TechSpot

[A] Browser redirect -- scour.com and findsearchenginerepair

By Nyssa
Mar 29, 2012
  1. Hi there,
    First, thank you in advance for your assistance.

    I'm encountering a browser redirect in both Firefox and IE. I believe it began when I was searching in Google (not Images, but Search) and accidently clicked the top ad rather than the first search result.

    I have tried malware bytes, ccleaner, spyware doctor, mcaffee, and norton's NPE. Right now, everything comes up as clean. Yet, both browsers still redirect if I click on anything in search results. (Those products did find issues but after allowing them to clean, nothing shows up now.)

    I should note that I've tried uninstalling Firefox through both Control Panel and ccleaner and nothing happens.

    The PC is very slow and frequently locks up - even in Safe Mode. Still redirects.

    I didn't find your forums until today - otherwise I would have started here.

    Below, please find the Malware Bytes log. GMER refused to launch. (I downloaded it twice and tried to run it a couple of times. Tried rebooting.) DDS runs and the hashmarks get 3/4 of the way across then it seems to lock up. Tried a couple of times also.

    The stickied thread said to try these in normal mode. Shall I try in Safe Mode? Other suggestions?
    Thank you.
    ---------------------------------

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.29.09

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Nyssa :: DANA-PC [administrator]

    3/29/2012 8:35:04 PM
    mbam-log-2012-03-29 (20-35-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222802
    Time elapsed: 13 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Oh, I should add, haven't had any pop-ups, no porn.
    Just redirects on anything that I click on in searches on either browser.
    Thanks.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Hi Broni,
    Thanks for your assistance.

    I will have access to the laptop again tomorrow and will attempt to run the logs again and post results.
     
  5. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.29.09

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Nyssa :: DANA-PC [administrator]

    3/29/2012 8:35:04 PM
    mbam-log-2012-03-29 (20-35-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222802
    Time elapsed: 13 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-30 21:30:44
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
    Running: 9nejlgc2.exe; Driver: C:\Users\Nyssa\AppData\Local\Temp\pxldapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Nyssa at 12:50:57 on 2012-03-31
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3543.2266 [GMT -5:00]
    .
    AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
    c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120330090114.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8448DD7B-5738-4FFD-9967-31BEC9ED3C03} : DhcpNameServer = 68.87.72.134 68.87.77.134
    TCP: Interfaces\{97E2053B-368F-4C64-B78E-A695F28B6D08} : DhcpNameServer = 192.168.1.254
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-4 464176]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-27 331880]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-27 342168]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-3-27 909728]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-27 54328]
    R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-27 574424]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-12 64880]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-12 165680]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-27 253352]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-27 185560]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-4 81920]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2012-3-27 550864]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-12 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-12 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-12 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-12 150856]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-12 57600]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-4 180816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-4 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-12 338176]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-27 35264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-30 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-30 136176]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-12 87656]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-4 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-4 40552]
    S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
    S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-27 70536]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-3-27 402336]
    S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-3-27 1117624]
    S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-03-30 13:45:56 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9cd1710a-40cc-4d8e-9557-a41244290f19}\mpengine.dll
    2012-03-30 01:29:51 -------- d-----w- c:\users\nyssa\appdata\roaming\Malwarebytes
    2012-03-29 22:50:43 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-29 22:50:43 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-29 22:50:42 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-29 22:50:42 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-29 22:50:42 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-29 22:50:39 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-03-29 22:50:35 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-03-29 14:14:31 -------- d-----w- c:\program files\Windows Portable Devices
    2012-03-29 14:03:50 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2012-03-29 14:03:49 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2012-03-29 14:03:49 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-03-29 14:01:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-03-29 14:01:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2012-03-29 14:01:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-03-29 14:01:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-03-29 14:01:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2012-03-29 14:01:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-03-29 14:01:00 519680 ----a-w- c:\windows\system32\d3d11.dll
    2012-03-29 13:06:01 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-29 13:05:53 797696 ----a-w- c:\windows\system32\FntCache.dll
    2012-03-29 13:05:53 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2012-03-29 13:05:52 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-03-29 13:05:51 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2012-03-29 13:05:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-03-29 13:05:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2012-03-29 13:05:49 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2012-03-29 13:01:23 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-03-29 13:01:22 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-03-29 13:01:13 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2012-03-29 13:01:12 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2012-03-29 13:01:12 238080 ----a-w- c:\windows\system32\oleacc.dll
    2012-03-29 13:01:11 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2012-03-29 13:00:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-29 13:00:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-29 13:00:23 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-03-29 13:00:22 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-03-29 13:00:22 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-03-29 13:00:22 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-03-29 13:00:21 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-03-29 13:00:21 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-03-29 13:00:18 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-29 13:00:14 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-29 13:00:10 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-29 12:59:44 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2012-03-29 12:59:44 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2012-03-29 12:59:43 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-03-29 12:59:42 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-03-29 12:59:39 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2012-03-29 12:59:36 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-03-29 12:59:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-03-29 12:59:03 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2012-03-29 12:58:59 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-03-29 12:58:50 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-03-29 12:58:50 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-03-29 12:58:46 66560 ----a-w- c:\windows\system32\packager.dll
    2012-03-29 12:58:44 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
    2012-03-29 12:58:42 429056 ----a-w- c:\windows\system32\EncDec.dll
    2012-03-29 12:58:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-03-29 12:57:50 231424 ----a-w- c:\windows\system32\msshsq.dll
    2012-03-29 06:01:46 -------- d-----w- c:\windows\system32\vi-VN
    2012-03-29 06:01:46 -------- d-----w- c:\windows\system32\eu-ES
    2012-03-29 06:01:46 -------- d-----w- c:\windows\system32\ca-ES
    2012-03-29 05:54:34 -------- d-----w- c:\windows\system32\SPReview
    2012-03-29 05:32:49 928768 ----a-w- c:\windows\system32\scavenge.dll
    2012-03-29 05:32:42 57856 ----a-w- c:\windows\system32\compcln.exe
    2012-03-29 05:30:51 93696 ----a-w- c:\windows\system32\eappgnui.dll
    2012-03-29 05:29:59 84992 ----a-w- c:\windows\system32\mstlsapi.dll
    2012-03-29 05:28:59 92918 ----a-w- c:\windows\system32\slmgr.vbs
    2012-03-29 05:24:47 -------- d-----w- c:\windows\system32\EventProviders
    2012-03-29 03:33:51 -------- d-----w- c:\users\nyssa\appdata\local\NPE
    2012-03-29 03:33:51 -------- d-----w- c:\programdata\Norton
    2012-03-29 03:05:21 -------- d-----w- c:\users\nyssa\appdata\roaming\PCTools
    2012-03-29 02:25:52 -------- d-----w- c:\users\nyssa\appdata\local\Stardock_Corporation
    2012-03-28 16:44:11 -------- d-----w- C:\6b043e67185721d370cac201
    2012-03-28 16:24:04 -------- d-----w- c:\windows\system32\WCID
    2012-03-28 03:21:42 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-03-28 03:21:42 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-03-28 03:21:42 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-03-28 02:56:31 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-03-28 02:55:51 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-03-28 02:55:49 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-03-28 02:41:47 767952 ----a-w- c:\windows\BDTSupport.dll0342.old
    2012-03-28 02:41:47 767952 ----a-w- c:\windows\BDTSupport.dll0321.old
    2012-03-28 02:41:47 767952 ----a-w- c:\windows\BDTSupport.dll
    2012-03-28 02:41:46 149456 ----a-w- c:\windows\SGDetectionTool.dll0342.old
    2012-03-28 02:41:46 149456 ----a-w- c:\windows\SGDetectionTool.dll0321.old
    2012-03-28 02:41:46 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2012-03-28 02:41:45 2250704 ----a-w- c:\windows\PCTBDCore.dll0342.old
    2012-03-28 02:41:45 2250704 ----a-w- c:\windows\PCTBDCore.dll
    2012-03-28 02:41:45 1996752 ----a-w- c:\windows\PCTBDCore.dll0321.old
    2012-03-28 02:41:44 1681360 ----a-w- c:\windows\PCTBDRes.dll
    2012-03-28 00:53:25 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-03-28 00:53:25 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-03-28 00:53:23 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-03-28 00:53:22 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-03-28 00:53:18 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-28 00:53:17 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-28 00:52:59 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-03-28 00:52:33 -------- d-----w- c:\program files\common files\PC Tools
    2012-03-28 00:52:32 -------- d-----w- c:\programdata\PC Tools
    2012-03-28 00:52:32 -------- d-----w- c:\program files\PC Tools Security
    2012-03-28 00:07:00 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-03-28 00:06:59 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-03-28 00:02:35 -------- d-----w- c:\users\nyssa\appdata\local\Mozilla
    .
    ==================== Find3M ====================
    .
    2012-03-29 23:23:04 161792 ----a-w- c:\windows\system32\msls31.dll
    2012-03-29 23:23:04 1127424 ----a-w- c:\windows\system32\wininet.dll
    2012-03-29 23:23:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-29 23:23:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-29 23:23:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-29 23:23:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-29 23:23:01 63488 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-29 23:23:01 367104 ----a-w- c:\windows\system32\html.iec
    2012-03-29 23:23:00 74752 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-29 23:22:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-29 23:22:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-03-29 23:22:57 152064 ----a-w- c:\windows\system32\wextract.exe
    2012-03-29 23:22:57 150528 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-29 23:22:56 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-29 23:22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-03-29 23:22:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-29 23:22:55 11776 ----a-w- c:\windows\system32\mshta.exe
    2012-03-29 23:22:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2012-03-29 23:22:54 101888 ----a-w- c:\windows\system32\admparse.dll
    2012-03-29 23:22:53 35840 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-29 23:22:52 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-22 02:45:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 12:51:56.02 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/4/2009 1:55:02 AM
    System Uptime: 3/31/2012 9:13:54 AM (3 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 155.642 GiB free.
    E: is FIXED (NTFS) - 15 GiB total, 8.664 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP415: 2/13/2012 8:45:13 PM - Scheduled Checkpoint
    RP416: 2/15/2012 4:15:47 PM - Scheduled Checkpoint
    RP417: 2/21/2012 5:57:59 PM - Scheduled Checkpoint
    RP418: 2/21/2012 8:46:45 PM - Good - Before WinUpdate
    RP419: 2/21/2012 8:52:14 PM - Windows Update
    RP420: 2/23/2012 7:19:31 PM - Scheduled Checkpoint
    RP421: 3/5/2012 3:58:17 PM - Scheduled Checkpoint
    RP422: 3/8/2012 9:45:26 PM - Scheduled Checkpoint
    RP423: 3/17/2012 4:24:48 PM - Scheduled Checkpoint
    RP424: 3/19/2012 8:28:49 AM - Scheduled Checkpoint
    RP425: 3/25/2012 1:39:58 PM - Scheduled Checkpoint
    RP426: 3/27/2012 7:12:26 PM - Restore Operation
    RP427: 3/28/2012 11:43:42 AM - Windows Update
    RP428: 3/28/2012 10:59:36 PM - Norton_Power_Eraser_20120328225936057
    RP429: 3/28/2012 11:36:19 PM - Removed Dell Dock
    RP430: 3/28/2012 11:38:46 PM - Removed FedEx Office Printer.
    RP431: 3/28/2012 11:39:58 PM - Removed Google Earth.
    RP432: 3/29/2012 12:27:41 AM - Windows Vista™ Service Pack 2
    RP433: 3/29/2012 8:06:12 AM - Windows Update
    RP434: 3/29/2012 5:50:46 PM - Windows Update
    RP435: 3/29/2012 6:19:58 PM - Windows Update
    RP436: 3/30/2012 8:45:18 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    Banctec Service Agreement
    Big Fish Games: Game Manager
    Bonjour
    BufferChm
    CCleaner
    CDDRV_Installer
    Choice Guard
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Coupon Printer for Windows
    Dell DataSafe Online
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Remote Access
    Dell Resource CD
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Video Chat
    Dell Webcam Central
    Dell Wireless WLAN Card Utility
    DELL0604
    Destination Component
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    Drivers Install For Linksys Easylink Advisor
    erLT
    eSupportQFolder
    Google Update Helper
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart Essential
    HP Scanjet 4800 series 9.0
    HP Solution Center 9.0
    hpg4850
    hpg4850QFolder
    HPProductAssistant
    Integrated Webcam Driver (1.02.01.0320)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    KhalInstallWrapper
    Linksys EasyLink Advisor 1.6 (0032)
    Live! Cam Avatar Creator
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee SecurityCenter
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Streets & Trips 2011
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MobileMe Control Panel
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OverDrive Media Console
    PanoStandAlone
    PC Tools Spyware Doctor with AntiVirus 9.0
    PowerDVD
    Quicken 2009
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    SolutionCenter
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VoiceOver Kit
    Web Games Player Plugin
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/30/2012 9:28:03 PM, Error: netbt [4321] - The name "THE_ONE_RING :0" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
    3/30/2012 8:53:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SMR250
    3/30/2012 8:53:43 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/30/2012 8:53:43 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/30/2012 8:53:04 AM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.
    3/30/2012 8:52:29 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:59 AM on 3/30/2012 was unexpected.
    3/30/2012 8:31:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    3/30/2012 8:29:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/30/2012 8:29:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk NetBIOS netbt nsiproxy pctgntdi PCTSD PSched RasAcd rdbss Smb SMR250 spldr tdx Wanarpv6 ws2ifsl
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/30/2012 8:29:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/30/2012 8:28:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/30/2012 8:28:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/30/2012 8:28:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/30/2012 8:28:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/30/2012 8:27:35 AM, Error: EventLog [6008] - The previous system shutdown at 8:25:14 AM on 3/30/2012 was unexpected.
    3/30/2012 8:22:36 AM, Error: EventLog [6008] - The previous system shutdown at 8:21:22 AM on 3/30/2012 was unexpected.
    3/30/2012 12:00:05 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    3/29/2012 9:10:57 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/29/2012 9:10:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: Security Update for Windows Vista (KB2633171).
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-8_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-7_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-6_neutral_GDR from package KB2633171(Security Update) into Staging(Staging) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-30_neutral_PACKAGE from package KB2633171(Security Update) into Absent(Absent) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-3_neutral_GDR from package KB2633171(Security Update) into Staging(Staging) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-29_neutral_PACKAGE from package KB2633171(Security Update) into Absent(Absent) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-28_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2633171-25_neutral_PACKAGE from package KB2633171(Security Update) into Resolved(Resolved) state
    3/29/2012 9:10:04 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2633171 (Security Update) into Install Requested(Install Requested) state
    3/29/2012 8:56:17 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/29/2012 8:54:13 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/29/2012 7:34:23 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2644615 (Security Update) into Resolved(Resolved) state
    3/29/2012 7:22:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/29/2012 10:40:14 PM, Error: PCTCore [280] - The item store is corrupted: @5512.
    3/29/2012 10:32:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer THE_ONE_RING that believes that it is the master browser for the domain on transport NetBT_Tcpip_{97E2053B-368F-4C64-B78E-A695F. The master browser is stopping or an election is being forced.
    3/29/2012 1:10:10 AM, Error: Service Control Manager [7023] - The McAfee VirusScan Announcer service terminated with the following error: Operation aborted
    .
    ==== End Of File ===========================

    Broni, I think those are all of the logs to start with.

    I should also mention that I was able to remove Firefox (by re-installing, then uninstalling it.) Immediately, speed went back to normal. However, I do not want to assume that everything is good to go. These logs are after the Firefox uninstall. (They wouldn't even run beofre hte uninstall...)

    Please let me know what next steps you recommend.
    Thanks much.
     
  7. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Question. I'm ran these logs onthe infected machine, using a different profile, since the infected profile is stalling. Is this okay, or are you looking for info that will only be logged if I'm using the infected profile?
    Thanks.
    Dana
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You did fine.

    You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and McAfee.
    One of them has to go.
    If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You did fine.

    You're running two AV programs, PC Tools Spyware Doctor with AntiVirus and McAfee.
    One of them has to go.
    If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  10. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Uninstalled McAffee.
    Let me know if/when you would like me to see if the browser is still re-directing.
    Thanks.


    ____________________________________________________

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 11:17:13
    -----------------------------
    11:17:13.580 OS Version: Windows 6.0.6002 Service Pack 2
    11:17:13.581 Number of processors: 2 586 0x170A
    11:17:13.582 ComputerName: DANA-PC UserName: Nyssa
    11:17:46.873 Initialize success
    11:20:35.899 AVAST engine defs: 12040100
    11:34:36.662 The log file has been saved successfully to "C:\Users\Nyssa\Desktop\aswMBR.txt"


    ___________________________________________________

    Next log forthcoming.
     
  11. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
    2), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`ac000000
    Boot sector MD5 is: fe5642739ba66ba18c128543669678a2

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    aswMBR log looks incomplete.
    Re-run it, be patient and let it finish.
     
  13. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 15:31:07
    -----------------------------
    15:31:07.082 OS Version: Windows 6.0.6002 Service Pack 2
    15:31:07.083 Number of processors: 2 586 0x170A
    15:31:07.083 ComputerName: DANA-PC UserName: Nyssa
    15:31:22.517 Initialize success
    15:31:37.705 AVAST engine defs: 12040100
    15:31:39.009 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    15:31:39.014 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
    15:31:39.037 Disk 0 MBR read successfully
    15:31:39.042 Disk 0 MBR scan
    15:31:39.237 Disk 0 Windows VISTA default MBR code
    15:31:39.245 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    15:31:39.424 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
    15:31:39.668 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
    15:31:39.827 Disk 0 scanning sectors +625140400
    15:31:40.091 Disk 0 scanning C:\Windows\system32\drivers
    15:32:30.521 Service scanning
    15:33:16.278 Modules scanning
    15:33:30.162 Disk 0 trace - called modules:
    15:33:30.204 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iastor.sys hal.dll
    15:33:30.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ea7820]
    15:33:30.226 3 CLASSPNP.SYS[8c1a38b3] -> nt!IofCallDriver -> [0x8696f390]
    15:33:30.236 5 PCTCore.sys[82afa407] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f24028]
    15:33:31.839 AVAST engine scan C:\Windows
    15:33:41.034 AVAST engine scan C:\Windows\system32
    15:40:16.018 AVAST engine scan C:\Windows\system32\drivers
    15:40:53.163 AVAST engine scan C:\Users\Nyssa
    15:43:54.141 AVAST engine scan C:\ProgramData
    15:46:51.875 Scan finished successfully
    15:52:19.075 Disk 0 MBR has been saved successfully to "C:\Users\Nyssa\Desktop\MBR.dat"
    15:52:19.086 The log file has been saved successfully to "C:\Users\Nyssa\Desktop\aswMBR.txt"
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    ComboFix 12-04-01.01 - Nyssa 04/01/2012 16:46:04.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3543.2037 [GMT -5:00]
    Running from: c:\users\Nyssa\Desktop\ComboFix.exe
    AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
    SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Dana\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-01 21:57 . 2012-04-01 21:57 -------- d-----w- c:\users\Nyssa\AppData\Local\CrashDumps
    2012-04-01 21:57 . 2012-04-01 21:58 -------- d-----w- c:\users\Nyssa\AppData\Local\temp
    2012-03-30 13:45 . 2012-03-20 08:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CD1710A-40CC-4D8E-9557-A41244290F19}\mpengine.dll
    2012-03-30 01:29 . 2012-03-30 01:29 -------- d-----w- c:\users\Nyssa\AppData\Roaming\Malwarebytes
    2012-03-29 22:50 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-29 22:50 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-29 22:50 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-29 22:50 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-29 22:50 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-29 22:50 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-03-29 22:50 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-03-29 14:14 . 2012-03-29 14:14 -------- d-----w- c:\program files\Windows Portable Devices
    2012-03-29 14:03 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2012-03-29 14:03 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2012-03-29 14:03 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-03-29 14:01 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-03-29 14:01 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2012-03-29 14:01 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-03-29 14:01 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2012-03-29 14:01 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2012-03-29 14:01 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2012-03-29 14:01 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
    2012-03-29 13:06 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-29 13:05 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2012-03-29 13:05 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2012-03-29 13:05 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-03-29 13:05 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2012-03-29 13:05 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-03-29 13:05 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2012-03-29 13:05 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2012-03-29 13:01 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-03-29 13:01 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-03-29 13:01 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2012-03-29 13:01 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2012-03-29 13:01 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2012-03-29 13:01 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2012-03-29 13:00 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-29 13:00 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-29 13:00 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-03-29 13:00 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-03-29 13:00 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-03-29 13:00 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-03-29 13:00 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-03-29 13:00 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-03-29 13:00 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-29 13:00 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-29 13:00 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-29 12:59 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2012-03-29 12:59 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2012-03-29 12:59 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-03-29 12:59 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-03-29 12:59 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2012-03-29 12:59 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-03-29 12:59 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-03-29 12:59 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-03-29 12:58 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-03-29 12:58 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-03-29 12:58 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-03-29 12:58 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
    2012-03-29 12:58 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2012-03-29 12:58 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2012-03-29 12:58 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-03-29 12:57 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2012-03-29 06:01 . 2012-03-29 06:02 -------- d-----w- c:\windows\system32\ca-ES
    2012-03-29 06:01 . 2012-03-29 06:02 -------- d-----w- c:\windows\system32\eu-ES
    2012-03-29 06:01 . 2012-03-29 06:02 -------- d-----w- c:\windows\system32\vi-VN
    2012-03-29 05:54 . 2012-03-29 05:54 -------- d-----w- c:\windows\system32\SPReview
    2012-03-29 05:32 . 2009-04-11 04:28 928768 ----a-w- c:\windows\system32\scavenge.dll
    2012-03-29 05:32 . 2009-04-11 04:27 57856 ----a-w- c:\windows\system32\compcln.exe
    2012-03-29 05:30 . 2009-04-11 04:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
    2012-03-29 05:29 . 2009-04-11 04:28 84992 ----a-w- c:\windows\system32\mstlsapi.dll
    2012-03-29 05:28 . 2009-04-11 04:28 777216 ----a-w- c:\windows\system32\slcc.dll
    2012-03-29 05:24 . 2012-03-29 05:24 -------- d-----w- c:\windows\system32\EventProviders
    2012-03-29 04:15 . 2012-03-29 04:24 -------- d-----w- c:\users\Dana\AppData\Local\NPE
    2012-03-29 03:33 . 2012-03-29 16:03 -------- d-----w- c:\users\Nyssa\AppData\Local\NPE
    2012-03-29 03:33 . 2012-03-29 03:34 -------- d-----w- c:\programdata\Norton
    2012-03-29 03:05 . 2012-03-29 03:05 -------- d-----w- c:\users\Nyssa\AppData\Roaming\PCTools
    2012-03-29 02:25 . 2012-03-29 02:25 -------- d-----w- c:\users\Nyssa\AppData\Local\Stardock_Corporation
    2012-03-29 01:06 . 2012-03-29 01:07 -------- d-----w- c:\users\Dana2
    2012-03-28 16:44 . 2012-03-28 16:47 -------- d-----w- C:\6b043e67185721d370cac201
    2012-03-28 16:24 . 2012-04-01 21:35 -------- d-----w- c:\windows\system32\WCID
    2012-03-28 03:21 . 2012-02-24 14:16 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2012-03-28 03:21 . 2012-02-24 14:16 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2012-03-28 03:21 . 2012-02-24 14:16 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2012-03-28 03:11 . 2012-03-28 03:11 -------- d-----w- c:\users\Dana\AppData\Local\Threat Expert
    2012-03-28 02:56 . 2011-09-28 18:14 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
    2012-03-28 02:55 . 2012-02-24 15:35 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-03-28 02:55 . 2012-02-24 15:36 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-03-28 02:49 . 2012-03-28 02:49 -------- d-----w- c:\users\Dana\AppData\Roaming\TestApp
    2012-03-28 02:41 . 2012-02-17 20:08 767952 ----a-w- c:\windows\BDTSupport.dll
    2012-03-28 02:41 . 2012-02-17 20:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2012-03-28 02:41 . 2012-02-17 20:08 2250704 ----a-w- c:\windows\PCTBDCore.dll
    2012-03-28 02:41 . 2012-02-17 20:08 1681360 ----a-w- c:\windows\PCTBDRes.dll
    2012-03-28 00:53 . 2011-12-01 21:07 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2012-03-28 00:53 . 2011-12-01 21:07 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2012-03-28 00:53 . 2012-02-24 15:31 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-03-28 00:53 . 2012-02-24 15:31 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-03-28 00:53 . 2011-11-14 20:12 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-28 00:53 . 2011-11-14 20:12 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-28 00:52 . 2012-02-24 15:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-03-28 00:52 . 2012-03-28 01:10 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-03-28 00:52 . 2012-04-01 21:39 -------- d-----w- c:\program files\PC Tools Security
    2012-03-28 00:52 . 2012-03-28 03:21 -------- d-----w- c:\programdata\PC Tools
    2012-03-28 00:52 . 2012-03-28 00:52 -------- d-----w- c:\users\Dana\AppData\Roaming\PC Tools
    2012-03-28 00:07 . 2012-03-18 05:11 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2012-03-28 00:06 . 2012-03-18 05:11 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2012-03-28 00:02 . 2012-03-28 00:02 -------- d-----w- c:\users\Nyssa\AppData\Local\Mozilla
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 14:18 . 2010-05-16 04:13 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-22 02:45 . 2011-05-15 14:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-04-14 19:01 . 2010-09-13 01:04 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
    .
    c:\users\Dana2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-24 805392]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
    backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Dana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
    path=c:\users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    backup=c:\windows\pss\Dell Dock.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Nyssa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
    path=c:\users\Nyssa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    backup=c:\windows\pss\Dell Dock.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-12-14 23:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
    2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
    2008-06-03 20:54 446635 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
    2008-10-04 18:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    2012-02-24 15:36 2659768 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
    2009-01-09 17:06 1735760 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    *Deregistered* - PCTSDInjDriver32
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-30 22:26]
    .
    2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-30 22:26]
    .
    .
    ------- Supplementary Scan -------
    .
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-01 16:57
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,2b,7e,25,4f,69,75,4c,b5,b6,52,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,2b,7e,25,4f,69,75,4c,b5,b6,52,\
    .
    Completion time: 2012-04-01 17:00:21
    ComboFix-quarantined-files.txt 2012-04-01 22:00
    .
    Pre-Run: 166,464,172,032 bytes free
    Post-Run: 166,688,366,592 bytes free
    .
    - - End Of File - - 00AD3CFC14DB63352E63026AB42B6903


    Looks like Windows Defender was still running.
    Ack!
    Let me know if you want me to run it again.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You did fine.

    How is redirection?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    19:01:08.0229 3256 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    19:01:09.0570 3256 ============================================================
    19:01:09.0570 3256 Current date / time: 2012/04/01 19:01:09.0570
    19:01:09.0570 3256 SystemInfo:
    19:01:09.0570 3256
    19:01:09.0570 3256 OS Version: 6.0.6002 ServicePack: 2.0
    19:01:09.0570 3256 Product type: Workstation
    19:01:09.0570 3256 ComputerName: DANA-PC
    19:01:09.0570 3256 UserName: Nyssa
    19:01:09.0570 3256 Windows directory: C:\Windows
    19:01:09.0570 3256 System windows directory: C:\Windows
    19:01:09.0570 3256 Processor architecture: Intel x86
    19:01:09.0570 3256 Number of processors: 2
    19:01:09.0570 3256 Page size: 0x1000
    19:01:09.0570 3256 Boot type: Normal boot
    19:01:09.0570 3256 ============================================================
    19:01:10.0147 3256 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:01:10.0147 3256 \Device\Harddisk0\DR0:
    19:01:10.0163 3256 MBR used
    19:01:10.0163 3256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    19:01:10.0163 3256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
    19:01:10.0225 3256 Initialize success
    19:01:10.0225 3256 ============================================================
    19:01:29.0367 5252 ============================================================
    19:01:29.0367 5252 Scan started
    19:01:29.0367 5252 Mode: Manual;
    19:01:29.0367 5252 ============================================================
    19:01:29.0959 5252 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    19:01:29.0975 5252 ACPI - ok
    19:01:30.0100 5252 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    19:01:30.0115 5252 adp94xx - ok
    19:01:30.0162 5252 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    19:01:30.0162 5252 adpahci - ok
    19:01:30.0193 5252 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    19:01:30.0193 5252 adpu160m - ok
    19:01:30.0225 5252 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    19:01:30.0225 5252 adpu320 - ok
    19:01:30.0303 5252 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    19:01:30.0303 5252 AeLookupSvc - ok
    19:01:30.0396 5252 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    19:01:30.0396 5252 AESTFilters - ok
    19:01:30.0537 5252 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    19:01:30.0552 5252 AFD - ok
    19:01:30.0615 5252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    19:01:30.0615 5252 agp440 - ok
    19:01:30.0646 5252 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    19:01:30.0646 5252 aic78xx - ok
    19:01:30.0693 5252 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    19:01:30.0693 5252 ALG - ok
    19:01:30.0739 5252 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    19:01:30.0739 5252 aliide - ok
    19:01:30.0802 5252 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    19:01:30.0802 5252 amdagp - ok
    19:01:30.0817 5252 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    19:01:30.0833 5252 amdide - ok
    19:01:30.0849 5252 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    19:01:30.0849 5252 AmdK7 - ok
    19:01:30.0880 5252 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    19:01:30.0880 5252 AmdK8 - ok
    19:01:30.0927 5252 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
    19:01:30.0942 5252 ApfiltrService - ok
    19:01:31.0036 5252 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    19:01:31.0036 5252 Appinfo - ok
    19:01:31.0129 5252 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:01:31.0129 5252 Apple Mobile Device - ok
    19:01:31.0285 5252 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    19:01:31.0285 5252 arc - ok
    19:01:31.0395 5252 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    19:01:31.0395 5252 arcsas - ok
    19:01:31.0535 5252 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    19:01:31.0535 5252 aspnet_state - ok
    19:01:31.0613 5252 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:01:31.0613 5252 AsyncMac - ok
    19:01:31.0644 5252 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
    19:01:31.0644 5252 atapi - ok
    19:01:31.0722 5252 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    19:01:31.0738 5252 AudioEndpointBuilder - ok
    19:01:31.0753 5252 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    19:01:31.0753 5252 Audiosrv - ok
    19:01:31.0878 5252 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
    19:01:31.0878 5252 BCM42RLY - ok
    19:01:31.0972 5252 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
    19:01:31.0972 5252 BCM43XX - ok
    19:01:32.0065 5252 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    19:01:32.0065 5252 Beep - ok
    19:01:32.0128 5252 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    19:01:32.0128 5252 BFE - ok
    19:01:32.0253 5252 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
    19:01:32.0253 5252 BITS - ok
    19:01:32.0315 5252 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    19:01:32.0315 5252 blbdrive - ok
    19:01:32.0393 5252 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
    19:01:32.0409 5252 Bonjour Service - ok
    19:01:32.0502 5252 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    19:01:32.0502 5252 bowser - ok
    19:01:32.0565 5252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    19:01:32.0565 5252 BrFiltLo - ok
    19:01:32.0596 5252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    19:01:32.0596 5252 BrFiltUp - ok
    19:01:32.0627 5252 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    19:01:32.0627 5252 Browser - ok
    19:01:32.0767 5252 Browser Defender Update Service (335219836821cb675533ab4731779754) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
    19:01:32.0767 5252 Browser Defender Update Service - ok
    19:01:32.0877 5252 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    19:01:32.0877 5252 Brserid - ok
    19:01:32.0923 5252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    19:01:32.0923 5252 BrSerWdm - ok
    19:01:32.0939 5252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    19:01:32.0939 5252 BrUsbMdm - ok
    19:01:32.0955 5252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    19:01:32.0955 5252 BrUsbSer - ok
    19:01:32.0986 5252 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    19:01:32.0986 5252 BTHMODEM - ok
    19:01:33.0079 5252 catchme - ok
    19:01:33.0189 5252 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:01:33.0189 5252 cdfs - ok
    19:01:33.0251 5252 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    19:01:33.0251 5252 cdrom - ok
    19:01:33.0313 5252 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    19:01:33.0313 5252 CertPropSvc - ok
    19:01:33.0376 5252 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    19:01:33.0376 5252 circlass - ok
    19:01:33.0423 5252 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    19:01:33.0423 5252 CLFS - ok
    19:01:33.0501 5252 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:01:33.0501 5252 clr_optimization_v2.0.50727_32 - ok
    19:01:33.0563 5252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:01:33.0563 5252 clr_optimization_v4.0.30319_32 - ok
    19:01:33.0641 5252 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:01:33.0641 5252 CmBatt - ok
    19:01:33.0688 5252 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    19:01:33.0688 5252 cmdide - ok
    19:01:33.0719 5252 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    19:01:33.0719 5252 Compbatt - ok
    19:01:33.0719 5252 COMSysApp - ok
    19:01:33.0735 5252 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    19:01:33.0735 5252 crcdisk - ok
    19:01:33.0766 5252 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    19:01:33.0766 5252 Crusoe - ok
    19:01:33.0844 5252 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
    19:01:33.0844 5252 CryptSvc - ok
    19:01:33.0937 5252 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    19:01:33.0937 5252 DcomLaunch - ok
    19:01:33.0984 5252 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    19:01:34.0000 5252 DfsC - ok
    19:01:34.0078 5252 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    19:01:34.0078 5252 Dhcp - ok
    19:01:34.0125 5252 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    19:01:34.0125 5252 disk - ok
    19:01:34.0171 5252 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    19:01:34.0187 5252 Dnscache - ok
    19:01:34.0249 5252 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    19:01:34.0249 5252 dot3svc - ok
    19:01:34.0296 5252 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    19:01:34.0296 5252 DPS - ok
    19:01:34.0374 5252 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    19:01:34.0374 5252 drmkaud - ok
    19:01:34.0421 5252 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    19:01:34.0421 5252 DXGKrnl - ok
    19:01:34.0483 5252 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    19:01:34.0483 5252 e1express - ok
    19:01:34.0499 5252 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    19:01:34.0499 5252 E1G60 - ok
    19:01:34.0561 5252 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    19:01:34.0561 5252 EapHost - ok
    19:01:34.0655 5252 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    19:01:34.0655 5252 Ecache - ok
    19:01:34.0702 5252 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
    19:01:34.0702 5252 elagopro - ok
    19:01:34.0749 5252 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
    19:01:34.0749 5252 elaunidr - ok
    19:01:34.0795 5252 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    19:01:34.0811 5252 elxstor - ok
    19:01:34.0889 5252 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    19:01:34.0889 5252 EMDMgmt - ok
    19:01:34.0920 5252 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    19:01:34.0920 5252 ErrDev - ok
    19:01:34.0998 5252 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    19:01:34.0998 5252 EventSystem - ok
    19:01:35.0045 5252 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    19:01:35.0061 5252 exfat - ok
    19:01:35.0107 5252 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    19:01:35.0107 5252 fastfat - ok
    19:01:35.0154 5252 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    19:01:35.0154 5252 fdc - ok
    19:01:35.0201 5252 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    19:01:35.0201 5252 fdPHost - ok
    19:01:35.0217 5252 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    19:01:35.0232 5252 FDResPub - ok
    19:01:35.0279 5252 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    19:01:35.0279 5252 FileInfo - ok
    19:01:35.0310 5252 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    19:01:35.0310 5252 Filetrace - ok
    19:01:35.0341 5252 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:01:35.0341 5252 flpydisk - ok
    19:01:35.0388 5252 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    19:01:35.0404 5252 FltMgr - ok
    19:01:35.0513 5252 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    19:01:35.0544 5252 FontCache - ok
    19:01:35.0638 5252 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    19:01:35.0638 5252 FontCache3.0.0.0 - ok
    19:01:35.0716 5252 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    19:01:35.0716 5252 Fs_Rec - ok
    19:01:35.0747 5252 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    19:01:35.0747 5252 gagp30kx - ok
    19:01:35.0794 5252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:01:35.0794 5252 GEARAspiWDM - ok
    19:01:35.0872 5252 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    19:01:35.0872 5252 GoToAssist - ok
    19:01:35.0981 5252 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    19:01:35.0981 5252 gpsvc - ok
    19:01:36.0075 5252 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:01:36.0075 5252 gupdate - ok
    19:01:36.0090 5252 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    19:01:36.0090 5252 gupdatem - ok
    19:01:36.0199 5252 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:01:36.0199 5252 HDAudBus - ok
    19:01:36.0262 5252 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    19:01:36.0262 5252 HidBth - ok
    19:01:36.0277 5252 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    19:01:36.0277 5252 HidIr - ok
    19:01:36.0324 5252 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
    19:01:36.0340 5252 hidserv - ok
    19:01:36.0387 5252 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    19:01:36.0387 5252 HidUsb - ok
    19:01:36.0402 5252 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    19:01:36.0418 5252 hkmsvc - ok
    19:01:36.0496 5252 hnmsvc (26018afa49f03032ccd3c26eaa384a4c) c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    19:01:36.0511 5252 hnmsvc - ok
    19:01:36.0621 5252 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    19:01:36.0621 5252 HpCISSs - ok
    19:01:36.0699 5252 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    19:01:36.0699 5252 hpqcxs08 - ok
    19:01:36.0808 5252 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
    19:01:36.0823 5252 HTTP - ok
    19:01:36.0870 5252 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    19:01:36.0870 5252 i2omp - ok
    19:01:36.0917 5252 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:01:36.0917 5252 i8042prt - ok
    19:01:36.0995 5252 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    19:01:36.0995 5252 IAANTMON - ok
    19:01:37.0104 5252 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
    19:01:37.0120 5252 iaStor - ok
    19:01:37.0167 5252 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    19:01:37.0167 5252 iaStorV - ok
    19:01:37.0260 5252 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:01:37.0291 5252 idsvc - ok
    19:01:37.0510 5252 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
    19:01:37.0557 5252 igfx - ok
    19:01:37.0619 5252 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    19:01:37.0619 5252 iirsp - ok
    19:01:37.0697 5252 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    19:01:37.0697 5252 IKEEXT - ok
    19:01:37.0744 5252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    19:01:37.0744 5252 intelide - ok
    19:01:37.0775 5252 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    19:01:37.0775 5252 intelppm - ok
    19:01:37.0791 5252 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    19:01:37.0806 5252 IPBusEnum - ok
    19:01:37.0837 5252 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:01:37.0837 5252 IpFilterDriver - ok
    19:01:37.0884 5252 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    19:01:37.0884 5252 iphlpsvc - ok
    19:01:37.0900 5252 IpInIp - ok
    19:01:37.0931 5252 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    19:01:37.0947 5252 IPMIDRV - ok
    19:01:37.0962 5252 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    19:01:37.0962 5252 IPNAT - ok
    19:01:38.0040 5252 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
    19:01:38.0056 5252 iPod Service - ok
    19:01:38.0181 5252 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    19:01:38.0181 5252 IRENUM - ok
    19:01:38.0227 5252 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    19:01:38.0227 5252 isapnp - ok
    19:01:38.0290 5252 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:01:38.0290 5252 iScsiPrt - ok
    19:01:38.0321 5252 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    19:01:38.0321 5252 iteatapi - ok
    19:01:38.0383 5252 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    19:01:38.0383 5252 iteraid - ok
    19:01:38.0399 5252 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:01:38.0399 5252 kbdclass - ok
    19:01:38.0446 5252 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:01:38.0446 5252 kbdhid - ok
    19:01:38.0493 5252 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:01:38.0508 5252 KeyIso - ok
    19:01:38.0555 5252 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    19:01:38.0571 5252 KSecDD - ok
    19:01:38.0617 5252 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    19:01:38.0633 5252 KtmRm - ok
    19:01:38.0664 5252 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
    19:01:38.0680 5252 LanmanServer - ok
    19:01:38.0727 5252 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    19:01:38.0727 5252 LanmanWorkstation - ok
    19:01:38.0820 5252 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    19:01:38.0836 5252 LBTServ - ok
    19:01:38.0945 5252 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    19:01:38.0945 5252 LHidFilt - ok
    19:01:39.0007 5252 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:01:39.0007 5252 lltdio - ok
    19:01:39.0039 5252 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    19:01:39.0039 5252 lltdsvc - ok
    19:01:39.0070 5252 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    19:01:39.0070 5252 lmhosts - ok
    19:01:39.0148 5252 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    19:01:39.0148 5252 LMouFilt - ok
    19:01:39.0195 5252 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    19:01:39.0195 5252 LSI_FC - ok
    19:01:39.0241 5252 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    19:01:39.0241 5252 LSI_SAS - ok
    19:01:39.0273 5252 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    19:01:39.0273 5252 LSI_SCSI - ok
    19:01:39.0319 5252 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    19:01:39.0319 5252 luafv - ok
    19:01:39.0366 5252 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    19:01:39.0366 5252 megasas - ok
    19:01:39.0397 5252 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    19:01:39.0413 5252 MegaSR - ok
    19:01:39.0444 5252 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
    19:01:39.0444 5252 mferkdk - ok
    19:01:39.0475 5252 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
    19:01:39.0491 5252 mfesmfk - ok
    19:01:39.0522 5252 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:01:39.0522 5252 MMCSS - ok
    19:01:39.0553 5252 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    19:01:39.0553 5252 Modem - ok
    19:01:39.0600 5252 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    19:01:39.0600 5252 monitor - ok
    19:01:39.0616 5252 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    19:01:39.0616 5252 mouclass - ok
    19:01:39.0647 5252 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    19:01:39.0647 5252 mouhid - ok
    19:01:39.0663 5252 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    19:01:39.0663 5252 MountMgr - ok
    19:01:39.0725 5252 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    19:01:39.0725 5252 mpio - ok
    19:01:39.0756 5252 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    19:01:39.0756 5252 mpsdrv - ok
    19:01:39.0819 5252 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    19:01:39.0819 5252 MpsSvc - ok
    19:01:39.0865 5252 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    19:01:39.0865 5252 Mraid35x - ok
    19:01:39.0928 5252 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    19:01:39.0928 5252 MRxDAV - ok
    19:01:39.0975 5252 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:01:39.0975 5252 mrxsmb - ok
    19:01:40.0037 5252 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:01:40.0037 5252 mrxsmb10 - ok
    19:01:40.0068 5252 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:01:40.0068 5252 mrxsmb20 - ok
    19:01:40.0099 5252 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    19:01:40.0099 5252 msahci - ok
    19:01:40.0115 5252 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    19:01:40.0115 5252 msdsm - ok
    19:01:40.0162 5252 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    19:01:40.0162 5252 MSDTC - ok
    19:01:40.0193 5252 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    19:01:40.0209 5252 Msfs - ok
    19:01:40.0240 5252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    19:01:40.0240 5252 msisadrv - ok
    19:01:40.0271 5252 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    19:01:40.0271 5252 MSiSCSI - ok
    19:01:40.0287 5252 msiserver - ok
    19:01:40.0333 5252 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    19:01:40.0333 5252 MSKSSRV - ok
    19:01:40.0380 5252 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:01:40.0380 5252 MSPCLOCK - ok
    19:01:40.0427 5252 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    19:01:40.0427 5252 MSPQM - ok
    19:01:40.0489 5252 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    19:01:40.0489 5252 MsRPC - ok
    19:01:40.0536 5252 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:01:40.0536 5252 mssmbios - ok
    19:01:40.0552 5252 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    19:01:40.0552 5252 MSTEE - ok
    19:01:40.0583 5252 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    19:01:40.0599 5252 Mup - ok
    19:01:40.0645 5252 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    19:01:40.0661 5252 napagent - ok
    19:01:40.0708 5252 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    19:01:40.0708 5252 NativeWifiP - ok
    19:01:40.0786 5252 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    19:01:40.0786 5252 NDIS - ok
    19:01:40.0848 5252 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:01:40.0848 5252 NdisTapi - ok
    19:01:40.0864 5252 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:01:40.0864 5252 Ndisuio - ok
    19:01:40.0879 5252 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:01:40.0879 5252 NdisWan - ok
    19:01:40.0911 5252 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    19:01:40.0911 5252 NDProxy - ok
    19:01:40.0926 5252 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    19:01:40.0926 5252 NetBIOS - ok
    19:01:40.0973 5252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    19:01:40.0973 5252 netbt - ok
    19:01:41.0020 5252 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:01:41.0020 5252 Netlogon - ok
    19:01:41.0082 5252 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    19:01:41.0098 5252 Netman - ok
    19:01:41.0160 5252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:01:41.0160 5252 NetMsmqActivator - ok
    19:01:41.0176 5252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:01:41.0176 5252 NetPipeActivator - ok
    19:01:41.0207 5252 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    19:01:41.0223 5252 netprofm - ok
    19:01:41.0223 5252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:01:41.0223 5252 NetTcpActivator - ok
    19:01:41.0238 5252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:01:41.0238 5252 NetTcpPortSharing - ok
    19:01:41.0316 5252 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    19:01:41.0316 5252 nfrd960 - ok
    19:01:41.0363 5252 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    19:01:41.0379 5252 NlaSvc - ok
    19:01:41.0425 5252 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    19:01:41.0425 5252 Npfs - ok
    19:01:41.0472 5252 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    19:01:41.0472 5252 nsi - ok
    19:01:41.0503 5252 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    19:01:41.0503 5252 nsiproxy - ok
    19:01:41.0597 5252 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    19:01:41.0628 5252 Ntfs - ok
    19:01:41.0659 5252 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    19:01:41.0659 5252 ntrigdigi - ok
    19:01:41.0722 5252 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    19:01:41.0722 5252 Null - ok
    19:01:41.0753 5252 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    19:01:41.0753 5252 nvraid - ok
    19:01:41.0800 5252 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    19:01:41.0800 5252 nvstor - ok
    19:01:41.0862 5252 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    19:01:41.0862 5252 nv_agp - ok
    19:01:41.0878 5252 NwlnkFlt - ok
    19:01:41.0893 5252 NwlnkFwd - ok
    19:01:42.0003 5252 OA009Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys
    19:01:42.0003 5252 OA009Ufd - ok
    19:01:42.0049 5252 OA009Vid (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys
    19:01:42.0065 5252 OA009Vid - ok
    19:01:42.0174 5252 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:01:42.0190 5252 odserv - ok
    19:01:42.0330 5252 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    19:01:42.0330 5252 ohci1394 - ok
    19:01:42.0455 5252 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:01:42.0455 5252 ose - ok
    19:01:42.0533 5252 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:01:42.0564 5252 p2pimsvc - ok
    19:01:42.0580 5252 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:01:42.0580 5252 p2psvc - ok
    19:01:42.0642 5252 Packet (9d80e0be979c3edaf2863f23b88f4de6) C:\Windows\system32\DRIVERS\packet.sys
    19:01:42.0642 5252 Packet - ok
    19:01:42.0689 5252 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    19:01:42.0689 5252 Parport - ok
    19:01:42.0751 5252 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    19:01:42.0751 5252 partmgr - ok
    19:01:42.0798 5252 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    19:01:42.0798 5252 Parvdm - ok
    19:01:42.0829 5252 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    19:01:42.0845 5252 PcaSvc - ok
    19:01:42.0892 5252 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    19:01:42.0892 5252 pci - ok
    19:01:42.0923 5252 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    19:01:42.0923 5252 pciide - ok
    19:01:42.0954 5252 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    19:01:42.0954 5252 pcmcia - ok
    19:01:43.0017 5252 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
    19:01:43.0017 5252 PCTCore - ok
    19:01:43.0063 5252 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
    19:01:43.0079 5252 pctDS - ok
    19:01:43.0126 5252 pctEFA (653d8079cc000ec454789740a07b84a8) C:\Windows\system32\drivers\pctEFA.sys
    19:01:43.0126 5252 pctEFA - ok
    19:01:43.0188 5252 pctgntdi (cee55a1df92cb30f87280b6a04aadce8) C:\Windows\System32\drivers\pctgntdi.sys
    19:01:43.0188 5252 pctgntdi - ok
    19:01:43.0219 5252 pctplsg (061b86fd64a61ad187efc788d6c408b0) C:\Windows\System32\drivers\pctplsg.sys
    19:01:43.0219 5252 pctplsg - ok
    19:01:43.0251 5252 PCTSD (eb98f7514dcf1b922b318e6182d836b1) C:\Windows\system32\Drivers\PCTSD.sys
    19:01:43.0251 5252 PCTSD - ok
    19:01:43.0329 5252 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    19:01:43.0360 5252 PEAUTH - ok
    19:01:43.0469 5252 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    19:01:43.0516 5252 pla - ok
    19:01:43.0594 5252 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    19:01:43.0609 5252 PlugPlay - ok
    19:01:43.0656 5252 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:01:43.0672 5252 PNRPAutoReg - ok
    19:01:43.0734 5252 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:01:43.0734 5252 PNRPsvc - ok
    19:01:43.0797 5252 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    19:01:43.0812 5252 PolicyAgent - ok
    19:01:43.0859 5252 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    19:01:43.0859 5252 PptpMiniport - ok
    19:01:43.0890 5252 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    19:01:43.0890 5252 Processor - ok
    19:01:43.0953 5252 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    19:01:43.0953 5252 ProfSvc - ok
    19:01:43.0999 5252 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:01:43.0999 5252 ProtectedStorage - ok
    19:01:44.0062 5252 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    19:01:44.0062 5252 PSched - ok
    19:01:44.0109 5252 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    19:01:44.0109 5252 PxHelp20 - ok
    19:01:44.0187 5252 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    19:01:44.0218 5252 ql2300 - ok
    19:01:44.0265 5252 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    19:01:44.0265 5252 ql40xx - ok
    19:01:44.0311 5252 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    19:01:44.0311 5252 QWAVE - ok
    19:01:44.0343 5252 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    19:01:44.0343 5252 QWAVEdrv - ok
    19:01:44.0436 5252 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:01:44.0452 5252 R300 - ok
    19:01:44.0499 5252 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    19:01:44.0499 5252 RasAcd - ok
    19:01:44.0514 5252 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    19:01:44.0514 5252 RasAuto - ok
    19:01:44.0545 5252 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:01:44.0545 5252 Rasl2tp - ok
    19:01:44.0623 5252 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    19:01:44.0623 5252 RasMan - ok
    19:01:44.0655 5252 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:01:44.0655 5252 RasPppoe - ok
    19:01:44.0686 5252 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    19:01:44.0686 5252 RasSstp - ok
    19:01:44.0748 5252 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    19:01:44.0748 5252 rdbss - ok
    19:01:44.0779 5252 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:01:44.0779 5252 RDPCDD - ok
    19:01:44.0811 5252 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    19:01:44.0811 5252 rdpdr - ok
    19:01:44.0826 5252 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    19:01:44.0826 5252 RDPENCDD - ok
    19:01:44.0889 5252 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
    19:01:44.0889 5252 RDPWD - ok
    19:01:44.0951 5252 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    19:01:44.0951 5252 RemoteAccess - ok
    19:01:44.0998 5252 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    19:01:44.0998 5252 RemoteRegistry - ok
    19:01:45.0029 5252 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    19:01:45.0029 5252 RpcLocator - ok
    19:01:45.0091 5252 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    19:01:45.0107 5252 RpcSs - ok
    19:01:45.0169 5252 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    19:01:45.0169 5252 rspndr - ok
    19:01:45.0201 5252 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
    19:01:45.0201 5252 RTSTOR - ok
    19:01:45.0263 5252 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:01:45.0263 5252 SamSs - ok
    19:01:45.0294 5252 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    19:01:45.0294 5252 sbp2port - ok
    19:01:45.0372 5252 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    19:01:45.0372 5252 SCardSvr - ok
    19:01:45.0435 5252 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    19:01:45.0435 5252 Schedule - ok
    19:01:45.0497 5252 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    19:01:45.0497 5252 SCPolicySvc - ok
    19:01:45.0591 5252 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools Security\pctsAuxs.exe
    19:01:45.0591 5252 sdAuxService - ok
    19:01:45.0669 5252 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files\PC Tools Security\pctsSvc.exe
    19:01:45.0684 5252 sdCoreService - ok
    19:01:45.0715 5252 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    19:01:45.0715 5252 SDRSVC - ok
    19:01:45.0762 5252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:01:45.0762 5252 secdrv - ok
    19:01:45.0793 5252 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    19:01:45.0793 5252 seclogon - ok
    19:01:45.0809 5252 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    19:01:45.0809 5252 SENS - ok
    19:01:45.0840 5252 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    19:01:45.0840 5252 Serenum - ok
    19:01:45.0856 5252 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    19:01:45.0856 5252 Serial - ok
    19:01:45.0887 5252 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    19:01:45.0887 5252 sermouse - ok
    19:01:45.0918 5252 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    19:01:45.0918 5252 SessionEnv - ok
    19:01:45.0949 5252 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    19:01:45.0949 5252 sffdisk - ok
    19:01:45.0981 5252 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    19:01:45.0981 5252 sffp_mmc - ok
    19:01:45.0996 5252 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    19:01:45.0996 5252 sffp_sd - ok
    19:01:46.0027 5252 sfloppy (46ed8e91793b2e6f848015445a0ac188)
     
  18. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    C:\Windows\system32\drivers\sfloppy.sys
    19:01:46.0027 5252 sfloppy - ok
    19:01:46.0059 5252 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    19:01:46.0074 5252 SharedAccess - ok
    19:01:46.0121 5252 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    19:01:46.0121 5252 ShellHWDetection - ok
    19:01:46.0152 5252 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    19:01:46.0152 5252 sisagp - ok
    19:01:46.0168 5252 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    19:01:46.0168 5252 SiSRaid2 - ok
    19:01:46.0199 5252 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    19:01:46.0199 5252 SiSRaid4 - ok
    19:01:46.0339 5252 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    19:01:46.0371 5252 slsvc - ok
    19:01:46.0402 5252 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    19:01:46.0402 5252 SLUINotify - ok
    19:01:46.0433 5252 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    19:01:46.0433 5252 Smb - ok
    19:01:46.0464 5252 SMR250 - ok
    19:01:46.0511 5252 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    19:01:46.0511 5252 SNMPTRAP - ok
    19:01:46.0558 5252 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    19:01:46.0558 5252 spldr - ok
    19:01:46.0620 5252 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    19:01:46.0620 5252 Spooler - ok
    19:01:46.0698 5252 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    19:01:46.0698 5252 sprtsvc_DellSupportCenter - ok
    19:01:46.0745 5252 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    19:01:46.0745 5252 srv - ok
    19:01:46.0792 5252 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    19:01:46.0807 5252 srv2 - ok
    19:01:46.0839 5252 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    19:01:46.0839 5252 srvnet - ok
    19:01:46.0885 5252 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    19:01:46.0885 5252 SSDPSRV - ok
    19:01:46.0932 5252 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    19:01:46.0932 5252 SstpSvc - ok
    19:01:47.0010 5252 STacSV (cb2449150a5ea17caa0b94363d9440cc) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    19:01:47.0010 5252 STacSV - ok
    19:01:47.0088 5252 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
    19:01:47.0088 5252 STHDA - ok
    19:01:47.0151 5252 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    19:01:47.0166 5252 stisvc - ok
    19:01:47.0229 5252 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    19:01:47.0229 5252 stllssvr - ok
    19:01:47.0291 5252 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    19:01:47.0291 5252 swenum - ok
    19:01:47.0322 5252 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    19:01:47.0338 5252 swprv - ok
    19:01:47.0369 5252 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    19:01:47.0369 5252 Symc8xx - ok
    19:01:47.0416 5252 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    19:01:47.0416 5252 Sym_hi - ok
    19:01:47.0447 5252 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    19:01:47.0447 5252 Sym_u3 - ok
    19:01:47.0478 5252 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    19:01:47.0509 5252 SysMain - ok
    19:01:47.0541 5252 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    19:01:47.0541 5252 TabletInputService - ok
    19:01:47.0603 5252 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    19:01:47.0619 5252 TapiSrv - ok
    19:01:47.0634 5252 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    19:01:47.0650 5252 TBS - ok
    19:01:47.0743 5252 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    19:01:47.0759 5252 Tcpip - ok
    19:01:47.0806 5252 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    19:01:47.0806 5252 Tcpip6 - ok
    19:01:47.0853 5252 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    19:01:47.0853 5252 tcpipreg - ok
    19:01:47.0899 5252 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    19:01:47.0899 5252 TDPIPE - ok
    19:01:47.0915 5252 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    19:01:47.0915 5252 TDTCP - ok
    19:01:47.0946 5252 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    19:01:47.0946 5252 tdx - ok
    19:01:47.0993 5252 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    19:01:47.0993 5252 TermDD - ok
    19:01:48.0024 5252 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    19:01:48.0040 5252 TermService - ok
    19:01:48.0071 5252 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\Windows\system32\drivers\TfFsMon.sys
    19:01:48.0071 5252 TfFsMon - ok
    19:01:48.0102 5252 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\Windows\system32\drivers\TfNetMon.sys
    19:01:48.0102 5252 TfNetMon - ok
    19:01:48.0133 5252 TFSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\Windows\system32\drivers\TfSysMon.sys
    19:01:48.0149 5252 TFSysMon - ok
    19:01:48.0180 5252 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    19:01:48.0196 5252 Themes - ok
    19:01:48.0243 5252 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:01:48.0243 5252 THREADORDER - ok
    19:01:48.0336 5252 ThreatFire - ok
    19:01:48.0430 5252 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    19:01:48.0445 5252 TrkWks - ok
    19:01:48.0492 5252 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    19:01:48.0492 5252 TrustedInstaller - ok
    19:01:48.0555 5252 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:01:48.0555 5252 tssecsrv - ok
    19:01:48.0601 5252 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    19:01:48.0601 5252 tunmp - ok
    19:01:48.0648 5252 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    19:01:48.0648 5252 tunnel - ok
    19:01:48.0679 5252 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    19:01:48.0679 5252 uagp35 - ok
    19:01:48.0742 5252 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    19:01:48.0742 5252 udfs - ok
    19:01:48.0804 5252 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    19:01:48.0804 5252 UI0Detect - ok
    19:01:48.0835 5252 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    19:01:48.0835 5252 uliagpkx - ok
    19:01:48.0851 5252 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    19:01:48.0867 5252 uliahci - ok
    19:01:48.0898 5252 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    19:01:48.0898 5252 UlSata - ok
    19:01:48.0929 5252 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    19:01:48.0929 5252 ulsata2 - ok
    19:01:48.0945 5252 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    19:01:48.0945 5252 umbus - ok
    19:01:48.0976 5252 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    19:01:48.0976 5252 upnphost - ok
    19:01:49.0023 5252 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    19:01:49.0023 5252 USBAAPL - ok
    19:01:49.0085 5252 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:01:49.0085 5252 usbccgp - ok
    19:01:49.0132 5252 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    19:01:49.0132 5252 usbcir - ok
    19:01:49.0179 5252 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:01:49.0179 5252 usbehci - ok
    19:01:49.0225 5252 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    19:01:49.0225 5252 usbhub - ok
    19:01:49.0257 5252 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    19:01:49.0257 5252 usbohci - ok
    19:01:49.0288 5252 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    19:01:49.0288 5252 usbprint - ok
    19:01:49.0319 5252 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    19:01:49.0319 5252 usbscan - ok
    19:01:49.0350 5252 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:01:49.0350 5252 USBSTOR - ok
    19:01:49.0397 5252 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:01:49.0397 5252 usbuhci - ok
    19:01:49.0444 5252 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    19:01:49.0444 5252 UxSms - ok
    19:01:49.0491 5252 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    19:01:49.0506 5252 vds - ok
    19:01:49.0553 5252 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:01:49.0553 5252 vga - ok
    19:01:49.0584 5252 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    19:01:49.0584 5252 VgaSave - ok
    19:01:49.0631 5252 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    19:01:49.0631 5252 viaagp - ok
    19:01:49.0662 5252 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    19:01:49.0662 5252 ViaC7 - ok
    19:01:49.0678 5252 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    19:01:49.0678 5252 viaide - ok
    19:01:49.0693 5252 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    19:01:49.0693 5252 volmgr - ok
    19:01:49.0740 5252 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    19:01:49.0756 5252 volmgrx - ok
    19:01:49.0787 5252 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    19:01:49.0787 5252 volsnap - ok
    19:01:49.0834 5252 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    19:01:49.0834 5252 vsmraid - ok
    19:01:49.0881 5252 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    19:01:49.0912 5252 VSS - ok
    19:01:49.0943 5252 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    19:01:49.0959 5252 W32Time - ok
    19:01:49.0974 5252 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    19:01:49.0974 5252 WacomPen - ok
    19:01:50.0005 5252 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:01:50.0005 5252 Wanarp - ok
    19:01:50.0021 5252 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:01:50.0021 5252 Wanarpv6 - ok
    19:01:50.0083 5252 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    19:01:50.0099 5252 wcncsvc - ok
    19:01:50.0146 5252 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    19:01:50.0146 5252 WcsPlugInService - ok
    19:01:50.0161 5252 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    19:01:50.0161 5252 Wd - ok
    19:01:50.0208 5252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    19:01:50.0208 5252 Wdf01000 - ok
    19:01:50.0239 5252 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:01:50.0239 5252 WdiServiceHost - ok
    19:01:50.0255 5252 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:01:50.0255 5252 WdiSystemHost - ok
    19:01:50.0317 5252 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    19:01:50.0333 5252 WebClient - ok
    19:01:50.0380 5252 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    19:01:50.0380 5252 Wecsvc - ok
    19:01:50.0411 5252 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    19:01:50.0411 5252 wercplsupport - ok
    19:01:50.0473 5252 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    19:01:50.0473 5252 WerSvc - ok
    19:01:50.0536 5252 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    19:01:50.0551 5252 WinDefend - ok
    19:01:50.0551 5252 WinHttpAutoProxySvc - ok
    19:01:50.0629 5252 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    19:01:50.0629 5252 Winmgmt - ok
    19:01:50.0707 5252 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    19:01:50.0754 5252 WinRM - ok
    19:01:50.0832 5252 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    19:01:50.0863 5252 Wlansvc - ok
    19:01:50.0863 5252 wltrysvc - ok
    19:01:50.0910 5252 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    19:01:50.0910 5252 WmiAcpi - ok
    19:01:50.0973 5252 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    19:01:50.0973 5252 wmiApSrv - ok
    19:01:51.0051 5252 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    19:01:51.0082 5252 WMPNetworkSvc - ok
    19:01:51.0144 5252 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    19:01:51.0160 5252 WPCSvc - ok
    19:01:51.0222 5252 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    19:01:51.0222 5252 WPDBusEnum - ok
    19:01:51.0316 5252 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:01:51.0316 5252 WPFFontCache_v0400 - ok
    19:01:51.0347 5252 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:01:51.0347 5252 ws2ifsl - ok
    19:01:51.0394 5252 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
    19:01:51.0394 5252 wscsvc - ok
    19:01:51.0409 5252 WSearch - ok
    19:01:51.0503 5252 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    19:01:51.0550 5252 wuauserv - ok
    19:01:51.0597 5252 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:01:51.0597 5252 WUDFRd - ok
    19:01:51.0659 5252 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    19:01:51.0659 5252 wudfsvc - ok
    19:01:51.0690 5252 yksvc - ok
    19:01:51.0721 5252 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
    19:01:51.0721 5252 yukonwlh - ok
    19:01:51.0753 5252 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    19:01:51.0815 5252 \Device\Harddisk0\DR0 - ok
    19:01:51.0846 5252 Boot (0x1200) (6cd61c58db72a28acdc82de03a11535a) \Device\Harddisk0\DR0\Partition0
    19:01:51.0846 5252 \Device\Harddisk0\DR0\Partition0 - ok
    19:01:51.0846 5252 Boot (0x1200) (f29b660963f909000cc3f74603de4374) \Device\Harddisk0\DR0\Partition1
    19:01:51.0846 5252 \Device\Harddisk0\DR0\Partition1 - ok
    19:01:51.0846 5252 ============================================================
    19:01:51.0846 5252 Scan finished
    19:01:51.0846 5252 ============================================================
    19:01:51.0862 1672 Detected object count: 0
    19:01:51.0862 1672 Actual detected object count: 0
    19:06:04.0179 6036 Deinitialize success

    ___________________________________________________-
    There appears to be no re-direction in IE.
    Others things to check before using the computer normally?
    I'd like to re-install Firefox at some point.
    But, first things first.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    OTL logfile created on: 4/1/2012 8:00:52 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nyssa\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.46 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 55.92% Memory free
    7.10 Gb Paging File | 5.39 Gb Available in Paging File | 75.81% Paging File free
    Paging file location(s): c:\pagefile.sys 3843 5314 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 155.26 Gb Free Space | 54.79% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 8.66 Gb Free Space | 59.11% Space Free | Partition Type: NTFS

    Computer Name: DANA-PC | User Name: Nyssa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/01 19:58:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe
    PRC - [2012/02/24 10:36:06 | 002,659,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
    PRC - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
    PRC - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
    PRC - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
    PRC - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
    PRC - [2010/12/14 09:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    PRC - [2008/12/14 23:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
    PRC - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
    PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/05/07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/01/20 21:33:00 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
    PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/29 09:26:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
    MOD - [2012/03/29 09:25:52 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
    MOD - [2012/03/29 09:21:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
    MOD - [2012/03/29 09:20:33 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2008/12/22 05:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/02/24 10:36:06 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
    SRV - [2012/02/24 09:16:12 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
    SRV - [2012/02/24 09:16:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
    SRV - [2012/02/17 15:08:16 | 000,550,864 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009/06/05 11:02:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
    SRV - [2008/12/14 23:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
    SRV - [2008/12/14 23:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
    SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR250.SYS -- (SMR250)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Nyssa\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Nyssa\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/02/24 10:37:08 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
    DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
    DRV - [2012/02/24 10:31:08 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2012/02/24 09:16:10 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TFSysMon)
    DRV - [2012/02/24 09:16:10 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - [2012/02/24 09:16:10 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA)
    DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
    DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/03/19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
    DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
    DRV - [2008/12/22 05:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2008/12/14 23:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
    DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
    DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dana\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/03/27 21:56:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/30 10:01:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/03 23:09:32 | 000,000,000 | ---D | M]

    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2011/07/29 15:06:35 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

    O1 HOSTS File: ([2012/04/01 16:57:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
    O4 - Startup: C:\Users\Dana2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1125977285-1174530162-3460290796-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8448DD7B-5738-4FFD-9967-31BEC9ED3C03}: DhcpNameServer = 68.87.72.134 68.87.77.134
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E2053B-368F-4C64-B78E-A695F28B6D08}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/01 19:58:55 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe
    [2012/04/01 19:07:12 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
    [2012/04/01 19:01:01 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Desktop\tsdkiller
    [2012/04/01 17:00:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/01 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\temp
    [2012/04/01 16:57:34 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\CrashDumps
    [2012/04/01 16:42:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/01 16:42:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/01 16:42:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/01 16:42:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/01 16:42:11 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/01 16:42:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/01 16:39:38 | 004,453,008 | R--- | C] (Swearware) -- C:\Users\Nyssa\Desktop\ComboFix.exe
    [2012/04/01 11:47:16 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Desktop\Bootkit
    [2012/04/01 11:15:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Nyssa\Desktop\aswMBR.exe
    [2012/03/29 21:29:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nyssa\Desktop\dds.scr
    [2012/03/29 20:29:51 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Malwarebytes
    [2012/03/29 18:23:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2012/03/29 18:23:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/03/29 18:23:03 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2012/03/29 18:23:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/03/29 18:23:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2012/03/29 18:23:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2012/03/29 18:23:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2012/03/29 18:23:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2012/03/29 18:23:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2012/03/29 18:23:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2012/03/29 18:23:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2012/03/29 18:23:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2012/03/29 18:23:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2012/03/29 18:23:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/03/29 18:23:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2012/03/29 18:23:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2012/03/29 18:23:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2012/03/29 18:23:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2012/03/29 18:22:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/03/29 18:22:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2012/03/29 18:22:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2012/03/29 18:22:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2012/03/29 18:22:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2012/03/29 18:22:56 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/03/29 18:22:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/03/29 18:22:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/03/29 18:22:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2012/03/29 18:22:54 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/03/29 18:22:54 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2012/03/29 18:22:54 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2012/03/29 18:22:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2012/03/29 18:22:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2012/03/29 18:22:53 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2012/03/29 18:22:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
    [2012/03/29 18:22:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2012/03/29 18:22:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2012/03/29 18:22:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2012/03/29 17:50:43 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2012/03/29 17:50:43 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2012/03/29 17:50:42 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2012/03/29 17:50:42 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2012/03/29 17:50:42 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2012/03/29 17:50:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2012/03/29 09:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2012/03/29 09:03:50 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
    [2012/03/29 09:03:49 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
    [2012/03/29 09:03:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
    [2012/03/29 09:01:04 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
    [2012/03/29 09:01:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2012/03/29 09:01:01 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2012/03/29 09:01:01 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
    [2012/03/29 09:01:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
    [2012/03/29 09:01:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
    [2012/03/29 08:59:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
    [2012/03/29 08:59:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
    [2012/03/29 08:59:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
    [2012/03/29 08:59:13 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
    [2012/03/29 08:59:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
    [2012/03/29 08:59:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
    [2012/03/29 08:59:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
    [2012/03/29 08:59:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
    [2012/03/29 08:59:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
    [2012/03/29 08:06:01 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/03/29 08:05:53 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
    [2012/03/29 08:05:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2012/03/29 08:05:51 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
    [2012/03/29 08:05:50 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
    [2012/03/29 08:05:50 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2012/03/29 08:05:49 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
    [2012/03/29 08:04:58 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
    [2012/03/29 08:04:57 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
    [2012/03/29 08:04:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2012/03/29 08:04:51 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
    [2012/03/29 08:04:50 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
    [2012/03/29 08:04:50 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
    [2012/03/29 08:04:49 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
    [2012/03/29 08:04:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2012/03/29 08:04:48 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2012/03/29 08:04:47 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
    [2012/03/29 08:04:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
    [2012/03/29 08:04:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2012/03/29 08:01:23 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
    [2012/03/29 08:01:22 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
    [2012/03/29 08:01:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
    [2012/03/29 08:01:12 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
    [2012/03/29 08:00:40 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2012/03/29 08:00:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2012/03/29 08:00:14 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
    [2012/03/29 07:59:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
    [2012/03/29 07:59:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
    [2012/03/29 07:59:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
    [2012/03/29 07:59:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
    [2012/03/29 07:59:39 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2012/03/29 07:59:36 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2012/03/29 07:59:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2012/03/29 07:58:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
    [2012/03/29 07:58:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
    [2012/03/29 07:58:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2012/03/29 07:57:50 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
    [2012/03/29 01:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2012/03/29 01:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2012/03/29 01:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2012/03/29 00:54:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2012/03/29 00:32:49 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
    [2012/03/29 00:32:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
    [2012/03/29 00:31:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2012/03/29 00:31:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
    [2012/03/29 00:31:32 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
    [2012/03/29 00:31:31 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
    [2012/03/29 00:31:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
    [2012/03/29 00:31:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
    [2012/03/29 00:31:30 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
    [2012/03/29 00:31:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
    [2012/03/29 00:31:25 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
    [2012/03/29 00:31:25 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
    [2012/03/29 00:31:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
    [2012/03/29 00:31:24 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
    [2012/03/29 00:31:24 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
    [2012/03/29 00:31:24 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
    [2012/03/29 00:31:24 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
    [2012/03/29 00:31:24 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
    [2012/03/29 00:31:24 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
    [2012/03/29 00:31:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
    [2012/03/29 00:31:24 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
    [2012/03/29 00:31:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
    [2012/03/29 00:31:21 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
    [2012/03/29 00:31:21 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
    [2012/03/29 00:31:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
    [2012/03/29 00:31:20 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
    [2012/03/29 00:31:20 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
    [2012/03/29 00:31:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
    [2012/03/29 00:31:19 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
    [2012/03/29 00:31:19 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
    [2012/03/29 00:31:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
    [2012/03/29 00:31:18 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2012/03/29 00:31:18 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
    [2012/03/29 00:31:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
    [2012/03/29 00:31:17 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
    [2012/03/29 00:31:17 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
    [2012/03/29 00:31:17 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
    [2012/03/29 00:31:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
    [2012/03/29 00:31:16 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
    [2012/03/29 00:31:16 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
    [2012/03/29 00:31:16 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
    [2012/03/29 00:31:16 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
    [2012/03/29 00:31:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
    [2012/03/29 00:31:15 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
    [2012/03/29 00:31:15 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
    [2012/03/29 00:31:15 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
    [2012/03/29 00:31:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
    [2012/03/29 00:31:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
    [2012/03/29 00:31:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
    [2012/03/29 00:31:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
    [2012/03/29 00:31:13 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2012/03/29 00:31:13 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
    [2012/03/29 00:31:13 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
    [2012/03/29 00:31:12 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2012/03/29 00:31:11 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
    [2012/03/29 00:31:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
    [2012/03/29 00:31:10 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
    [2012/03/29 00:31:04 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
    [2012/03/29 00:30:51 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
    [2012/03/29 00:30:51 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
    [2012/03/29 00:30:50 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
    [2012/03/29 00:30:50 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
    [2012/03/29 00:30:50 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
    [2012/03/29 00:30:50 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
    [2012/03/29 00:30:50 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
    [2012/03/29 00:30:49 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2012/03/29 00:30:49 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
    [2012/03/29 00:30:49 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
    [2012/03/29 00:30:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
    [2012/03/29 00:30:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2012/03/29 00:30:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
    [2012/03/29 00:30:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
    [2012/03/29 00:30:44 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
    [2012/03/29 00:30:44 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
    [2012/03/29 00:30:44 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
    [2012/03/29 00:30:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
    [2012/03/29 00:30:44 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
    [2012/03/29 00:30:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
    [2012/03/29 00:30:43 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
    [2012/03/29 00:30:42 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
    [2012/03/29 00:30:42 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
    [2012/03/29 00:30:42 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
    [2012/03/29 00:30:42 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
    [2012/03/29 00:30:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
    [2012/03/29 00:30:42 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
    [2012/03/29 00:30:42 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
    [2012/03/29 00:30:41 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
    [2012/03/29 00:30:41 | 000,105,472 | ---- | C] (Microsoft Corporation) --
     
  21. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    C:\Windows\System32\dmsynth.dll
    [2012/03/29 00:30:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
    [2012/03/29 00:30:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
    [2012/03/29 00:30:40 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
    [2012/03/29 00:30:40 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
    [2012/03/29 00:30:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2012/03/29 00:30:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2012/03/29 00:30:40 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
    [2012/03/29 00:30:39 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
    [2012/03/29 00:30:39 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
    [2012/03/29 00:30:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
    [2012/03/29 00:30:39 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
    [2012/03/29 00:30:39 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
    [2012/03/29 00:30:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
    [2012/03/29 00:30:38 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
    [2012/03/29 00:30:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
    [2012/03/29 00:30:37 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
    [2012/03/29 00:30:37 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
    [2012/03/29 00:30:37 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
    [2012/03/29 00:30:37 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
    [2012/03/29 00:30:37 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
    [2012/03/29 00:30:37 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
    [2012/03/29 00:30:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
    [2012/03/29 00:30:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
    [2012/03/29 00:30:37 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
    [2012/03/29 00:30:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
    [2012/03/29 00:30:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
    [2012/03/29 00:30:36 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
    [2012/03/29 00:30:36 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2012/03/29 00:30:36 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2012/03/29 00:30:36 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
    [2012/03/29 00:30:36 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2012/03/29 00:30:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
    [2012/03/29 00:30:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
    [2012/03/29 00:30:35 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
    [2012/03/29 00:30:35 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
    [2012/03/29 00:30:35 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
    [2012/03/29 00:30:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    [2012/03/29 00:30:34 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
    [2012/03/29 00:30:34 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
    [2012/03/29 00:30:34 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
    [2012/03/29 00:30:33 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
    [2012/03/29 00:30:32 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
    [2012/03/29 00:30:32 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
    [2012/03/29 00:30:32 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
    [2012/03/29 00:30:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
    [2012/03/29 00:30:30 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
    [2012/03/29 00:30:28 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
    [2012/03/29 00:30:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
    [2012/03/29 00:30:27 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
    [2012/03/29 00:30:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    [2012/03/29 00:30:27 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
    [2012/03/29 00:30:26 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
    [2012/03/29 00:30:25 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
    [2012/03/29 00:30:25 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
    [2012/03/29 00:30:25 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
    [2012/03/29 00:30:24 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
    [2012/03/29 00:30:24 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
    [2012/03/29 00:30:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
    [2012/03/29 00:30:24 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
    [2012/03/29 00:30:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
    [2012/03/29 00:30:23 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
    [2012/03/29 00:30:22 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
    [2012/03/29 00:30:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
    [2012/03/29 00:30:22 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
    [2012/03/29 00:30:21 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
    [2012/03/29 00:30:21 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
    [2012/03/29 00:30:21 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
    [2012/03/29 00:30:21 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
    [2012/03/29 00:30:20 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
    [2012/03/29 00:30:20 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
    [2012/03/29 00:30:20 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
    [2012/03/29 00:30:20 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
    [2012/03/29 00:30:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
    [2012/03/29 00:30:19 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
    [2012/03/29 00:30:19 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
    [2012/03/29 00:30:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
    [2012/03/29 00:30:18 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
    [2012/03/29 00:30:17 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
    [2012/03/29 00:30:17 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
    [2012/03/29 00:30:17 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
    [2012/03/29 00:30:17 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
    [2012/03/29 00:30:17 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
    [2012/03/29 00:30:17 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
    [2012/03/29 00:30:17 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
    [2012/03/29 00:30:14 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
    [2012/03/29 00:30:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
    [2012/03/29 00:30:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
    [2012/03/29 00:30:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
    [2012/03/29 00:30:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
    [2012/03/29 00:30:11 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
    [2012/03/29 00:30:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
    [2012/03/29 00:30:11 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
    [2012/03/29 00:30:11 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
    [2012/03/29 00:30:11 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
    [2012/03/29 00:30:10 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
    [2012/03/29 00:30:09 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
    [2012/03/29 00:30:09 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2012/03/29 00:30:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2012/03/29 00:30:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
    [2012/03/29 00:30:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
    [2012/03/29 00:30:07 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
    [2012/03/29 00:30:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
    [2012/03/29 00:30:06 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
    [2012/03/29 00:30:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
    [2012/03/29 00:30:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
    [2012/03/29 00:30:05 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
    [2012/03/29 00:30:05 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
    [2012/03/29 00:30:05 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
    [2012/03/29 00:30:05 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
    [2012/03/29 00:30:05 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
    [2012/03/29 00:30:05 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
    [2012/03/29 00:30:05 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
    [2012/03/29 00:30:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
    [2012/03/29 00:30:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
    [2012/03/29 00:30:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
    [2012/03/29 00:30:04 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
    [2012/03/29 00:30:04 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
    [2012/03/29 00:30:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
    [2012/03/29 00:30:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
    [2012/03/29 00:30:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
    [2012/03/29 00:30:03 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
    [2012/03/29 00:30:03 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
    [2012/03/29 00:30:03 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
    [2012/03/29 00:30:03 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
    [2012/03/29 00:30:03 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
    [2012/03/29 00:30:03 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
    [2012/03/29 00:30:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
    [2012/03/29 00:30:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
    [2012/03/29 00:30:01 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
    [2012/03/29 00:30:00 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
    [2012/03/29 00:29:59 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
    [2012/03/29 00:29:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
    [2012/03/29 00:29:59 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
    [2012/03/29 00:29:58 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
    [2012/03/29 00:29:58 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2012/03/29 00:29:57 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
    [2012/03/29 00:29:57 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2012/03/29 00:29:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
    [2012/03/29 00:29:55 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
    [2012/03/29 00:29:55 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
    [2012/03/29 00:29:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
    [2012/03/29 00:29:54 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
    [2012/03/29 00:29:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
    [2012/03/29 00:29:51 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
    [2012/03/29 00:29:51 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
    [2012/03/29 00:29:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
    [2012/03/29 00:29:51 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2012/03/29 00:29:50 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
    [2012/03/29 00:29:50 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
    [2012/03/29 00:29:50 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2012/03/29 00:29:50 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
    [2012/03/29 00:29:50 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
    [2012/03/29 00:29:50 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2012/03/29 00:29:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
    [2012/03/29 00:29:49 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
    [2012/03/29 00:29:49 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
    [2012/03/29 00:29:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
    [2012/03/29 00:29:45 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
    [2012/03/29 00:29:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
    [2012/03/29 00:29:43 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
    [2012/03/29 00:29:43 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
    [2012/03/29 00:29:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
    [2012/03/29 00:29:42 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
    [2012/03/29 00:29:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
    [2012/03/29 00:29:40 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
    [2012/03/29 00:29:40 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
    [2012/03/29 00:29:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
    [2012/03/29 00:29:36 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
    [2012/03/29 00:29:35 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
    [2012/03/29 00:29:35 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
    [2012/03/29 00:29:35 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
    [2012/03/29 00:29:35 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
    [2012/03/29 00:29:34 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
    [2012/03/29 00:29:33 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2012/03/29 00:29:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
    [2012/03/29 00:29:27 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
    [2012/03/29 00:29:25 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
    [2012/03/29 00:29:23 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
    [2012/03/29 00:29:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
    [2012/03/29 00:29:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
    [2012/03/29 00:29:21 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
    [2012/03/29 00:29:17 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
    [2012/03/29 00:29:16 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
    [2012/03/29 00:29:16 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
    [2012/03/29 00:29:16 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
    [2012/03/29 00:29:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
    [2012/03/29 00:29:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
    [2012/03/29 00:29:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
    [2012/03/29 00:29:15 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
    [2012/03/29 00:29:15 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
    [2012/03/29 00:29:15 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
    [2012/03/29 00:29:15 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
    [2012/03/29 00:29:15 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
    [2012/03/29 00:29:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
    [2012/03/29 00:29:14 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
    [2012/03/29 00:29:14 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
    [2012/03/29 00:29:14 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
    [2012/03/29 00:29:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
    [2012/03/29 00:29:13 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
    [2012/03/29 00:29:13 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
    [2012/03/29 00:29:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
    [2012/03/29 00:29:13 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
    [2012/03/29 00:29:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
    [2012/03/29 00:29:12 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
    [2012/03/29 00:29:12 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
    [2012/03/29 00:29:12 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
    [2012/03/29 00:29:12 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
    [2012/03/29 00:29:12 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
    [2012/03/29 00:29:12 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
    [2012/03/29 00:29:11 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
    [2012/03/29 00:29:11 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
    [2012/03/29 00:29:11 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
    [2012/03/29 00:29:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
    [2012/03/29 00:29:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
    [2012/03/29 00:29:09 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
    [2012/03/29 00:29:09 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
    [2012/03/29 00:29:09 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
    [2012/03/29 00:29:09 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
    [2012/03/29 00:29:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
    [2012/03/29 00:29:07 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
    [2012/03/29 00:29:07 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
    [2012/03/29 00:29:07 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
    [2012/03/29 00:29:06 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
    [2012/03/29 00:29:06 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
    [2012/03/29 00:29:05 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
    [2012/03/29 00:29:04 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
    [2012/03/29 00:29:04 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
    [2012/03/29 00:29:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
    [2012/03/29 00:29:04 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
    [2012/03/29 00:29:03 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
    [2012/03/29 00:29:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
    [2012/03/29 00:29:01 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
    [2012/03/29 00:29:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
    [2012/03/29 00:29:00 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
    [2012/03/29 00:29:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
    [2012/03/29 00:29:00 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
    [2012/03/29 00:29:00 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
    [2012/03/29 00:29:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
    [2012/03/29 00:28:59 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
    [2012/03/29 00:28:59 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
    [2012/03/29 00:28:59 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
    [2012/03/29 00:28:59 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
    [2012/03/29 00:28:59 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
    [2012/03/29 00:28:59 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
    [2012/03/29 00:28:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
    [2012/03/29 00:28:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
    [2012/03/29 00:28:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
    [2012/03/29 00:28:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
    [2012/03/29 00:28:58 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
    [2012/03/29 00:28:58 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
    [2012/03/29 00:28:58 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
    [2012/03/29 00:28:58 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
    [2012/03/29 00:28:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
    [2012/03/29 00:28:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
    [2012/03/29 00:28:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
    [2012/03/29 00:28:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
    [2012/03/29 00:28:57 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
    [2012/03/29 00:28:57 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
    [2012/03/29 00:28:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
    [2012/03/29 00:28:56 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
    [2012/03/29 00:28:56 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
    [2012/03/29 00:28:56 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
    [2012/03/29 00:28:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
    [2012/03/29 00:28:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
    [2012/03/29 00:28:55 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
    [2012/03/29 00:28:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
    [2012/03/29 00:28:51 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
    [2012/03/29 00:28:51 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
    [2012/03/29 00:28:51 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
    [2012/03/29 00:28:51 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
    [2012/03/29 00:24:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2012/03/28 22:34:05 | 002,804,712 | ---- | C] (Symantec Corporation) -- C:\Users\Nyssa\Desktop\NPE.exe
    [2012/03/28 22:33:51 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\NPE
    [2012/03/28 22:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2012/03/28 22:05:21 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\PCTools
    [2012/03/28 21:32:35 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Macromedia
    [2012/03/28 21:32:34 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Adobe
    [2012/03/28 21:25:52 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\Stardock_Corporation
    [2012/03/28 20:17:25 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Wedding planning
    [2012/03/28 20:17:23 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Website Backup
    [2012/03/28 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\TomTom
    [2012/03/28 20:17:04 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Tims resume
    [2012/03/28 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Recipes
    [2012/03/28 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Quicken backup
    [2012/03/28 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Quicken
    [2012/03/28 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\OneNote Notebooks
    [2012/03/28 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\My Scans
    [2012/03/28 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\My Media
    [2012/03/28 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Marketing Scripts
    [2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\honeymoon trip
    [2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Ebay item desciptions
    [2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Dell WebCam Central
    [2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Blog - Linky Party
    [2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Blog - Artist Features
    [2012/03/28 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\Documents\Art of Murder - The Hunt for the Puppeteer
    [2012/03/28 11:44:11 | 000,000,000 | ---D | C] -- C:\6b043e67185721d370cac201
    [2012/03/28 11:24:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
    [2012/03/27 22:21:42 | 000,574,424 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
    [2012/03/27 22:21:42 | 000,054,328 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
    [2012/03/27 22:21:42 | 000,035,264 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
    [2012/03/27 22:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
    [2012/03/27 21:56:31 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
    [2012/03/27 21:55:51 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
    [2012/03/27 21:55:49 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012/03/27 21:41:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0342.old
    [2012/03/27 21:41:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0321.old
    [2012/03/27 21:41:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2012/03/27 21:41:45 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0342.old
    [2012/03/27 21:41:45 | 002,250,704 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2012/03/27 21:41:45 | 001,996,752 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0321.old
    [2012/03/27 21:41:44 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2012/03/27 19:53:25 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
    [2012/03/27 19:53:25 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
    [2012/03/27 19:53:23 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2012/03/27 19:53:22 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2012/03/27 19:53:18 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2012/03/27 19:53:17 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2012/03/27 19:52:59 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
    [2012/03/27 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/03/27 19:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2012/03/27 19:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/03/27 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Roaming\Mozilla
    [2012/03/27 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Nyssa\AppData\Local\Mozilla

    ========== Files - Modified Within 30 Days ==========

    [2012/04/01 19:58:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe
    [2012/04/01 19:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/01 19:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/01 19:10:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/01 18:59:17 | 002,048,299 | ---- | M] () -- C:\Users\Nyssa\Desktop\tdsskiller.zip
    [2012/04/01 16:57:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/04/01 16:39:38 | 004,453,008 | R--- | M] (Swearware) -- C:\Users\Nyssa\Desktop\ComboFix.exe
    [2012/04/01 15:52:19 | 000,000,512 | ---- | M] () -- C:\Users\Nyssa\Desktop\MBR.dat
    [2012/04/01 15:30:51 | 002,942,435 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2012/04/01 15:28:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/01 15:28:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/01 15:27:22 | 403,840,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/04/01 11:45:53 | 000,044,607 | ---- | M] () -- C:\Users\Nyssa\Desktop\bootkit_remover.zip
    [2012/04/01 11:15:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nyssa\Desktop\aswMBR.exe
    [2012/04/01 11:12:41 | 000,748,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/04/01 11:12:41 | 000,157,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/29 21:25:20 | 000,302,592 | ---- | M] () -- C:\Users\Nyssa\Desktop\9nejlgc2.exe
    [2012/03/29 19:27:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nyssa\Desktop\dds.scr
    [2012/03/29 18:36:48 | 000,000,945 | ---- | M] () -- C:\Users\Nyssa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/03/29 18:23:27 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
    [2012/03/29 18:23:27 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
    [2012/03/29 18:23:04 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2012/03/29 18:23:04 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/03/29 18:23:03 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2012/03/29 18:23:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/03/29 18:23:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2012/03/29 18:23:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2012/03/29 18:23:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2012/03/29 18:23:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2012/03/29 18:23:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2012/03/29 18:23:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2012/03/29 18:23:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2012/03/29 18:23:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2012/03/29 18:23:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2012/03/29 18:23:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/03/29 18:23:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2012/03/29 18:23:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2012/03/29 18:23:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2012/03/29 18:23:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2012/03/29 18:23:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2012/03/29 18:22:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/03/29 18:22:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2012/03/29 18:22:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2012/03/29 18:22:57 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2012/03/29 18:22:57 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2012/03/29 18:22:56 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/03/29 18:22:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/03/29 18:22:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/03/29 18:22:55 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2012/03/29 18:22:54 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/03/29 18:22:54 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2012/03/29 18:22:54 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2012/03/29 18:22:54 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2012/03/29 18:22:53 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2012/03/29 18:22:53 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2012/03/29 18:22:52 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
    [2012/03/29 18:22:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
    [2012/03/29 18:22:52 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2012/03/29 18:22:52 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2012/03/29 11:00:38 | 000,000,680 | ---- | M] () -- C:\Users\Nyssa\AppData\Local\d3d9caps.dat
    [2012/03/29 09:17:15 | 000,273,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
     
  22. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    [2012/03/29 09:13:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2012/03/28 23:42:03 | 000,000,284 | ---- | M] () -- C:\Windows\hegames.ini
    [2012/03/28 22:19:48 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Nyssa\Desktop\NPE.exe
    [2012/03/28 22:00:13 | 000,679,802 | ---- | M] () -- C:\Users\Nyssa\Desktop\md_report.xml
    [2012/03/28 18:29:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/28 11:24:07 | 000,024,879 | ---- | M] () -- C:\LDB_20120316001
    [2012/03/28 11:17:10 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/03/27 22:18:21 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

    ========== Files Created - No Company Name ==========

    [2012/04/01 18:58:57 | 002,048,299 | ---- | C] () -- C:\Users\Nyssa\Desktop\tdsskiller.zip
    [2012/04/01 16:42:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/01 16:42:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/01 16:42:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/01 16:42:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/01 16:42:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/01 15:52:19 | 000,000,512 | ---- | C] () -- C:\Users\Nyssa\Desktop\MBR.dat
    [2012/04/01 15:27:22 | 403,840,299 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/04/01 11:45:53 | 000,044,607 | ---- | C] () -- C:\Users\Nyssa\Desktop\bootkit_remover.zip
    [2012/03/29 21:26:14 | 000,302,592 | ---- | C] () -- C:\Users\Nyssa\Desktop\9nejlgc2.exe
    [2012/03/29 18:23:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2012/03/29 09:13:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2012/03/29 00:31:18 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
    [2012/03/29 00:31:15 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
    [2012/03/29 00:30:50 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
    [2012/03/29 00:30:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2012/03/29 00:30:42 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
    [2012/03/29 00:29:16 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2012/03/29 00:29:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/03/29 00:28:59 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
    [2012/03/29 00:28:58 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
    [2012/03/29 00:28:55 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
    [2012/03/28 22:02:53 | 000,679,802 | ---- | C] () -- C:\Users\Nyssa\Desktop\md_report.xml
    [2012/03/28 20:27:15 | 000,000,945 | ---- | C] () -- C:\Users\Nyssa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/03/28 20:25:15 | 000,000,680 | ---- | C] () -- C:\Users\Nyssa\AppData\Local\d3d9caps.dat
    [2012/03/28 20:16:05 | 000,581,296 | ---- | C] () -- C:\Users\Nyssa\Documents\First chat.jpg
    [2012/03/28 20:16:05 | 000,046,062 | ---- | C] () -- C:\Users\Nyssa\Documents\French Accents.jpg
    [2012/03/28 20:16:05 | 000,000,000 | -H-- | C] () -- C:\Users\Nyssa\Documents\Default.rdp
    [2012/03/28 11:24:07 | 000,024,879 | ---- | C] () -- C:\LDB_20120316001
    [2012/03/27 21:55:54 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
    [2012/03/27 21:41:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0342.old
    [2012/03/27 21:41:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0321.old
    [2012/03/27 21:41:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2012/03/27 21:41:46 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
    [2012/03/27 21:41:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2012/03/27 21:41:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2012/03/27 21:41:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2012/03/27 19:54:05 | 002,942,435 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2012/01/29 11:25:31 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
    [2012/01/29 11:25:06 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
    [2010/09/23 10:32:35 | 000,115,358 | ---- | C] () -- C:\Windows\hpgins28.dat
    [2010/09/23 10:32:34 | 000,000,173 | ---- | C] () -- C:\Windows\hpgmdl28.dat
    [2010/09/18 22:30:26 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2010/09/18 22:26:02 | 000,000,284 | ---- | C] () -- C:\Windows\hegames.ini

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2012/04/01 17:00:21 | 000,018,535 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/07/02 20:55:23 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
    [2009/04/04 09:47:23 | 000,003,347 | RH-- | M] () -- C:\dell.sdr
    [2012/03/28 11:24:07 | 000,024,879 | ---- | M] () -- C:\LDB_20120316001
    [2012/04/01 15:27:22 | 4029,677,568 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/01 19:06:04 | 000,115,730 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_19.01.08_log.txt
    [2012/03/28 22:33:39 | 000,121,910 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_28.03.2012_22.32.21_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2012/03/29 00:51:53 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/20 21:32:37 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/29 18:36:48 | 000,000,221 | -HS- | M] () -- C:\Users\Nyssa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/29 21:25:20 | 000,302,592 | ---- | M] () -- C:\Users\Nyssa\Desktop\9nejlgc2.exe
    [2012/04/01 11:15:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Nyssa\Desktop\aswMBR.exe
    [2012/04/01 16:39:38 | 004,453,008 | R--- | M] (Swearware) -- C:\Users\Nyssa\Desktop\ComboFix.exe
    [2012/03/28 22:19:48 | 002,804,712 | ---- | M] (Symantec Corporation) -- C:\Users\Nyssa\Desktop\NPE.exe
    [2012/04/01 19:58:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nyssa\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/01 19:10:48 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/01 19:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/01 15:27:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/01 11:05:27 | 000,032,622 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/03/29 01:11:29 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/03/29 01:10:59 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2012/03/29 01:10:59 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/06 12:18:31 | 000,000,402 | -HS- | M] () -- C:\Users\Nyssa\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/23 10:45:35 | 000,000,733 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:887F3A41
    @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D026A5A4
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0C4DECF8

    < End of report >
     
  23. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    OTL Extras logfile created on: 4/1/2012 8:00:52 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Nyssa\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.46 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 55.92% Memory free
    7.10 Gb Paging File | 5.39 Gb Available in Paging File | 75.81% Paging File free
    Paging file location(s): c:\pagefile.sys 3843 5314 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 155.26 Gb Free Space | 54.79% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 8.66 Gb Free Space | 59.11% Space Free | Partition Type: NTFS

    Computer Name: DANA-PC | User Name: Nyssa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{081A3DFC-7E58-45B9-8CBD-19DB225D48F7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{27E1E73E-B1F2-49B4-983B-25F1784CFD94}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C94BDEA7-571F-4CCD-B900-A08B8AF98E32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01244793-FBE1-4569-A0D3-BE05BBA5A0D0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0B3AA5A6-CFA9-4A1C-8C4A-841E1A21F43E}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{0F36B6AC-396D-4AC7-9A20-CEB8A846E903}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
    "{114AD0C9-C978-4980-83D8-95773A0A5B99}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{2D8E4270-6D7F-490B-9D91-41D557F084C0}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{4FE70077-47AB-4926-A7AC-FC07DC4705E0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{5486FBFB-872C-4C19-8D07-E561F6690F8D}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
    "{65A25BF4-DD91-40C1-8CA1-27C44313D1A9}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{75491EB7-33B7-466B-804E-6B6C41D2DD47}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
    "{86DF0B56-F2DF-491C-B748-EC5FA2E81141}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
    "{9368F1DD-A084-4DC5-865A-805DC1B4A373}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{93924939-3CED-4A1C-94C9-5849C7109DF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BA449E0D-D193-4DBC-91F3-55E8E32E49EB}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
    "{C15080CA-6F9D-4D06-8CEC-0424942C9F53}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{C52720B2-279D-499B-8A47-8FB16F8C8005}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
    "{CE39F98E-58AA-48D6-9942-847C8740F4E2}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
    "{ECC0CE99-AEBB-45DB-86C6-254427EB1B21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{ED651286-FC83-4160-BE71-360EE8BB0438}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A613A09-8F96-4F7E-BD71-69A89F37150D}" = hpg4850QFolder
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5A8D74C-61B6-46ce-B6E7-527BDD687787}" = HP Scanjet 4800 series 9.0
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
    "{CC77E110-0ACB-4E15-9A92-6AEB96DA8C06}" = hpg4850
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
    "{DA054439-21A7-D2EF-DE23-38AA0560535F}" = ATI Catalyst Install Manager
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "BFGC" = Big Fish Games: Game Manager
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
    "GoToAssist" = GoToAssist 8.0.0.514
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPOCR" = HP OCR Software 9.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Spyware Doctor" = PC Tools Spyware Doctor with AntiVirus 9.0
    "TVWiz" = Intel(R) TV Wizard
    "Web Games Player Plugin" = Web Games Player Plugin
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/22/2011 9:43:56 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 37694568

    Error - 5/22/2011 9:43:56 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 37694568

    Error - 5/22/2011 9:43:58 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/22/2011 9:43:58 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 37696175

    Error - 5/22/2011 9:43:58 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 37696175

    Error - 5/22/2011 9:43:59 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/22/2011 9:43:59 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 37697735

    Error - 5/22/2011 9:43:59 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 37697735

    Error - 5/22/2011 9:44:02 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/22/2011 9:44:02 AM | Computer Name = Dana-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 37700184

    [ Broadcom Wireless LAN Events ]
    Error - 3/30/2012 9:36:35 AM | Computer Name = Dana-PC | Source = WLAN-Tray | ID = 0
    Description = 08:36:34, Fri, Mar 30, 12 Error - Unable to gain access to user store


    Error - 3/30/2012 9:54:33 AM | Computer Name = Dana-PC | Source = WLAN-Tray | ID = 0
    Description = 08:54:32, Fri, Mar 30, 12 Error - Unable to gain access to user store


    [ System Events ]
    Error - 4/1/2012 5:41:29 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
    Description = The name "THE_ONE_RING :0" could not be registered on the interface
    with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
    not allow the name to be claimed by this computer.

    Error - 4/1/2012 5:41:33 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
    Description = The name "THE_ONE_RING :0" could not be registered on the interface
    with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
    not allow the name to be claimed by this computer.

    Error - 4/1/2012 5:45:46 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 4/1/2012 5:45:50 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 4/1/2012 5:50:56 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 4/1/2012 5:56:10 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 4/1/2012 5:57:48 PM | Computer Name = Dana-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 4/1/2012 6:08:43 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
    Description = The name "THE_ONE_RING :0" could not be registered on the interface
    with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
    not allow the name to be claimed by this computer.

    Error - 4/1/2012 8:01:37 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
    Description = The name "THE_ONE_RING :0" could not be registered on the interface
    with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
    not allow the name to be claimed by this computer.

    Error - 4/1/2012 8:11:35 PM | Computer Name = Dana-PC | Source = netbt | ID = 4321
    Description = The name "THE_ONE_RING :0" could not be registered on the interface
    with IP address 192.168.1.102. The computer with the IP address 192.168.1.100 did
    not allow the name to be claimed by this computer.


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR250.SYS -- (SMR250)
      DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
      DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:887F3A41
      @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D026A5A4
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Nyssa

    Nyssa TS Rookie Topic Starter Posts: 17

    Sorry for the delay.
    I'll be able to do next steps tomorrow and Sat.
    Thanks much.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...