagp - ok
19:01:46.0168 5252 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:01:46.0168 5252 SiSRaid2 - ok
19:01:46.0199 5252 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:01:46.0199 5252 SiSRaid4 - ok
19:01:46.0339 5252 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:01:46.0371 5252 slsvc - ok
19:01:46.0402 5252 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:01:46.0402 5252 SLUINotify - ok
19:01:46.0433 5252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:01:46.0433 5252 Smb - ok
19:01:46.0464 5252 SMR250 - ok
19:01:46.0511 5252 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:01:46.0511 5252 SNMPTRAP - ok
19:01:46.0558 5252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:01:46.0558 5252 spldr - ok
19:01:46.0620 5252 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:01:46.0620 5252 Spooler - ok
19:01:46.0698 5252 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
19:01:46.0698 5252 sprtsvc_DellSupportCenter - ok
19:01:46.0745 5252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:01:46.0745 5252 srv - ok
19:01:46.0792 5252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:01:46.0807 5252 srv2 - ok
19:01:46.0839 5252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:01:46.0839 5252 srvnet - ok
19:01:46.0885 5252 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:01:46.0885 5252 SSDPSRV - ok
19:01:46.0932 5252 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:01:46.0932 5252 SstpSvc - ok
19:01:47.0010 5252 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
19:01:47.0010 5252 STacSV - ok
19:01:47.0088 5252 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
19:01:47.0088 5252 STHDA - ok
19:01:47.0151 5252 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:01:47.0166 5252 stisvc - ok
19:01:47.0229 5252 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:01:47.0229 5252 stllssvr - ok
19:01:47.0291 5252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:01:47.0291 5252 swenum - ok
19:01:47.0322 5252 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:01:47.0338 5252 swprv - ok
19:01:47.0369 5252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:01:47.0369 5252 Symc8xx - ok
19:01:47.0416 5252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:01:47.0416 5252 Sym_hi - ok
19:01:47.0447 5252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:01:47.0447 5252 Sym_u3 - ok
19:01:47.0478 5252 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:01:47.0509 5252 SysMain - ok
19:01:47.0541 5252 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:01:47.0541 5252 TabletInputService - ok
19:01:47.0603 5252 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:01:47.0619 5252 TapiSrv - ok
19:01:47.0634 5252 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:01:47.0650 5252 TBS - ok
19:01:47.0743 5252 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:01:47.0759 5252 Tcpip - ok
19:01:47.0806 5252 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:01:47.0806 5252 Tcpip6 - ok
19:01:47.0853 5252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:01:47.0853 5252 tcpipreg - ok
19:01:47.0899 5252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:01:47.0899 5252 TDPIPE - ok
19:01:47.0915 5252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:01:47.0915 5252 TDTCP - ok
19:01:47.0946 5252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:01:47.0946 5252 tdx - ok
19:01:47.0993 5252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:01:47.0993 5252 TermDD - ok
19:01:48.0024 5252 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:01:48.0040 5252 TermService - ok
19:01:48.0071 5252 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
19:01:48.0071 5252 TfFsMon - ok
19:01:48.0102 5252 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
19:01:48.0102 5252 TfNetMon - ok
19:01:48.0133 5252 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
19:01:48.0149 5252 TFSysMon - ok
19:01:48.0180 5252 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:01:48.0196 5252 Themes - ok
19:01:48.0243 5252 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:01:48.0243 5252 THREADORDER - ok
19:01:48.0336 5252 ThreatFire - ok
19:01:48.0430 5252 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:01:48.0445 5252 TrkWks - ok
19:01:48.0492 5252 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:01:48.0492 5252 TrustedInstaller - ok
19:01:48.0555 5252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:01:48.0555 5252 tssecsrv - ok
19:01:48.0601 5252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:01:48.0601 5252 tunmp - ok
19:01:48.0648 5252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:01:48.0648 5252 tunnel - ok
19:01:48.0679 5252 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:01:48.0679 5252 uagp35 - ok
19:01:48.0742 5252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:01:48.0742 5252 udfs - ok
19:01:48.0804 5252 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:01:48.0804 5252 UI0Detect - ok
19:01:48.0835 5252 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:01:48.0835 5252 uliagpkx - ok
19:01:48.0851 5252 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:01:48.0867 5252 uliahci - ok
19:01:48.0898 5252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:01:48.0898 5252 UlSata - ok
19:01:48.0929 5252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:01:48.0929 5252 ulsata2 - ok
19:01:48.0945 5252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:01:48.0945 5252 umbus - ok
19:01:48.0976 5252 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:01:48.0976 5252 upnphost - ok
19:01:49.0023 5252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:01:49.0023 5252 USBAAPL - ok
19:01:49.0085 5252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:01:49.0085 5252 usbccgp - ok
19:01:49.0132 5252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:01:49.0132 5252 usbcir - ok
19:01:49.0179 5252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:01:49.0179 5252 usbehci - ok
19:01:49.0225 5252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:01:49.0225 5252 usbhub - ok
19:01:49.0257 5252 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:01:49.0257 5252 usbohci - ok
19:01:49.0288 5252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:01:49.0288 5252 usbprint - ok
19:01:49.0319 5252 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:01:49.0319 5252 usbscan - ok
19:01:49.0350 5252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:01:49.0350 5252 USBSTOR - ok
19:01:49.0397 5252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:01:49.0397 5252 usbuhci - ok
19:01:49.0444 5252 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:01:49.0444 5252 UxSms - ok
19:01:49.0491 5252 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:01:49.0506 5252 vds - ok
19:01:49.0553 5252 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:01:49.0553 5252 vga - ok
19:01:49.0584 5252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:01:49.0584 5252 VgaSave - ok
19:01:49.0631 5252 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:01:49.0631 5252 viaagp - ok
19:01:49.0662 5252 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:01:49.0662 5252 ViaC7 - ok
19:01:49.0678 5252 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:01:49.0678 5252 viaide - ok
19:01:49.0693 5252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:01:49.0693 5252 volmgr - ok
19:01:49.0740 5252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:01:49.0756 5252 volmgrx - ok
19:01:49.0787 5252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:01:49.0787 5252 volsnap - ok
19:01:49.0834 5252 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:01:49.0834 5252 vsmraid - ok
19:01:49.0881 5252 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:01:49.0912 5252 VSS - ok
19:01:49.0943 5252 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:01:49.0959 5252 W32Time - ok
19:01:49.0974 5252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:01:49.0974 5252 WacomPen - ok
19:01:50.0005 5252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:01:50.0005 5252 Wanarp - ok
19:01:50.0021 5252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:01:50.0021 5252 Wanarpv6 - ok
19:01:50.0083 5252 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:01:50.0099 5252 wcncsvc - ok
19:01:50.0146 5252 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:01:50.0146 5252 WcsPlugInService - ok
19:01:50.0161 5252 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:01:50.0161 5252 Wd - ok
19:01:50.0208 5252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:01:50.0208 5252 Wdf01000 - ok
19:01:50.0239 5252 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:01:50.0239 5252 WdiServiceHost - ok
19:01:50.0255 5252 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:01:50.0255 5252 WdiSystemHost - ok
19:01:50.0317 5252 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:01:50.0333 5252 WebClient - ok
19:01:50.0380 5252 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:01:50.0380 5252 Wecsvc - ok
19:01:50.0411 5252 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:01:50.0411 5252 wercplsupport - ok
19:01:50.0473 5252 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:01:50.0473 5252 WerSvc - ok
19:01:50.0536 5252 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:01:50.0551 5252 WinDefend - ok
19:01:50.0551 5252 WinHttpAutoProxySvc - ok
19:01:50.0629 5252 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:01:50.0629 5252 Winmgmt - ok
19:01:50.0707 5252 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:01:50.0754 5252 WinRM - ok
19:01:50.0832 5252 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:01:50.0863 5252 Wlansvc - ok
19:01:50.0863 5252 wltrysvc - ok
19:01:50.0910 5252 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:01:50.0910 5252 WmiAcpi - ok
19:01:50.0973 5252 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:01:50.0973 5252 wmiApSrv - ok
19:01:51.0051 5252 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:01:51.0082 5252 WMPNetworkSvc - ok
19:01:51.0144 5252 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:01:51.0160 5252 WPCSvc - ok
19:01:51.0222 5252 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:01:51.0222 5252 WPDBusEnum - ok
19:01:51.0316 5252 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:01:51.0316 5252 WPFFontCache_v0400 - ok
19:01:51.0347 5252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:01:51.0347 5252 ws2ifsl - ok
19:01:51.0394 5252 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:01:51.0394 5252 wscsvc - ok
19:01:51.0409 5252 WSearch - ok
19:01:51.0503 5252 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:01:51.0550 5252 wuauserv - ok
19:01:51.0597 5252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:51.0597 5252 WUDFRd - ok
19:01:51.0659 5252 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:01:51.0659 5252 wudfsvc - ok
19:01:51.0690 5252 yksvc - ok
19:01:51.0721 5252 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
19:01:51.0721 5252 yukonwlh - ok
19:01:51.0753 5252 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:01:51.0815 5252 \Device\Harddisk0\DR0 - ok
19:01:51.0846 5252 Boot (0x1200) (6cd61c58db72a28acdc82de03a11535a) \Device\Harddisk0\DR0\Partition0
19:01:51.0846 5252 \Device\Harddisk0\DR0\Partition0 - ok
19:01:51.0846 5252 Boot (0x1200) (f29b660963f909000cc3f74603de4374) \Device\Harddisk0\DR0\Partition1
19:01:51.0846 5252 \Device\Harddisk0\DR0\Partition1 - ok
19:01:51.0846 5252 ============================================================
19:01:51.0846 5252 Scan finished
19:01:51.0846 5252 ============================================================
19:01:51.0862 1672 Detected object count: 0
19:01:51.0862 1672 Actual detected object count: 0
19:06:04.0179 6036 Deinitialize success

___________________________________________________-
There appears to be no re-direction in IE.
Others things to check before using the computer normally?
I'd like to re-install Firefox at some point.
But, first things first.

 

[Broni]

Very well

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Nyssa]

OTL logfile created on: 4/1/2012 8:00:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nyssa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 55.92% Memory free
7.10 Gb Paging File | 5.39 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): c:\pagefile.sys 3843 5314 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 155.26 Gb Free Space | 54.79% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.66 Gb Free Space | 59.11% Space Free | Partition Type: NTFS

Computer Name: DANA-PC | User Name: Nyssa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/01 19:58:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe
PRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/14 09:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2008/12/14 23:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/01/20 21:33:00 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/29 09:26:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/03/29 09:25:52 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/03/29 09:21:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/03/29 09:20:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2008/12/22 05:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/06/05 11:02:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR250.SYS -- (SMR250)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Nyssa\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Nyssa\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/03/19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/12/22 05:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/14 23:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dana\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/27 21:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/30 10:01:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/03 23:09:32 | 000,000,000 | ---D | M]

[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/07/29 15:06:35 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2012/04/01 16:57:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Users\Dana2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8448DD7B-5738-4FFD-9967-31BEC9ED3C03}: DhcpNameServer = 68.87.72.134 68.87.77.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E2053B-368F-4C64-B78E-A695F28B6D08}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 19:58:55 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe
[2012/04/01 19:07:12 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/04/01 19:01:01 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Desktop\tsdkiller
[2012/04/01 17:00:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/01 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\temp
[2012/04/01 16:57:34 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\CrashDumps
[2012/04/01 16:42:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/01 16:42:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/01 16:42:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/01 16:42:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/01 16:42:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/01 16:42:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 16:39:38 | 004,453,008 | R--- | C] (Swearware) -- C:\Users\Nyssa\Desktop\ComboFix.exe
[2012/04/01 11:47:16 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Desktop\Bootkit
[2012/04/01 11:15:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nyssa\Desktop\aswMBR.exe
[2012/03/29 21:29:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nyssa\Desktop\dds.scr
[2012/03/29 20:29:51 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Malwarebytes
[2012/03/29 18:23:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/03/29 18:23:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/29 18:23:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/03/29 18:23:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/29 18:23:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/29 18:23:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/03/29 18:23:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/29 18:23:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/03/29 18:23:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/29 18:23:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/03/29 18:23:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/03/29 18:23:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/03/29 18:23:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/29 18:23:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/29 18:23:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/03/29 18:23:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/29 18:23:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/29 18:23:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/29 18:22:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/29 18:22:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/03/29 18:22:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/29 18:22:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/03/29 18:22:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/03/29 18:22:56 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/29 18:22:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/29 18:22:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/29 18:22:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/03/29 18:22:54 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/29 18:22:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/03/29 18:22:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/03/29 18:22:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/03/29 18:22:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/29 18:22:53 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/03/29 18:22:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/03/29 18:22:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/03/29 18:22:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/29 18:22:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/29 17:50:43 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/29 17:50:43 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/29 17:50:42 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/29 17:50:42 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/29 17:50:42 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/29 17:50:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/03/29 09:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/03/29 09:03:50 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/03/29 09:03:49 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/03/29 09:03:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/03/29 09:01:04 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/03/29 09:01:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/03/29 09:01:01 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/03/29 09:01:01 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/03/29 09:01:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/03/29 09:01:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/03/29 08:59:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/03/29 08:59:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/03/29 08:59:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/03/29 08:59:13 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/03/29 08:59:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/03/29 08:59:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/03/29 08:59:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/03/29 08:59:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/03/29 08:59:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/03/29 08:06:01 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/29 08:05:53 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/03/29 08:05:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/03/29 08:05:51 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/03/29 08:05:50 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/03/29 08:05:50 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/03/29 08:05:49 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/03/29 08:04:58 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/03/29 08:04:57 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/03/29 08:04:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/03/29 08:04:51 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/03/29 08:04:50 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/03/29 08:04:50 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/03/29 08:04:49 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/03/29 08:04:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/03/29 08:04:48 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/03/29 08:04:47 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/03/29 08:04:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/03/29 08:04:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/03/29 08:01:23 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/03/29 08:01:22 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/03/29 08:01:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/03/29 08:01:12 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/03/29 08:00:40 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/03/29 08:00:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/03/29 08:00:14 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/29 07:59:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/03/29 07:59:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/03/29 07:59:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/03/29 07:59:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/03/29 07:59:39 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/03/29 07:59:36 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/03/29 07:59:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/03/29 07:58:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/03/29 07:58:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/03/29 07:58:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/03/29 07:57:50 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/03/29 01:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/03/29 01:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/03/29 01:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/03/29 00:54:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/03/29 00:32:49 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2012/03/29 00:32:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2012/03/29 00:31:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012/03/29 00:31:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/03/29 00:31:32 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2012/03/29 00:31:31 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012/03/29 00:31:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012/03/29 00:31:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/03/29 00:31:30 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2012/03/29 00:31:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2012/03/29 00:31:25 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012/03/29 00:31:25 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2012/03/29 00:31:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2012/03/29 00:31:24 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012/03/29 00:31:24 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012/03/29 00:31:24 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2012/03/29 00:31:24 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2012/03/29 00:31:24 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2012/03/29 00:31:24 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2012/03/29 00:31:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2012/03/29 00:31:24 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012/03/29 00:31:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2012/03/29 00:31:21 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2012/03/29 00:31:21 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/03/29 00:31:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012/03/29 00:31:20 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2012/03/29 00:31:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012/03/29 00:31:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2012/03/29 00:31:19 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2012/03/29 00:31:19 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2012/03/29 00:31:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2012/03/29 00:31:18 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2012/03/29 00:31:18 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/03/29 00:31:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012/03/29 00:31:17 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2012/03/29 00:31:17 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/03/29 00:31:17 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2012/03/29 00:31:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012/03/29 00:31:16 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2012/03/29 00:31:16 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2012/03/29 00:31:16 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2012/03/29 00:31:16 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2012/03/29 00:31:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2012/03/29 00:31:15 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012/03/29 00:31:15 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012/03/29 00:31:15 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2012/03/29 00:31:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2012/03/29 00:31:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2012/03/29 00:31:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2012/03/29 00:31:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2012/03/29 00:31:13 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2012/03/29 00:31:13 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2012/03/29 00:31:13 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/03/29 00:31:12 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/03/29 00:31:11 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2012/03/29 00:31:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2012/03/29 00:31:10 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2012/03/29 00:31:04 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012/03/29 00:30:51 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012/03/29 00:30:51 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012/03/29 00:30:50 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2012/03/29 00:30:50 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012/03/29 00:30:50 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2012/03/29 00:30:50 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012/03/29 00:30:50 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2012/03/29 00:30:49 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/29 00:30:49 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012/03/29 00:30:49 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/03/29 00:30:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2012/03/29 00:30:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/03/29 00:30:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2012/03/29 00:30:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2012/03/29 00:30:44 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012/03/29 00:30:44 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012/03/29 00:30:44 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/03/29 00:30:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012/03/29 00:30:44 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2012/03/29 00:30:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/03/29 00:30:43 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2012/03/29 00:30:42 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2012/03/29 00:30:42 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2012/03/29 00:30:42 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012/03/29 00:30:42 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012/03/29 00:30:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2012/03/29 00:30:42 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012/03/29 00:30:42 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012/03/29 00:30:41 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2012/03/29 00:30:41 | 000,105,472 | ---- | C] (Microsoft Corporation) --

 

[Nyssa]

C:\Windows\System32\dmsynth.dll
[2012/03/29 00:30:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2012/03/29 00:30:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012/03/29 00:30:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2012/03/29 00:30:40 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012/03/29 00:30:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012/03/29 00:30:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012/03/29 00:30:40 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2012/03/29 00:30:39 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2012/03/29 00:30:39 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2012/03/29 00:30:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2012/03/29 00:30:39 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2012/03/29 00:30:39 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012/03/29 00:30:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012/03/29 00:30:38 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012/03/29 00:30:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2012/03/29 00:30:37 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2012/03/29 00:30:37 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2012/03/29 00:30:37 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2012/03/29 00:30:37 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2012/03/29 00:30:37 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2012/03/29 00:30:37 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2012/03/29 00:30:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2012/03/29 00:30:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2012/03/29 00:30:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012/03/29 00:30:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2012/03/29 00:30:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2012/03/29 00:30:36 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2012/03/29 00:30:36 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/03/29 00:30:36 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/03/29 00:30:36 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012/03/29 00:30:36 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/03/29 00:30:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012/03/29 00:30:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2012/03/29 00:30:35 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012/03/29 00:30:35 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012/03/29 00:30:35 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012/03/29 00:30:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012/03/29 00:30:34 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2012/03/29 00:30:34 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012/03/29 00:30:34 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2012/03/29 00:30:33 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012/03/29 00:30:32 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012/03/29 00:30:32 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012/03/29 00:30:32 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2012/03/29 00:30:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2012/03/29 00:30:30 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2012/03/29 00:30:28 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2012/03/29 00:30:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2012/03/29 00:30:27 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2012/03/29 00:30:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2012/03/29 00:30:27 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2012/03/29 00:30:26 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2012/03/29 00:30:25 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012/03/29 00:30:25 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2012/03/29 00:30:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2012/03/29 00:30:24 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012/03/29 00:30:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2012/03/29 00:30:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2012/03/29 00:30:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2012/03/29 00:30:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2012/03/29 00:30:23 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2012/03/29 00:30:22 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012/03/29 00:30:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2012/03/29 00:30:22 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2012/03/29 00:30:21 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/03/29 00:30:21 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012/03/29 00:30:21 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2012/03/29 00:30:21 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2012/03/29 00:30:20 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/03/29 00:30:20 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2012/03/29 00:30:20 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2012/03/29 00:30:20 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2012/03/29 00:30:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2012/03/29 00:30:19 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2012/03/29 00:30:19 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2012/03/29 00:30:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2012/03/29 00:30:18 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2012/03/29 00:30:17 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/03/29 00:30:17 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2012/03/29 00:30:17 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/03/29 00:30:17 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2012/03/29 00:30:17 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2012/03/29 00:30:17 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012/03/29 00:30:17 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2012/03/29 00:30:14 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012/03/29 00:30:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2012/03/29 00:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2012/03/29 00:30:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2012/03/29 00:30:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012/03/29 00:30:11 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012/03/29 00:30:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2012/03/29 00:30:11 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2012/03/29 00:30:11 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/03/29 00:30:11 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/03/29 00:30:10 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012/03/29 00:30:09 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012/03/29 00:30:09 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/03/29 00:30:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/03/29 00:30:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/03/29 00:30:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2012/03/29 00:30:07 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2012/03/29 00:30:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2012/03/29 00:30:06 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012/03/29 00:30:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/03/29 00:30:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2012/03/29 00:30:05 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2012/03/29 00:30:05 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012/03/29 00:30:05 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2012/03/29 00:30:05 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2012/03/29 00:30:05 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2012/03/29 00:30:05 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2012/03/29 00:30:05 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012/03/29 00:30:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/03/29 00:30:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2012/03/29 00:30:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2012/03/29 00:30:04 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2012/03/29 00:30:04 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2012/03/29 00:30:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2012/03/29 00:30:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2012/03/29 00:30:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2012/03/29 00:30:03 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/03/29 00:30:03 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2012/03/29 00:30:03 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2012/03/29 00:30:03 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2012/03/29 00:30:03 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/03/29 00:30:03 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/03/29 00:30:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2012/03/29 00:30:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2012/03/29 00:30:01 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012/03/29 00:30:00 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2012/03/29 00:29:59 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/03/29 00:29:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2012/03/29 00:29:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2012/03/29 00:29:58 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2012/03/29 00:29:58 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2012/03/29 00:29:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012/03/29 00:29:57 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2012/03/29 00:29:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2012/03/29 00:29:55 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012/03/29 00:29:55 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012/03/29 00:29:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2012/03/29 00:29:54 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2012/03/29 00:29:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2012/03/29 00:29:51 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2012/03/29 00:29:51 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2012/03/29 00:29:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2012/03/29 00:29:51 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2012/03/29 00:29:50 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012/03/29 00:29:50 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2012/03/29 00:29:50 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2012/03/29 00:29:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2012/03/29 00:29:50 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012/03/29 00:29:50 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/03/29 00:29:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2012/03/29 00:29:49 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/03/29 00:29:49 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/03/29 00:29:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2012/03/29 00:29:45 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2012/03/29 00:29:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/03/29 00:29:43 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012/03/29 00:29:43 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2012/03/29 00:29:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2012/03/29 00:29:42 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2012/03/29 00:29:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/03/29 00:29:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2012/03/29 00:29:40 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012/03/29 00:29:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2012/03/29 00:29:36 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2012/03/29 00:29:35 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012/03/29 00:29:35 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/03/29 00:29:35 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2012/03/29 00:29:35 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2012/03/29 00:29:34 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/03/29 00:29:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/03/29 00:29:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012/03/29 00:29:27 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2012/03/29 00:29:25 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012/03/29 00:29:23 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2012/03/29 00:29:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012/03/29 00:29:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012/03/29 00:29:21 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012/03/29 00:29:17 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2012/03/29 00:29:16 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012/03/29 00:29:16 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2012/03/29 00:29:16 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2012/03/29 00:29:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2012/03/29 00:29:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2012/03/29 00:29:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2012/03/29 00:29:15 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012/03/29 00:29:15 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2012/03/29 00:29:15 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2012/03/29 00:29:15 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/03/29 00:29:15 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012/03/29 00:29:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2012/03/29 00:29:14 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2012/03/29 00:29:14 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2012/03/29 00:29:14 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2012/03/29 00:29:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2012/03/29 00:29:13 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2012/03/29 00:29:13 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2012/03/29 00:29:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/03/29 00:29:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012/03/29 00:29:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2012/03/29 00:29:12 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2012/03/29 00:29:12 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2012/03/29 00:29:12 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012/03/29 00:29:12 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2012/03/29 00:29:12 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2012/03/29 00:29:12 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2012/03/29 00:29:11 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012/03/29 00:29:11 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2012/03/29 00:29:11 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012/03/29 00:29:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2012/03/29 00:29:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2012/03/29 00:29:09 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012/03/29 00:29:09 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012/03/29 00:29:09 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012/03/29 00:29:09 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2012/03/29 00:29:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012/03/29 00:29:07 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012/03/29 00:29:07 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/03/29 00:29:07 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/03/29 00:29:06 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/03/29 00:29:06 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/03/29 00:29:05 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012/03/29 00:29:04 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012/03/29 00:29:04 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2012/03/29 00:29:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2012/03/29 00:29:04 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2012/03/29 00:29:03 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/03/29 00:29:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/03/29 00:29:01 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012/03/29 00:29:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012/03/29 00:29:00 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012/03/29 00:29:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012/03/29 00:29:00 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2012/03/29 00:29:00 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2012/03/29 00:29:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2012/03/29 00:28:59 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2012/03/29 00:28:59 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2012/03/29 00:28:59 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2012/03/29 00:28:59 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012/03/29 00:28:59 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2012/03/29 00:28:59 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012/03/29 00:28:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2012/03/29 00:28:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2012/03/29 00:28:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2012/03/29 00:28:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/03/29 00:28:58 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2012/03/29 00:28:58 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012/03/29 00:28:58 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012/03/29 00:28:58 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2012/03/29 00:28:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012/03/29 00:28:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2012/03/29 00:28:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012/03/29 00:28:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2012/03/29 00:28:57 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2012/03/29 00:28:57 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2012/03/29 00:28:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2012/03/29 00:28:56 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012/03/29 00:28:56 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2012/03/29 00:28:56 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2012/03/29 00:28:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012/03/29 00:28:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012/03/29 00:28:55 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012/03/29 00:28:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2012/03/29 00:28:51 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/03/29 00:28:51 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012/03/29 00:28:51 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2012/03/29 00:28:51 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/03/29 00:24:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/03/28 22:34:05 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\Nyssa\Desktop\NPE.exe
[2012/03/28 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\NPE
[2012/03/28 22:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/28 22:05:21 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\PCTools
[2012/03/28 21:32:35 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Macromedia
[2012/03/28 21:32:34 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Adobe
[2012/03/28 21:25:52 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\Stardock_Corporation
[2012/03/28 20:17:25 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Wedding planning
[2012/03/28 20:17:23 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Website Backup
[2012/03/28 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\TomTom
[2012/03/28 20:17:04 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Tims resume
[2012/03/28 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Recipes
[2012/03/28 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Quicken backup
[2012/03/28 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Quicken
[2012/03/28 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\OneNote Notebooks
[2012/03/28 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\My Scans
[2012/03/28 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\My Media
[2012/03/28 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Marketing Scripts
[2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\honeymoon trip
[2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Ebay item desciptions
[2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Dell WebCam Central
[2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Blog - Linky Party
[2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Blog - Artist Features
[2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Art of Murder - The Hunt for the Puppeteer
[2012/03/28 11:44:11 | 000,000,000 | ---D | C] -- C:\6b043e67185721d370cac201
[2012/03/28 11:24:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
[2012/03/27 22:21:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/03/27 22:21:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/03/27 22:21:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/03/27 22:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/03/27 21:56:31 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2012/03/27 21:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/03/27 21:55:49 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/03/27 21:41:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0342.old
[2012/03/27 21:41:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0321.old
[2012/03/27 21:41:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/03/27 21:41:45 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0342.old
[2012/03/27 21:41:45 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/03/27 21:41:45 | 001,996,752 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0321.old
[2012/03/27 21:41:44 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/03/27 19:53:25 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/03/27 19:53:25 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/03/27 19:53:23 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/03/27 19:53:22 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/03/27 19:53:18 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/03/27 19:53:17 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/03/27 19:52:59 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/03/27 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/27 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/03/27 19:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/27 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Mozilla
[2012/03/27 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/04/01 19:58:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe
[2012/04/01 19:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/01 19:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/01 19:10:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 18:59:17 | 002,048,299 | ---- | M] () -- C:\Users\Nyssa\Desktop\tdsskiller.zip
[2012/04/01 16:57:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/01 16:39:38 | 004,453,008 | R--- | M] (Swearware) -- C:\Users\Nyssa\Desktop\ComboFix.exe
[2012/04/01 15:52:19 | 000,000,512 | ---- | M] () -- C:\Users\Nyssa\Desktop\MBR.dat
[2012/04/01 15:30:51 | 002,942,435 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/04/01 15:28:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 15:28:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 15:27:22 | 403,840,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/01 11:45:53 | 000,044,607 | ---- | M] () -- C:\Users\Nyssa\Desktop\bootkit_remover.zip
[2012/04/01 11:15:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nyssa\Desktop\aswMBR.exe
[2012/04/01 11:12:41 | 000,748,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/01 11:12:41 | 000,157,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/29 21:25:20 | 000,302,592 | ---- | M] () -- C:\Users\Nyssa\Desktop\9nejlgc2.exe
[2012/03/29 19:27:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nyssa\Desktop\dds.scr
[2012/03/29 18:36:48 | 000,000,945 | ---- | M] () -- C:\Users\Nyssa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/29 18:23:27 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/03/29 18:23:27 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/03/29 18:23:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/03/29 18:23:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/29 18:23:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/03/29 18:23:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/29 18:23:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/29 18:23:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/03/29 18:23:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/29 18:23:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/03/29 18:23:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/29 18:23:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/03/29 18:23:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/03/29 18:23:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/03/29 18:23:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/29 18:23:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/29 18:23:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/03/29 18:23:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/29 18:23:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/29 18:23:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/03/29 18:23:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/29 18:22:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/29 18:22:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/03/29 18:22:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/29 18:22:57 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/03/29 18:22:57 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/03/29 18:22:56 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/29 18:22:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/29 18:22:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/29 18:22:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/03/29 18:22:54 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/29 18:22:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/03/29 18:22:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/03/29 18:22:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/03/29 18:22:53 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/29 18:22:53 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/03/29 18:22:52 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/03/29 18:22:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/03/29 18:22:52 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/29 18:22:52 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/29 11:00:38 | 000,000,680 | ---- | M] () -- C:\Users\Nyssa\AppData\Local\d3d9caps.dat
[2012/03/29 09:17:15 | 000,273,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 

[Nyssa]

[2012/03/29 09:13:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/03/28 23:42:03 | 000,000,284 | ---- | M] () -- C:\Windows\hegames.ini
[2012/03/28 22:19:48 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Nyssa\Desktop\NPE.exe
[2012/03/28 22:00:13 | 000,679,802 | ---- | M] () -- C:\Users\Nyssa\Desktop\md_report.xml
[2012/03/28 18:29:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 11:24:07 | 000,024,879 | ---- | M] () -- C:\LDB_20120316001
[2012/03/28 11:17:10 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/27 22:18:21 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

========== Files Created - No Company Name ==========

[2012/04/01 18:58:57 | 002,048,299 | ---- | C] () -- C:\Users\Nyssa\Desktop\tdsskiller.zip
[2012/04/01 16:42:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/01 16:42:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/01 16:42:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/01 16:42:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/01 16:42:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/01 15:52:19 | 000,000,512 | ---- | C] () -- C:\Users\Nyssa\Desktop\MBR.dat
[2012/04/01 15:27:22 | 403,840,299 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/01 11:45:53 | 000,044,607 | ---- | C] () -- C:\Users\Nyssa\Desktop\bootkit_remover.zip
[2012/03/29 21:26:14 | 000,302,592 | ---- | C] () -- C:\Users\Nyssa\Desktop\9nejlgc2.exe
[2012/03/29 18:23:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/03/29 09:13:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/03/29 00:31:18 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/03/29 00:31:15 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/03/29 00:30:50 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/03/29 00:30:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/29 00:30:42 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/03/29 00:29:16 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/03/29 00:29:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/29 00:28:59 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/03/29 00:28:58 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/03/29 00:28:55 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/03/28 22:02:53 | 000,679,802 | ---- | C] () -- C:\Users\Nyssa\Desktop\md_report.xml
[2012/03/28 20:27:15 | 000,000,945 | ---- | C] () -- C:\Users\Nyssa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/28 20:25:15 | 000,000,680 | ---- | C] () -- C:\Users\Nyssa\AppData\Local\d3d9caps.dat
[2012/03/28 20:16:05 | 000,581,296 | ---- | C] () -- C:\Users\Nyssa\Documents\First chat.jpg
[2012/03/28 20:16:05 | 000,046,062 | ---- | C] () -- C:\Users\Nyssa\Documents\French Accents.jpg
[2012/03/28 20:16:05 | 000,000,000 | -H-- | C] () -- C:\Users\Nyssa\Documents\Default.rdp
[2012/03/28 11:24:07 | 000,024,879 | ---- | C] () -- C:\LDB_20120316001
[2012/03/27 21:55:54 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/03/27 21:41:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0342.old
[2012/03/27 21:41:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0321.old
[2012/03/27 21:41:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/03/27 21:41:46 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/03/27 21:41:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/03/27 21:41:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/03/27 21:41:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/03/27 19:54:05 | 002,942,435 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/29 11:25:31 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
[2012/01/29 11:25:06 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
[2010/09/23 10:32:35 | 000,115,358 | ---- | C] () -- C:\Windows\hpgins28.dat
[2010/09/23 10:32:34 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat
[2010/09/18 22:30:26 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/18 22:26:02 | 000,000,284 | ---- | C] () -- C:\Windows\hegames.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/04/01 17:00:21 | 000,018,535 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/07/02 20:55:23 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2009/04/04 09:47:23 | 000,003,347 | RH-- | M] () -- C:\dell.sdr
[2012/03/28 11:24:07 | 000,024,879 | ---- | M] () -- C:\LDB_20120316001
[2012/04/01 15:27:22 | 4029,677,568 | -HS- | M] () -- C:\pagefile.sys
[2012/04/01 19:06:04 | 000,115,730 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_19.01.08_log.txt
[2012/03/28 22:33:39 | 000,121,910 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_28.03.2012_22.32.21_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/03/29 00:51:53 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 21:32:37 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/29 18:36:48 | 000,000,221 | -HS- | M] () -- C:\Users\Nyssa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/29 21:25:20 | 000,302,592 | ---- | M] () -- C:\Users\Nyssa\Desktop\9nejlgc2.exe
[2012/04/01 11:15:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nyssa\Desktop\aswMBR.exe
[2012/04/01 16:39:38 | 004,453,008 | R--- | M] (Swearware) -- C:\Users\Nyssa\Desktop\ComboFix.exe
[2012/03/28 22:19:48 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Nyssa\Desktop\NPE.exe
[2012/04/01 19:58:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/01 19:10:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 19:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/01 15:27:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/01 11:05:27 | 000,032,622 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/03/29 01:11:29 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2012/03/29 01:10:59 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/06 12:18:31 | 000,000,402 | -HS- | M] () -- C:\Users\Nyssa\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/23 10:45:35 | 000,000,733 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:887F3A41
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP026A5A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0C4DECF8

< End of report >

 

[Nyssa]

OTL Extras logfile created on: 4/1/2012 8:00:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nyssa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 55.92% Memory free
7.10 Gb Paging File | 5.39 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): c:\pagefile.sys 3843 5314 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 155.26 Gb Free Space | 54.79% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.66 Gb Free Space | 59.11% Space Free | Partition Type: NTFS

Computer Name: DANA-PC | User Name: Nyssa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081A3DFC-7E58-45B9-8CBD-19DB225D48F7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{27E1E73E-B1F2-49B4-983B-25F1784CFD94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C94BDEA7-571F-4CCD-B900-A08B8AF98E32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01244793-FBE1-4569-A0D3-BE05BBA5A0D0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0B3AA5A6-CFA9-4A1C-8C4A-841E1A21F43E}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{0F36B6AC-396D-4AC7-9A20-CEB8A846E903}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{114AD0C9-C978-4980-83D8-95773A0A5B99}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{2D8E4270-6D7F-490B-9D91-41D557F084C0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4FE70077-47AB-4926-A7AC-FC07DC4705E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5486FBFB-872C-4C19-8D07-E561F6690F8D}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{65A25BF4-DD91-40C1-8CA1-27C44313D1A9}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{75491EB7-33B7-466B-804E-6B6C41D2DD47}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{86DF0B56-F2DF-491C-B748-EC5FA2E81141}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{9368F1DD-A084-4DC5-865A-805DC1B4A373}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{93924939-3CED-4A1C-94C9-5849C7109DF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA449E0D-D193-4DBC-91F3-55E8E32E49EB}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{C15080CA-6F9D-4D06-8CEC-0424942C9F53}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C52720B2-279D-499B-8A47-8FB16F8C8005}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{CE39F98E-58AA-48D6-9942-847C8740F4E2}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{ECC0CE99-AEBB-45DB-86C6-254427EB1B21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ED651286-FC83-4160-BE71-360EE8BB0438}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A613A09-8F96-4F7E-BD71-69A89F37150D}" = hpg4850QFolder
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A8D74C-61B6-46ce-B6E7-527BDD687787}" = HP Scanjet 4800 series 9.0
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{CC77E110-0ACB-4E15-9A92-6AEB96DA8C06}" = hpg4850
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{DA054439-21A7-D2EF-DE23-38AA0560535F}" = ATI Catalyst Install Manager
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BFGC" = Big Fish Games: Game Manager
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
"TVWiz" = Intel(R) TV Wizard
"Web Games Player Plugin" = Web Games Player Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2011 9:43:56 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37694568

Error - 5/22/2011 9:43:56 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37694568

Error - 5/22/2011 9:43:58 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 9:43:58 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37696175

Error - 5/22/2011 9:43:58 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37696175

Error - 5/22/2011 9:43:59 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 9:43:59 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37697735

Error - 5/22/2011 9:43:59 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37697735

Error - 5/22/2011 9:44:02 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 9:44:02 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37700184

[ Broadcom Wireless LAN Events ]
Error - 3/30/2012 9:36:35 AM | Computer Name = Dana-PC | Source = WLAN-Tray | ID = 0
Description = 08:36:34, Fri, Mar 30, 12 Error - Unable to gain access to user store


Error - 3/30/2012 9:54:33 AM | Computer Name = Dana-PC | Source = WLAN-Tray | ID = 0
Description = 08:54:32, Fri, Mar 30, 12 Error - Unable to gain access to user store


[ System Events ]
Error - 4/1/2012 5:41:29 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
Description = The name "THE_ONE_RING :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 4/1/2012 5:41:33 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
Description = The name "THE_ONE_RING :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 4/1/2012 5:45:46 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/1/2012 5:45:50 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/1/2012 5:50:56 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/1/2012 5:56:10 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/1/2012 5:57:48 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/1/2012 6:08:43 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
Description = The name "THE_ONE_RING :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 4/1/2012 8:01:37 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
Description = The name "THE_ONE_RING :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.

Error - 4/1/2012 8:11:35 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
Description = The name "THE_ONE_RING :0" could not be registered on the interface
with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
not allow the name to be claimed by this computer.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR250.SYS -- (SMR250)
  DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
  DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:887F3A41
  @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D026A5A4
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
  @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Nyssa]

Sorry for the delay.
I'll be able to do next steps tomorrow and Sat.
Thanks much.