Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: jemellin on January 09, 2014, 04:04:38 PM

Title: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 04:04:38 PM
Keep getting message D COM Server NT Authority system unexpectly terminated will shut down in 30 seconds. Also sometime get Malwarebye blocked 66.45.56.109 outgoing. Run malawarebyles and virus scan and scan got almost done and then message  about system unexpected terminated  and will shut down.
Results of screen317's Security Check version 0.99.78 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
PC Cleaners               
ESET NOD32 Antivirus 7.0   
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300 
Java(TM) 6 Update 31 
Java version out of Date!
Adobe Flash Player    11.9.900.170 
Adobe Reader XI 
Mozilla Firefox 23.0.1 Firefox out of Date! 
Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent````````[/u] 
ESET NOD32 Antivirus egui.exe 
ESET NOD32 Antivirus ekrn.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````[/u]
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 04:07:07 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 11:40:18 AM
System Uptime: 1/9/2014 9:07:09 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0JJW8N
Processor: Intel(R) Core(TM)2 Duo CPU     E7500  @ 2.93GHz | Socket 775 | 2925/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 258.163 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1283: 10/11/2013 12:50:11 PM - System Checkpoint
RP1284: 10/12/2013 1:33:26 PM - System Checkpoint
RP1285: 10/13/2013 1:58:20 PM - Software Distribution Service 3.0
RP1286: 10/14/2013 4:31:27 PM - System Checkpoint
RP1287: 10/15/2013 4:40:48 PM - System Checkpoint
RP1288: 10/19/2013 5:42:29 PM - System Checkpoint
RP1289: 10/20/2013 6:30:46 PM - System Checkpoint
RP1290: 10/22/2013 10:40:37 AM - System Checkpoint
RP1291: 10/23/2013 5:49:57 PM - System Checkpoint
RP1292: 10/25/2013 9:13:52 AM - System Checkpoint
RP1293: 10/28/2013 2:37:42 PM - System Checkpoint
RP1294: 10/29/2013 2:41:09 PM - System Checkpoint
RP1295: 10/30/2013 5:28:57 PM - System Checkpoint
RP1296: 11/1/2013 8:05:35 AM - System Checkpoint
RP1297: 11/3/2013 5:07:07 PM - System Checkpoint
RP1298: 11/5/2013 11:30:46 AM - System Checkpoint
RP1299: 11/6/2013 4:10:14 PM - System Checkpoint
RP1300: 11/8/2013 3:02:23 PM - System Checkpoint
RP1301: 11/9/2013 4:29:14 PM - System Checkpoint
RP1302: 11/10/2013 5:48:16 PM - System Checkpoint
RP1303: 11/12/2013 5:34:56 PM - System Checkpoint
RP1304: 11/13/2013 5:27:00 PM - Software Distribution Service 3.0
RP1305: 11/15/2013 11:52:10 AM - System Checkpoint
RP1306: 11/18/2013 10:44:48 AM - System Checkpoint
RP1307: 11/19/2013 12:27:57 PM - System Checkpoint
RP1308: 11/20/2013 4:09:05 PM - System Checkpoint
RP1309: 11/24/2013 8:51:53 AM - System Checkpoint
RP1310: 11/26/2013 11:37:26 AM - System Checkpoint
RP1311: 11/27/2013 4:13:19 PM - System Checkpoint
RP1312: 11/28/2013 4:59:05 PM - System Checkpoint
RP1313: 12/1/2013 7:12:30 PM - System Checkpoint
RP1314: 12/2/2013 2:01:20 PM - Removed ESET NOD32 Antivirus
RP1315: 12/2/2013 2:01:37 PM - Installed ESET NOD32 Antivirus
RP1316: 12/3/2013 2:47:14 PM - System Checkpoint
RP1317: 12/4/2013 5:33:22 PM - System Checkpoint
RP1318: 12/5/2013 6:40:57 PM - System Checkpoint
RP1319: 12/6/2013 7:00:20 PM - System Checkpoint
RP1320: 12/7/2013 7:05:50 PM - System Checkpoint
RP1321: 12/8/2013 7:19:04 PM - System Checkpoint
RP1322: 12/9/2013 7:34:32 PM - System Checkpoint
RP1323: 12/10/2013 8:27:56 PM - System Checkpoint
RP1324: 12/11/2013 9:40:01 PM - Software Distribution Service 3.0
RP1325: 12/13/2013 11:16:53 AM - System Checkpoint
RP1326: 12/13/2013 6:20:49 PM - Software Distribution Service 3.0
RP1327: 12/15/2013 8:22:39 AM - System Checkpoint
RP1328: 12/16/2013 2:21:41 PM - System Checkpoint
RP1329: 12/17/2013 2:33:22 PM - System Checkpoint
RP1330: 12/19/2013 4:52:01 PM - System Checkpoint
RP1331: 12/21/2013 8:00:51 AM - System Checkpoint
RP1332: 12/22/2013 1:13:35 PM - System Checkpoint
RP1333: 12/23/2013 2:22:17 PM - System Checkpoint
RP1334: 12/24/2013 5:14:39 PM - System Checkpoint
RP1335: 12/25/2013 6:08:25 PM - System Checkpoint
RP1336: 12/26/2013 8:46:41 AM - Removed DriverUpdate
RP1337: 12/27/2013 10:34:43 AM - System Checkpoint
RP1338: 12/28/2013 11:52:26 AM - System Checkpoint
RP1339: 12/29/2013 5:51:09 PM - System Checkpoint
RP1340: 12/30/2013 6:32:06 PM - System Checkpoint
RP1341: 1/1/2014 12:22:00 PM - System Checkpoint
RP1342: 1/2/2014 12:47:07 PM - System Checkpoint
RP1343: 1/3/2014 1:38:42 PM - Software Distribution Service 3.0
RP1344: 1/5/2014 7:16:21 AM - System Checkpoint
RP1345: 1/5/2014 12:30:12 PM - Removed Adobe Reader XI (11.0.05).
RP1346: 1/6/2014 6:03:56 PM - Restore Operation
RP1347: 1/7/2014 7:20:23 AM - Software Distribution Service 3.0
RP1348: 1/8/2014 8:54:14 AM - System Checkpoint
RP1349: 1/8/2014 1:56:12 PM - Removed Skype™ 6.1
RP1350: 1/8/2014 1:58:05 PM - Removed Skype Click to Call
.
==== Installed Programs ======================
.
abrMate version 1.0
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
aioprnt
aioscnnr
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Skin Exposure
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Eye Candy 6
Alien Skin Eye Candy 7
Alien Skin Xenofex 2.0
AMP Font Viewer
AMS Photo Effects 2.71
AnswerWorks 5.0 English Runtime
Apache Tomcat 6.0 (remove only)
Ask Toolbar
Auto FX Free
Bing Bar
BJCS
Bonjour
C4USelfUpdater
center
CenturyLink QuickAssist Desktop Tools
Clickfree Easy Image
Colour Studio 2.0 Demo
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Corel PaintShop Photo Pro X3
Coupon Printer for Windows
Dell Backup and Recovery Manager
Dell System Detect Bootstrapper
Desktop Restore
Diagnostic Utility
Elevated Installer
ESET NOD32 Antivirus
essentials
Eye Candy 4000
Filter Forge Freepack 5 - Hearts 2.009
Filters Unlimited 2.0
FlashPeak SlimBrowser
Font Thumbnail
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin Update Service
Garmin USB Drivers
getPlus(R) Download Manager for Corel
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICA
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPM_PSP_Pro
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Essentials
neroxml
Nikon Message Center 2
Nikon Movie Editor
ocr
OGA Notifier 2.0.0048.0
Paint Shop Pro 7 Anniversary Edition
Photobucket Backup
Picture Control Utility
PowerDVD DX
PreReq
PrintProjects
PSPPContent
PSPPRO_DCRAW
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setup
SmartSound Common Data
SmartSound Quicktracks 5
Sonic CinePlayer Decoder Pack
Sqirlz Water Reflections
StartNow Toolbar
Ulead GIF Animator 5 ESD
Ulead Particle.Plugin 1.0
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX 2
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/8/2014 2:57:27 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  TfFsMon TfSysMon
1/8/2014 2:57:27 PM, error: Service Control Manager [7022]  - The ESET Service service hung on starting.
1/8/2014 2:56:10 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
1/8/2014 2:56:10 PM, error: Service Control Manager [7000]  - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:  The system cannot find the file specified.
1/8/2014 2:52:37 PM, error: Service Control Manager [7034]  - The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).
1/8/2014 2:52:37 PM, error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/8/2014 12:54:01 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the FullImagingService service to connect.
1/8/2014 12:54:01 PM, error: Service Control Manager [7000]  - The FullImagingService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/7/2014 4:12:07 PM, error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 09, 2014, 05:00:31 PM
Hi, Jemelin.  Welcome to LandzDown Forum.

Please copy/paste a copy of the DDS.txt log for review.

Thank you.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 05:59:34 PM
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by USER at 9:46:26 on 2014-01-09
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.1407 [GMT -6:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\documents and settings\all users\application data\Clickfree\cfagent.exe
C:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FibReminder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FullImagingService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = 127.0.0.1:9421;<local>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PCTools Site Guard: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
uRun: [] c:\documents and settings\user\ahhotfftppiuzkqohbadbwc.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
uRun: [ClickfreeMonitor] c:\documents and settings\all users\application data\clickfree\cfagent.exe
uRun: [FibReminder] c:\documents and settings\all users\application data\clickfree\fullimagingbackup\FibReminder.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ErrorTeck] c:\program files\errorteck\ErrorTeck.exe /scan
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
uExplorerRun: [eacbafdeeeeb] c:\documents and settings\user\application data\42e0800a-74cb-4973-afd7-36e4e3e1e60b79\eacbafdeeeeb.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: New Value #1 = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : NameServer = 64.91.3.46,208.54.220.20
TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\cqnf6uhv.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 118768]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-7-6 57344]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 FullImagingService;FullImagingService;c:\documents and settings\all users\application data\clickfree\fullimagingbackup\FullImagingService.exe [2013-9-6 235848]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-6 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-6 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-22 22016]
R2 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-1-28 57344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-6 22856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 09, 2014, 06:55:26 PM
Thank you for the additional log, jemellin.

I haven't seen anyone with the NT Authority shutdown notice in a very long time.  It used to happen with users of Ad-Aware and others with the Blaster Worm.  You can use this tool to disable/enable DCOM.  http://www.grc.com/dcom/ or when the 60-second countdown starts, cancel the shutdown command:

Click > Start > select Run, type shutdown -a but do not click OK yet.  As soon as you see that shutdown message appear click on OK to launch the shutdown -a command. This will abort the shutdown.

Although there are other things I would like to address, I'd like you to run ComboFix first.  Please follow these instructions carefully.

Download ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).

Now, please run ComboFix:
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 07:46:21 PM
I did as you said and it starting to do the scan went through about 25 stages then a big blue screen came up saying someting about a shutdown to protect the computer and a driver. I never did get a report!
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 07:47:43 PM
Also I now have a red icon on my virus protector saying my firewall is off I cannoy turn it back on
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 09, 2014, 08:46:10 PM
According to the log, the Security Center was already off.  Let's see if we can get to that trojan from a different direction that seems to have worked with Windows XP.  Please do the following:

1.  Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) by Xplode to your Desktop.
2.  Please download & save to your Desktop from RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) or   from here (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)     
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 09:51:24 PM
After running ADWcleaner it did nothing and didn't restart computer then ran RogueKiller
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Scan -- Date : 01/09/2014 15:45:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run :  (C:\Documents and Settings\USER\ahhotfftppiuzkqohbadbwc.exe
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 09, 2014, 09:52:22 PM
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Remove -- Date : 01/09/2014 15:45:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run :  (C:\Documents and Settings\USER\ahhotfftppiuzkqohbadbwc.exe
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 10, 2014, 12:26:29 AM
1.  In lieu of AdwCleaner, please do the following:  Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
2. After running JRT, please restart your computer and try to run ComboFix again.  I'll repeat the instructions for you:

Please follow these instructions carefully.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 10, 2014, 06:06:05 PM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by USER on Fri 01/10/2014 at 11:28:14.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 24x7helpsvc
Successfully deleted: [Service] 24x7helpsvc
Successfully stopped: [Service] update jump flip
Successfully deleted: [Service] update jump flip



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\startnow toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a957f04c-49f4-4375-8c8a-d04b769efe47}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2233703
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{704AC797-ECA0-4033-BB80-ABD42E0682F1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\24x7 help"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\mysearchdial"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Program Files\24x7help"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\jump flip"
Successfully deleted: [Folder] "C:\Program Files\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files\openit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\24x7 help"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\open it!"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\user.js
Successfully deleted: [File] C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\extensions\staged
Successfully deleted the following from C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\prefs.js

user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "stp.startnow.com");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0D0E0A0DtDyBtAtCzyyCtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEt
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("browser.search.defaultenginename", "Mysearchdial");



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/10/2014 at 11:33:30.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 14-01-08.03 - USER 01/10/2014  11:41:29.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2019 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\A416D46112.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
c:\documents and settings\USER\Local Settings\Temporary Internet Files\009f5209-cf94-40d0-8ba9-7cf5444e2466.jpg
c:\documents and settings\USER\Local Settings\Temporary Internet Files\ApnStub.exe
c:\documents and settings\USER\Local Settings\Temporary Internet Files\Jump Flip_iels
c:\documents and settings\USER\WINDOWS
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))
.
.
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-10 16:55   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-09 21:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-07 00:04 . 2014-01-07 00:04   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-09 . FCAD241DEA0005135DBDF5D77EC7919D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 846C48ABE7539394D4C39980DFB69FE1 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 10:16 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 4:21 PM 249648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 10, 2014, 07:35:36 PM
Good job!  I'd like to see another scan but first let's get Oracle Java updated. 

1.  Please uninstall Java(TM) 6 Update 31 and then install the latest version from here:  Java Version 7 Update 45 (http://java.com/en/download/index.jsp).  (Note:  expect another Java update on or about January 14, 2014.)

2.  Please download the TDSSKiller.exe (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) by Kaspersky... save it to your Desktop. <-Important!!!
3.  How is your computer now?
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 10, 2014, 08:20:21 PM
14:13:58.0421 0x0610  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:14:25.0281 0x0610  ============================================================
14:14:25.0281 0x0610  Current date / time: 2014/01/10 14:14:25.0281
14:14:25.0281 0x0610  SystemInfo:
14:14:25.0281 0x0610 
14:14:25.0281 0x0610  OS Version: 5.1.2600 ServicePack: 3.0
14:14:25.0281 0x0610  Product type: Workstation
14:14:25.0281 0x0610  ComputerName: D1WPTGK1
14:14:25.0281 0x0610  UserName: USER
14:14:25.0281 0x0610  Windows directory: C:\WINDOWS
14:14:25.0281 0x0610  System windows directory: C:\WINDOWS
14:14:25.0281 0x0610  Processor architecture: Intel x86
14:14:25.0281 0x0610  Number of processors: 2
14:14:25.0281 0x0610  Page size: 0x1000
14:14:25.0281 0x0610  Boot type: Normal boot
14:14:25.0281 0x0610  ============================================================
14:14:25.0578 0x0610  KLMD registered as C:\WINDOWS\system32\drivers\82615509.sys
14:14:26.0015 0x0610  System UUID: {608D9F43-4C8D-1FA6-CAD4-F0FA23393D13}
14:14:27.0312 0x0610  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:14:27.0328 0x0610  ============================================================
14:14:27.0328 0x0610  \Device\Harddisk0\DR0:
14:14:27.0328 0x0610  MBR partitions:
14:14:27.0328 0x0610  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3A371830
14:14:27.0328 0x0610  ============================================================
14:14:27.0375 0x0610  C: <-> \Device\Harddisk0\DR0\Partition1
14:14:27.0375 0x0610  ============================================================
14:14:27.0375 0x0610  Initialize success
14:14:27.0375 0x0610  ============================================================
14:14:31.0015 0x065c  ============================================================
14:14:31.0015 0x065c  Scan started
14:14:31.0015 0x065c  Mode: Manual;
14:14:31.0015 0x065c  ============================================================
14:14:31.0015 0x065c  KSN ping started
14:14:31.0328 0x065c  KSN ping finished: true
14:14:31.0625 0x065c  ================ Scan system memory ========================
14:14:33.0218 0x065c  System memory - ok
14:14:33.0218 0x065c  ================ Scan services =============================
14:14:33.0578 0x065c  Abiosdsk - ok
14:14:33.0625 0x065c  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:14:33.0625 0x065c  abp480n5 - ok
14:14:33.0765 0x065c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:14:33.0765 0x065c  ACPI - ok
14:14:33.0781 0x065c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:14:33.0781 0x065c  ACPIEC - ok
14:14:33.0875 0x065c  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:14:33.0890 0x065c  AdobeFlashPlayerUpdateSvc - ok
14:14:33.0953 0x065c  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:14:33.0953 0x065c  adpu160m - ok
14:14:34.0000 0x065c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:14:34.0015 0x065c  aec - ok
14:14:34.0078 0x065c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:14:34.0078 0x065c  AFD - ok
14:14:34.0109 0x065c  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:14:34.0109 0x065c  agp440 - ok
14:14:34.0125 0x065c  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:14:34.0125 0x065c  agpCPQ - ok
14:14:34.0140 0x065c  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:14:34.0140 0x065c  Aha154x - ok
14:14:34.0140 0x065c  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:14:34.0156 0x065c  aic78u2 - ok
14:14:34.0187 0x065c  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:14:34.0187 0x065c  aic78xx - ok
14:14:34.0468 0x065c  [ BBE9054FDADC8D49D29C5DA4FB84A803, 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF ] Akamai          c:\program files\common files\akamai/netsession_win_8fa3539.dll
14:14:34.0468 0x065c  Suspicious file ( Hidden ): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803, sha256: 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF
14:14:34.0468 0x065c  Akamai - detected HiddenFile.Multi.Generic ( 1 )
14:14:34.0828 0x065c  Detect skipped due to KSN trusted
14:14:34.0828 0x065c  Akamai - ok
14:14:34.0859 0x065c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:14:34.0875 0x065c  Alerter - ok
14:14:34.0906 0x065c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
14:14:34.0906 0x065c  ALG - ok
14:14:34.0937 0x065c  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:14:34.0937 0x065c  AliIde - ok
14:14:34.0984 0x065c  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:14:34.0984 0x065c  alim1541 - ok
14:14:34.0984 0x065c  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:14:34.0984 0x065c  amdagp - ok
14:14:35.0015 0x065c  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
14:14:35.0015 0x065c  amsint - ok
14:14:35.0125 0x065c  [ BEF294FFE5F40BE768BDCBE1837DFABE, A5EBC3289758E2E152BA1571BB288FA33D7E2D23FE715CB51D39992369FDFC19 ] APNMCP          C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
14:14:35.0125 0x065c  APNMCP - ok
14:14:35.0140 0x065c  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:14:35.0140 0x065c  AppMgmt - ok
14:14:35.0156 0x065c  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
14:14:35.0171 0x065c  asc - ok
14:14:35.0171 0x065c  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:14:35.0187 0x065c  asc3350p - ok
14:14:35.0187 0x065c  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:14:35.0187 0x065c  asc3550 - ok
14:14:35.0312 0x065c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:14:35.0328 0x065c  aspnet_state - ok
14:14:35.0359 0x065c  [ 0C83FC56707BF68DB04947052A8188B1, 7F91E45B10D434FD4670E0E00E58E0356B9CC25036601E031D45484D8547ACBC ] ASTSRV          C:\WINDOWS\system32\ASTSRV.EXE
14:14:35.0359 0x065c  ASTSRV - ok
14:14:35.0375 0x065c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:14:35.0390 0x065c  AsyncMac - ok
14:14:35.0406 0x065c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:14:35.0406 0x065c  atapi - ok
14:14:35.0406 0x065c  Atdisk - ok
14:14:35.0453 0x065c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:14:35.0453 0x065c  Atmarpc - ok
14:14:35.0484 0x065c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:14:35.0500 0x065c  AudioSrv - ok
14:14:35.0500 0x065c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:14:35.0515 0x065c  audstub - ok
14:14:35.0515 0x065c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:14:35.0515 0x065c  Beep - ok
14:14:35.0578 0x065c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:14:35.0625 0x065c  BITS - ok
14:14:35.0671 0x065c  [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:14:35.0671 0x065c  Bonjour Service - ok
14:14:35.0718 0x065c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
14:14:35.0718 0x065c  Browser - ok
14:14:35.0875 0x065c  catchme - ok
14:14:35.0921 0x065c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:14:35.0921 0x065c  cbidf - ok
14:14:35.0921 0x065c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:14:35.0921 0x065c  cbidf2k - ok
14:14:35.0953 0x065c  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:14:35.0953 0x065c  cd20xrnt - ok
14:14:35.0984 0x065c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:14:35.0984 0x065c  Cdaudio - ok
14:14:36.0000 0x065c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:14:36.0000 0x065c  Cdfs - ok
14:14:36.0046 0x065c  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:14:36.0046 0x065c  Cdrom - ok
14:14:36.0062 0x065c  Changer - ok
14:14:36.0109 0x065c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:14:36.0109 0x065c  CiSvc - ok
14:14:36.0125 0x065c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:14:36.0140 0x065c  ClipSrv - ok
14:14:36.0218 0x065c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:36.0250 0x065c  clr_optimization_v2.0.50727_32 - ok
14:14:36.0281 0x065c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:36.0312 0x065c  clr_optimization_v4.0.30319_32 - ok
14:14:36.0359 0x065c  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:14:36.0359 0x065c  CmdIde - ok
14:14:36.0359 0x065c  COMSysApp - ok
14:14:36.0390 0x065c  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:14:36.0390 0x065c  Cpqarray - ok
14:14:36.0390 0x065c  cpuz132 - ok
14:14:36.0421 0x065c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:14:36.0421 0x065c  CryptSvc - ok
14:14:36.0453 0x065c  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:14:36.0453 0x065c  dac2w2k - ok
14:14:36.0500 0x065c  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:14:36.0500 0x065c  dac960nt - ok
14:14:36.0562 0x065c  [ FCAD241DEA0005135DBDF5D77EC7919D, 8B67DA9D4623204EF71BA35ADD1A9882A25E8B990E8ECC1034B64D1DA6C5BCD4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:14:36.0562 0x065c  DcomLaunch - ok
14:14:36.0609 0x065c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:14:36.0609 0x065c  Dhcp - ok
14:14:36.0687 0x065c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:14:36.0687 0x065c  Disk - ok
14:14:36.0703 0x065c  [ A0500678A33802D8954153839301D539, C0EC7164985DD805A08EC13D30E2596017AF76C97BD912A635AEEF1762D49564 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
14:14:36.0718 0x065c  DLABMFSM - ok
14:14:36.0734 0x065c  [ B8D2F68CAC54D46281399F9092644794, A5CEA410D0EEB6A3E1FC003DEFB2E5DAE8761CCC280B741306E3D7AA5D57EDF3 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
14:14:36.0734 0x065c  DLABOIOM - ok
14:14:36.0750 0x065c  [ 0EE93AB799D1CB4EC90B36F3612FE907, 8BEAC6C686429F67D9147E8D1E675F9E993650F8037DE6D9A9829784E8116C6F ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:14:36.0750 0x065c  DLACDBHM - ok
14:14:36.0750 0x065c  [ 87413B94AE1FABC117C4E8AE6725134E, 8B34AE7CB31DA7F215B5F94D74EBD7CDBB1B239763417BD1A43B2F21830074E0 ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
14:14:36.0750 0x065c  DLADResM - ok
14:14:36.0765 0x065c  [ 766A148235BE1C0039C974446E4C0EDC, C9823A75083BE88B5F35D09B0F188856F6FBE37098787E61F780D1950E1B8C63 ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
14:14:36.0765 0x065c  DLAIFS_M - ok
14:14:36.0765 0x065c  [ 38267CCA177354F1C64450A43A4F7627, DEC627B16BB13273ADD6F629CD99BB138081C276AD539206BBA8723092E7FEE0 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
14:14:36.0765 0x065c  DLAOPIOM - ok
14:14:36.0781 0x065c  [ FD363369FD313B46B5AEAB1A688B52E9, 67E8F268727555F2FA9EACE32131A924DC164ADAED320AF5999B5647701EC0E7 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
14:14:36.0781 0x065c  DLAPoolM - ok
14:14:36.0781 0x065c  [ 336AE18F0912EF4FBE5518849E004D74, 652F47AF0401B8EE8303B3D3113B87C18313EFA0F4F20793A140411CD6984F22 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:14:36.0781 0x065c  DLARTL_M - ok
14:14:36.0796 0x065c  [ FD85F682C1CC2A7CA878C7A448E6D87E, FF63F13DD5203B262A7CC442CD8CC9E7611BB246DC5E79676379742B88E1B0DD ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
14:14:36.0796 0x065c  DLAUDFAM - ok
14:14:36.0796 0x065c  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0, 58D4A7886FD114E65D5B2E80F451160A5092FF91A81CED314F959E51A8F98BFE ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
14:14:36.0796 0x065c  DLAUDF_M - ok
14:14:36.0812 0x065c  dmadmin - ok
14:14:36.0859 0x065c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:14:36.0906 0x065c  dmboot - ok
14:14:36.0906 0x065c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:14:36.0921 0x065c  dmio - ok
14:14:36.0921 0x065c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:14:36.0921 0x065c  dmload - ok
14:14:36.0968 0x065c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:14:36.0968 0x065c  dmserver - ok
14:14:37.0015 0x065c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:14:37.0015 0x065c  DMusic - ok
14:14:37.0062 0x065c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:14:37.0062 0x065c  Dnscache - ok
14:14:37.0078 0x065c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:14:37.0093 0x065c  Dot3svc - ok
14:14:37.0125 0x065c  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:14:37.0125 0x065c  dpti2o - ok
14:14:37.0156 0x065c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:14:37.0156 0x065c  drmkaud - ok
14:14:37.0203 0x065c  [ 5D3B71BB2BB0009D65D290E2EF374BD3, 8D3A6164654975CEB85306A9FA24C554BD8BDF786CB8AC670D2E1314C567EF0A ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:14:37.0203 0x065c  DRVMCDB - ok
14:14:37.0218 0x065c  [ C591BA9F96F40A1FD6494DAFDCD17185, 645BAACFF58131674559959B594FC7DB2400F1009FC0338C4AD54CB41B0B384C ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:14:37.0218 0x065c  DRVNDDM - ok
14:14:37.0250 0x065c  [ 0C51F1D7A7501FC948D35AE0FDE764A5, 18AD67B2E5BDED5C322B4649CF51F5DAC0BB89F342A2FE7BE1D43A942F135CCD ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
14:14:37.0250 0x065c  eamon - ok
14:14:37.0281 0x065c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:14:37.0281 0x065c  EapHost - ok
14:14:37.0328 0x065c  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
14:14:37.0328 0x065c  ehdrv - ok
14:14:37.0468 0x065c  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
14:14:37.0500 0x065c  ekrn - ok
14:14:37.0546 0x065c  [ 8727A2182BBCD588E255C60C1AA7B357, DD6FA861FD2B8C58DA07CB815CD04AA1381924E2EA5613AC18B7FF3F628B1711 ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
14:14:37.0546 0x065c  epfwtdir - ok
14:14:37.0562 0x065c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:14:37.0562 0x065c  ERSvc - ok
14:14:37.0625 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
14:14:37.0625 0x065c  Eventlog - ok
14:14:37.0671 0x065c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
14:14:37.0687 0x065c  EventSystem - ok
14:14:37.0734 0x065c  [ 3EF58F2EAE3AECAB45D682152DB2F67D, 61A0904D27572B1129B17CE073AEBF30E26398D8B9BD8279458D1A4363555467 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
14:14:37.0734 0x065c  exFat - ok
14:14:37.0781 0x065c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:14:37.0781 0x065c  Fastfat - ok
14:14:37.0843 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:14:37.0843 0x065c  FastUserSwitchingCompatibility - ok
14:14:37.0921 0x065c  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
14:14:37.0937 0x065c  Fax - ok
14:14:37.0984 0x065c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:14:37.0984 0x065c  Fdc - ok
14:14:38.0015 0x065c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:14:38.0015 0x065c  Fips - ok
14:14:38.0031 0x065c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:14:38.0031 0x065c  Flpydisk - ok
14:14:38.0093 0x065c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:14:38.0093 0x065c  FltMgr - ok
14:14:38.0171 0x065c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:14:38.0171 0x065c  FontCache3.0.0.0 - ok
14:14:38.0203 0x065c  [ C865B83411D7347627A4BEEC22543FB1, 40F2232892CABF192903DA148ABD359F6FC0C5A21AC0B61EDC011C7CC4AA54BF ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:14:38.0203 0x065c  Fs_Rec - ok
14:14:38.0203 0x065c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:14:38.0203 0x065c  Ftdisk - ok
14:14:38.0296 0x065c  [ 78A907FCD6AFA1E255FDDBBA43F3A695, D21EE771CCFF7D45069AE3DDB20EA31310C652C36AFE39B92DE41A4C8CAAE8C1 ] FullImagingService c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FullImagingService.exe
14:14:38.0296 0x065c  FullImagingService - ok
14:14:38.0406 0x065c  [ CFD54D70F76E84E1E737AE1140FBC5C0, 29B71794842FDFEC1512EAD8E298E2D0568E062A119141F7C309CC8910C6BA9C ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
14:14:38.0406 0x065c  Garmin Core Update Service - ok
14:14:38.0453 0x065c  [ CE8F5B65D6CFE435FB9BF875EDA99D55, D47D6A64BDEA5215CC87F5379640E9671A2FCE8B9F2C13019855B6F438A66568 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
14:14:38.0468 0x065c  getPlusHelper - ok
14:14:38.0500 0x065c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:14:38.0531 0x065c  Gpc - ok
14:14:38.0546 0x065c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:14:38.0546 0x065c  HDAudBus - ok
14:14:38.0625 0x065c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:14:38.0625 0x065c  helpsvc - ok
14:14:38.0671 0x065c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:14:38.0671 0x065c  HidServ - ok
14:14:38.0687 0x065c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:14:38.0687 0x065c  hidusb - ok
14:14:38.0718 0x065c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:14:38.0718 0x065c  hkmsvc - ok
14:14:38.0734 0x065c  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
14:14:38.0734 0x065c  hpn - ok
14:14:38.0781 0x065c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:14:38.0781 0x065c  HTTP - ok
14:14:38.0828 0x065c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:14:38.0828 0x065c  HTTPFilter - ok
14:14:38.0875 0x065c  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
14:14:38.0875 0x065c  i2omgmt - ok
14:14:38.0890 0x065c  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:14:38.0890 0x065c  i2omp - ok
14:14:38.0921 0x065c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:14:38.0937 0x065c  i8042prt - ok
14:14:39.0031 0x065c  [ 52E8A3CC8269ADB27D25182284C5E650, 2D33F0B461C8C0B929E5CE1A3293437BC55E6F61134872558F9BB1F1097AFE34 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:14:39.0046 0x065c  IAANTMON - ok
14:14:39.0343 0x065c  [ 2DA364EE62D4949620B6FAE4FFEA16A7, 90A462558074E4503EBD025301E7F32A71CB88D20AA41B06EBB2D177906A3D54 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:14:39.0468 0x065c  ialm - ok
14:14:39.0500 0x065c  [ 71ECC07BC7C5E24C3DD01D8A29A24054, 03BB7E80212B038E26B439F41D757152B00CBC5E20ADE54B0FC903B199B73E88 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
14:14:39.0500 0x065c  iaStor - ok
14:14:39.0593 0x065c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:14:39.0625 0x065c  IDriverT - ok
14:14:39.0703 0x065c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:14:39.0750 0x065c  idsvc - ok
14:14:39.0796 0x065c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:14:39.0796 0x065c  Imapi - ok
14:14:39.0843 0x065c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:14:39.0843 0x065c  ImapiService - ok
14:14:39.0890 0x065c  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:14:39.0890 0x065c  ini910u - ok
14:14:40.0093 0x065c  [ 5C8F36CDCB489111B24003AF4DFE1FDC, 38272780B9852051A6E3D36D77CEC94EA68B636650A71E977BF481FB3E80351C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:14:40.0203 0x065c  IntcAzAudAddService - ok
14:14:40.0234 0x065c  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:14:40.0234 0x065c  IntelIde - ok
14:14:40.0265 0x065c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:14:40.0265 0x065c  intelppm - ok
14:14:40.0281 0x065c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:14:40.0281 0x065c  Ip6Fw - ok
14:14:40.0328 0x065c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:14:40.0328 0x065c  IpFilterDriver - ok
14:14:40.0359 0x065c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:14:40.0359 0x065c  IpInIp - ok
14:14:40.0375 0x065c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:14:40.0375 0x065c  IpNat - ok
14:14:40.0406 0x065c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:14:40.0406 0x065c  IPSec - ok
14:14:40.0437 0x065c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:14:40.0437 0x065c  IRENUM - ok
14:14:40.0468 0x065c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:14:40.0468 0x065c  isapnp - ok
14:14:40.0640 0x065c  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:14:40.0640 0x065c  JavaQuickStarterService - ok
14:14:40.0671 0x065c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:14:40.0671 0x065c  Kbdclass - ok
14:14:40.0687 0x065c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:14:40.0687 0x065c  kbdhid - ok
14:14:40.0703 0x065c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:14:40.0703 0x065c  kmixer - ok
14:14:40.0843 0x065c  [ 140692763A50BFFF322CDC076300587E, 4B6D9AE479EDDB429C1DE36406517FA65C2B3927B20792B3A27CEE05A6B7A3AB ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
14:14:40.0859 0x065c  Kodak AiO Network Discovery Service - ok
14:14:40.0906 0x065c  [ E29F999616D7C08B0E91296908C47CAF, 285594B526A15911238B89E5FCBCFFA48A6C69CCC481918D2C474C6BB12869E6 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
14:14:40.0937 0x065c  Kodak AiO Status Monitor Service - ok
14:14:41.0000 0x065c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:14:41.0000 0x065c  KSecDD - ok
14:14:41.0031 0x065c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:14:41.0031 0x065c  LanmanServer - ok
14:14:41.0062 0x065c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:14:41.0062 0x065c  lanmanworkstation - ok
14:14:41.0078 0x065c  lbrtfdc - ok
14:14:41.0109 0x065c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:14:41.0109 0x065c  LmHosts - ok
14:14:41.0140 0x065c  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:14:41.0156 0x065c  MBAMProtector - ok
14:14:41.0265 0x065c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:14:41.0281 0x065c  MBAMScheduler - ok
14:14:41.0312 0x065c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:14:41.0343 0x065c  MBAMService - ok
14:14:41.0375 0x065c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:14:41.0390 0x065c  Messenger - ok
14:14:41.0421 0x065c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:14:41.0421 0x065c  mnmdd - ok
14:14:41.0468 0x065c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:14:41.0468 0x065c  mnmsrvc - ok
14:14:41.0484 0x065c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:14:41.0500 0x065c  Modem - ok
14:14:41.0515 0x065c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:14:41.0515 0x065c  Mouclass - ok
14:14:41.0531 0x065c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:14:41.0531 0x065c  mouhid - ok
14:14:41.0531 0x065c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:14:41.0531 0x065c  MountMgr - ok
14:14:41.0593 0x065c  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:14:41.0593 0x065c  MozillaMaintenance - ok
14:14:41.0640 0x065c  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:14:41.0640 0x065c  mraid35x - ok
14:14:41.0656 0x065c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:14:41.0656 0x065c  MRxDAV - ok
14:14:41.0734 0x065c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:14:41.0750 0x065c  MRxSmb - ok
14:14:41.0781 0x065c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:14:41.0796 0x065c  MSDTC - ok
14:14:41.0796 0x065c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:14:41.0796 0x065c  Msfs - ok
14:14:41.0796 0x065c  MSIServer - ok
14:14:41.0843 0x065c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:14:41.0843 0x065c  MSKSSRV - ok
14:14:41.0843 0x065c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:14:41.0843 0x065c  MSPCLOCK - ok
14:14:41.0859 0x065c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:14:41.0859 0x065c  MSPQM - ok
14:14:41.0890 0x065c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:14:41.0890 0x065c  mssmbios - ok
14:14:41.0921 0x065c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:14:41.0921 0x065c  Mup - ok
14:14:41.0953 0x065c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:14:41.0968 0x065c  napagent - ok
14:14:42.0000 0x065c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:14:42.0015 0x065c  NDIS - ok
14:14:42.0046 0x065c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:14:42.0046 0x065c  NdisTapi - ok
14:14:42.0093 0x065c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:14:42.0093 0x065c  Ndisuio - ok
14:14:42.0093 0x065c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:14:42.0109 0x065c  NdisWan - ok
14:14:42.0125 0x065c  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:14:42.0125 0x065c  NDProxy - ok
14:14:42.0140 0x065c  Nero BackItUp Scheduler 4.0 - ok
14:14:42.0171 0x065c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:14:42.0171 0x065c  NetBIOS - ok
14:14:42.0187 0x065c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:14:42.0187 0x065c  NetBT - ok
14:14:42.0218 0x065c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:14:42.0218 0x065c  NetDDE - ok
14:14:42.0218 0x065c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:14:42.0234 0x065c  NetDDEdsdm - ok
14:14:42.0265 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:14:42.0265 0x065c  Netlogon - ok
14:14:42.0312 0x065c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
14:14:42.0328 0x065c  Netman - ok
14:14:42.0359 0x065c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:42.0375 0x065c  NetTcpPortSharing - ok
14:14:42.0406 0x065c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:14:42.0421 0x065c  Nla - ok
14:14:42.0453 0x065c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:14:42.0453 0x065c  Npfs - ok
14:14:42.0515 0x065c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:14:42.0546 0x065c  Ntfs - ok
14:14:42.0546 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:14:42.0546 0x065c  NtLmSsp - ok
14:14:42.0593 0x065c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:14:42.0609 0x065c  NtmsSvc - ok
14:14:42.0640 0x065c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:14:42.0640 0x065c  Null - ok
14:14:42.0656 0x065c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:14:42.0656 0x065c  NwlnkFlt - ok
14:14:42.0671 0x065c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:14:42.0671 0x065c  NwlnkFwd - ok
14:14:42.0781 0x065c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:14:42.0796 0x065c  odserv - ok
14:14:42.0843 0x065c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:14:42.0859 0x065c  ose - ok
14:14:42.0890 0x065c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:14:42.0906 0x065c  Parport - ok
14:14:42.0953 0x065c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:14:42.0953 0x065c  PartMgr - ok
14:14:42.0984 0x065c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:14:42.0984 0x065c  ParVdm - ok
14:14:42.0984 0x065c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:14:42.0984 0x065c  PCI - ok
14:14:43.0000 0x065c  PCIDump - ok
14:14:43.0031 0x065c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:14:43.0031 0x065c  PCIIde - ok
14:14:43.0062 0x065c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:14:43.0062 0x065c  Pcmcia - ok
14:14:43.0078 0x065c  pctplsg - ok
14:14:43.0078 0x065c  PDCOMP - ok
14:14:43.0078 0x065c  PDFRAME - ok
14:14:43.0078 0x065c  PDRELI - ok
14:14:43.0093 0x065c  PDRFRAME - ok
14:14:43.0109 0x065c  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
14:14:43.0109 0x065c  perc2 - ok
14:14:43.0125 0x065c  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:14:43.0125 0x065c  perc2hib - ok
14:14:43.0156 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:14:43.0171 0x065c  PlugPlay - ok
14:14:43.0203 0x065c  [ DCDF0421A1C14F2923E298A30FD7636D, 7C2007A349E86105952816211F3F23D4983E5B43C38AAA062EFBCF10DC4DCA83 ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
14:14:43.0203 0x065c  Point32 - ok
14:14:43.0203 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:14:43.0203 0x065c  PolicyAgent - ok
14:14:43.0250 0x065c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:14:43.0281 0x065c  PptpMiniport - ok
14:14:43.0296 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:14:43.0296 0x065c  ProtectedStorage - ok
14:14:43.0328 0x065c  [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
14:14:43.0343 0x065c  ProtexisLicensing - ok
14:14:43.0343 0x065c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:14:43.0343 0x065c  PSched - ok
14:14:43.0359 0x065c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:14:43.0359 0x065c  Ptilink - ok
14:14:43.0406 0x065c  [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:14:43.0406 0x065c  PxHelp20 - ok
14:14:43.0437 0x065c  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:14:43.0437 0x065c  ql1080 - ok
14:14:43.0468 0x065c  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:14:43.0468 0x065c  Ql10wnt - ok
14:14:43.0515 0x065c  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:14:43.0515 0x065c  ql12160 - ok
14:14:43.0515 0x065c  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:14:43.0531 0x065c  ql1240 - ok
14:14:43.0531 0x065c  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:14:43.0546 0x065c  ql1280 - ok
14:14:43.0562 0x065c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:14:43.0578 0x065c  RasAcd - ok
14:14:43.0609 0x065c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:14:43.0609 0x065c  RasAuto - ok
14:14:43.0640 0x065c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:14:43.0640 0x065c  Rasl2tp - ok
14:14:43.0656 0x065c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:14:43.0656 0x065c  RasMan - ok
14:14:43.0656 0x065c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:14:43.0671 0x065c  RasPppoe - ok
14:14:43.0671 0x065c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:14:43.0671 0x065c  Raspti - ok
14:14:43.0718 0x065c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:14:43.0718 0x065c  Rdbss - ok
14:14:43.0750 0x065c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:14:43.0750 0x065c  RDPCDD - ok
14:14:43.0765 0x065c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:14:43.0781 0x065c  rdpdr - ok
14:14:43.0843 0x065c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:14:43.0859 0x065c  RDPWD - ok
14:14:43.0921 0x065c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:14:43.0937 0x065c  RDSessMgr - ok
14:14:43.0953 0x065c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:14:43.0953 0x065c  redbook - ok
14:14:44.0000 0x065c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:14:44.0000 0x065c  RemoteAccess - ok
14:14:44.0015 0x065c  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:14:44.0031 0x065c  RemoteRegistry - ok
14:14:44.0046 0x065c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:14:44.0062 0x065c  RpcLocator - ok
14:14:44.0093 0x065c  [ FCAD241DEA0005135DBDF5D77EC7919D, 8B67DA9D4623204EF71BA35ADD1A9882A25E8B990E8ECC1034B64D1DA6C5BCD4 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:14:44.0109 0x065c  RpcSs - ok
14:14:44.0125 0x065c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:14:44.0140 0x065c  RSVP - ok
14:14:44.0187 0x065c  [ E47C52F0380F0950E2BC9F1BCDC0DE9B, 8AC25B5F6F618DE8BAB3A3A795ECF05B4D45A00CBBB9527EA5F08FCF6E8651A7 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:14:44.0187 0x065c  RTLE8023xp - ok
14:14:44.0234 0x065c  [ 9F6B9F66223B1265ED66D005D93E539D, 5F7C38128147FA317A93394E998C146C38E5271C1EA3894F30DBE545BB79342A ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
14:14:44.0234 0x065c  RTLTEAMING - ok
14:14:44.0250 0x065c  [ 6EC43DC18746BB9B6DDEC4C99B15B6FC, 92AC8D03345774D55743F443EFBA0479EBFB995BFDBBBD06B630DAB5EF065D05 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
14:14:44.0250 0x065c  RTLVLAN - ok
14:14:44.0296 0x065c  [ 5FFD2AAF467B80FAB34929AFB7702060, FCBC04F23D522E959DE388AF2261EEDF28870E7ECA391E4940F14BFBC78AC0EF ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
14:14:44.0296 0x065c  RtNdPt5x - ok
14:14:44.0296 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:14:44.0296 0x065c  SamSs - ok
14:14:44.0328 0x065c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:14:44.0328 0x065c  SCardSvr - ok
14:14:44.0359 0x065c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:14:44.0359 0x065c  Schedule - ok
14:14:44.0406 0x065c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:14:44.0406 0x065c  Secdrv - ok
14:14:44.0437 0x065c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:14:44.0453 0x065c  seclogon - ok
14:14:44.0453 0x065c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
14:14:44.0453 0x065c  SENS - ok
14:14:44.0468 0x065c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:14:44.0468 0x065c  Serenum - ok
14:14:44.0484 0x065c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:14:44.0484 0x065c  Serial - ok
14:14:44.0500 0x065c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:14:44.0500 0x065c  Sfloppy - ok
14:14:44.0546 0x065c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:14:44.0562 0x065c  SharedAccess - ok
14:14:44.0578 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:14:44.0593 0x065c  ShellHWDetection - ok
14:14:44.0593 0x065c  Simbad - ok
14:14:44.0625 0x065c  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:14:44.0625 0x065c  sisagp - ok
14:14:44.0656 0x065c  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:14:44.0656 0x065c  Sparrow - ok
14:14:44.0671 0x065c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:14:44.0671 0x065c  splitter - ok
14:14:44.0718 0x065c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:14:44.0718 0x065c  Spooler - ok
14:14:44.0765 0x065c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:44.0765 0x065c  sr - ok
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 10, 2014, 08:30:45 PM
I am getting this message from Windows Security Alert about Akamai Net session client askine me if I still want to block it or unblocked it ??????
Computer is slow loading up my start area to the connection to the internet
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 10, 2014, 09:01:57 PM
You have Akamai Net installed:

Akamai NetSession Interface
Akamai NetSession Interface Service

Based on the discussion at What is Akamai NetSession Client - Microsoft Community (http://answers.microsoft.com/en-us/windows/forum/windows_other-security/what-is-akamai-netsession-client/6c85ea38-e236-42b4-8c02-ea425d5658dc), I would not allow it access and would uninstall it.

Please note that your last log got cut off.  See if you can locate the end of the log following the last lines that posted:
Code Select
14:14:44.0765 0x065c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:44.0765 0x065c  sr - ok
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 10, 2014, 09:15:25 PM
14:14:44.0765 0x065c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:44.0765 0x065c  sr - ok
14:14:44.0796 0x065c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:14:44.0812 0x065c  srservice - ok
14:14:44.0843 0x065c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:14:44.0859 0x065c  Srv - ok
14:14:44.0906 0x065c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:14:44.0906 0x065c  SSDPSRV - ok
14:14:44.0937 0x065c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:14:44.0953 0x065c  stisvc - ok
14:14:45.0015 0x065c  [ E476C66713C842F58E61A95826ED1D57, 33632E8AE6D868EAC7D676E4236E78A0B1E613C9A5FA2470A0419B2E9A6CAE4B ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:14:45.0015 0x065c  stllssvr - ok
14:14:45.0062 0x065c  [ AE9369E60118BB81202B160D6B2CC5C2, 3B4E91A23B728026467BC9A6BCB2E5618E2062B112AB8A07934173A3A199259F ] SupportSoft RemoteAssist C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
14:14:45.0062 0x065c  SupportSoft RemoteAssist - ok
14:14:45.0109 0x065c  [ 965F4DD2870F83642BC9CC7B4F1A1C7B, 8E5B3C4AFB116EE40D9841C38E9D9A6E2094C67900A2063D7D774512EEDD2224 ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
14:14:45.0109 0x065c  SWDUMon - ok
14:14:45.0140 0x065c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:14:45.0140 0x065c  swenum - ok
14:14:45.0156 0x065c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:14:45.0156 0x065c  swmidi - ok
14:14:45.0156 0x065c  SwPrv - ok
14:14:45.0187 0x065c  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
14:14:45.0187 0x065c  symc810 - ok
14:14:45.0203 0x065c  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:14:45.0203 0x065c  symc8xx - ok
14:14:45.0218 0x065c  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:14:45.0218 0x065c  sym_hi - ok
14:14:45.0234 0x065c  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:14:45.0234 0x065c  sym_u3 - ok
14:14:45.0265 0x065c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:14:45.0265 0x065c  sysaudio - ok
14:14:45.0296 0x065c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:14:45.0296 0x065c  SysmonLog - ok
14:14:45.0343 0x065c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:14:45.0343 0x065c  TapiSrv - ok
14:14:45.0406 0x065c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:14:45.0406 0x065c  Tcpip - ok
14:14:45.0453 0x065c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:14:45.0453 0x065c  TDPIPE - ok
14:14:45.0468 0x065c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:14:45.0468 0x065c  TDTCP - ok
14:14:45.0515 0x065c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:14:45.0515 0x065c  TermDD - ok
14:14:45.0546 0x065c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:14:45.0546 0x065c  TermService - ok
14:14:45.0562 0x065c  TfFsMon - ok
14:14:45.0562 0x065c  TfNetMon - ok
14:14:45.0562 0x065c  TfSysMon - ok
14:14:45.0578 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:14:45.0593 0x065c  Themes - ok
14:14:45.0625 0x065c  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:14:45.0640 0x065c  TlntSvr - ok
14:14:45.0718 0x065c  [ 6A3C0505EEEBA32ECF7EBAC24D6BBF81, 53AC488DBA8C229926223269E4273E18D20E59111A40BFD22BC4EDCB8A65A0FC ] Tomcat6         C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
14:14:45.0718 0x065c  Tomcat6 - ok
14:14:45.0750 0x065c  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
14:14:45.0750 0x065c  TosIde - ok
14:14:45.0781 0x065c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:14:45.0796 0x065c  TrkWks - ok
14:14:45.0828 0x065c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:14:45.0828 0x065c  Udfs - ok
14:14:45.0859 0x065c  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
14:14:45.0859 0x065c  ultra - ok
14:14:45.0921 0x065c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:14:45.0937 0x065c  Update - ok
14:14:45.0968 0x065c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:14:45.0984 0x065c  upnphost - ok
14:14:46.0000 0x065c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
14:14:46.0000 0x065c  UPS - ok
14:14:46.0046 0x065c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:14:46.0046 0x065c  usbccgp - ok
14:14:46.0093 0x065c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:14:46.0093 0x065c  usbehci - ok
14:14:46.0093 0x065c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:14:46.0093 0x065c  usbhub - ok
14:14:46.0140 0x065c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:14:46.0140 0x065c  usbprint - ok
14:14:46.0156 0x065c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:14:46.0156 0x065c  usbscan - ok
14:14:46.0187 0x065c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:14:46.0187 0x065c  USBSTOR - ok
14:14:46.0187 0x065c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:14:46.0187 0x065c  usbuhci - ok
14:14:46.0234 0x065c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:14:46.0265 0x065c  VgaSave - ok
14:14:46.0312 0x065c  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:14:46.0312 0x065c  viaagp - ok
14:14:46.0328 0x065c  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:14:46.0328 0x065c  ViaIde - ok
14:14:46.0359 0x065c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:14:46.0375 0x065c  VolSnap - ok
14:14:46.0421 0x065c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:14:46.0437 0x065c  VSS - ok
14:14:46.0468 0x065c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
14:14:46.0468 0x065c  w32time - ok
14:14:46.0468 0x065c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:14:46.0484 0x065c  Wanarp - ok
14:14:46.0484 0x065c  WDICA - ok
14:14:46.0484 0x065c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:14:46.0500 0x065c  wdmaud - ok
14:14:46.0500 0x065c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:14:46.0515 0x065c  WebClient - ok
14:14:46.0593 0x065c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:14:46.0609 0x065c  winmgmt - ok
14:14:46.0734 0x065c  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:14:46.0781 0x065c  wlidsvc - ok
14:14:46.0812 0x065c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:14:46.0812 0x065c  WmdmPmSN - ok
14:14:46.0875 0x065c  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:14:46.0890 0x065c  Wmi - ok
14:14:46.0921 0x065c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:14:46.0921 0x065c  WmiApSrv - ok
14:14:47.0031 0x065c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:14:47.0062 0x065c  WMPNetworkSvc - ok
14:14:47.0156 0x065c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:14:47.0187 0x065c  WPFFontCache_v0400 - ok
14:14:47.0234 0x065c  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:14:47.0234 0x065c  WS2IFSL - ok
14:14:47.0265 0x065c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:14:47.0281 0x065c  wscsvc - ok
14:14:47.0312 0x065c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:14:47.0312 0x065c  wuauserv - ok
14:14:47.0343 0x065c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:14:47.0343 0x065c  WudfPf - ok
14:14:47.0359 0x065c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:14:47.0359 0x065c  WudfRd - ok
14:14:47.0390 0x065c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:14:47.0421 0x065c  WudfSvc - ok
14:14:47.0453 0x065c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:14:47.0468 0x065c  WZCSVC - ok
14:14:47.0500 0x065c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:14:47.0500 0x065c  xmlprov - ok
14:14:47.0500 0x065c  ================ Scan global ===============================
14:14:47.0546 0x065c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:14:47.0578 0x065c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:14:47.0609 0x065c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:14:47.0640 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:14:47.0640 0x065c  [ Global ] - ok
14:14:47.0640 0x065c  ================ Scan MBR ==================================
14:14:47.0671 0x065c  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
14:14:47.0906 0x065c  \Device\Harddisk0\DR0 - ok
14:14:47.0906 0x065c  ================ Scan VBR ==================================
14:14:47.0921 0x065c  [ FDE96BB6697BE1F6537CEA337B8DAB74 ] \Device\Harddisk0\DR0\Partition1
14:14:47.0921 0x065c  \Device\Harddisk0\DR0\Partition1 - ok
14:14:47.0921 0x065c  Waiting for KSN requests completion. In queue: 300
14:14:48.0921 0x065c  Waiting for KSN requests completion. In queue: 300
14:14:50.0000 0x065c  AV detected via SS1: ESET NOD32 Antivirus 7.0, 7.0, enabled, updated
14:14:50.0000 0x065c  Win FW state via NFM: enabled
14:14:50.0140 0x065c  ============================================================
14:14:50.0140 0x065c  Scan finished
14:14:50.0140 0x065c  ============================================================
14:14:50.0140 0x0d6c  Detected object count: 0
14:14:50.0140 0x0d6c  Actual detected object count: 0
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 10, 2014, 11:53:02 PM
Thank you.

A.  First a few questions: 

1.  Have you updated Java?
2.  Did you uninstall Akamai Net?
3.  What firewall are you using and is it back on?

B.  You need to update Firefox to the current version, 26.0.  Select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."

C.  Your computer was so badly infected, since you have Malwarebytes installed, I'd like to see an updated scan.  Please do the following.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 11, 2014, 04:40:58 PM
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: D1WPTGK1 [administrator]

Protection: Enabled

1/11/2014 10:17:40 AM
mbam-log-2014-01-11 (10-17-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251124
Time elapsed: 15 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Nothing was saved to my desktop the above is from a second scan first one had 16 bad items in it did not save to my desk top

My Firefox is updated and so is Malwarebytes. As far as I know I do not have a firewall with my anti virus. Akamai has been deleted!  Java is current.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 11, 2014, 05:56:06 PM
I do have Windows 7 firewall!
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 11, 2014, 06:10:00 PM
I got the DCOM shutdown notice 2 times this morning!! Is it safe to disable the DCOM? Using http://www.grc.com/dcom/
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 11, 2014, 06:40:35 PM
Yes, go ahead and disable DCOM via GRC. 

Regarding the MBAM log, was the log with 16 items in it run today before the log posted above?  If so, I would like to see what it found.  Just launch Malwarebytes and click the Logs tab in MBAM.  It would be the log that is before 1/11/2014 10:17:40 AM.

Please also post a fresh DDS log, as requested above.

Thank you!
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 11, 2014, 06:48:39 PM
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: D1WPTGK1 [administrator]

Protection: Enabled

1/11/2014 10:13:14 AM
mbam-log-2014-01-11 (10-13-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 0
Time elapsed: 33 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Hope this is the one
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 11, 2014, 06:56:18 PM
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: D1WPTGK1 [administrator]

Protection: Enabled

1/11/2014 9:45:42 AM
mbam-log-2014-01-11 (09-45-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249980
Time elapsed: 15 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Quarantined and deleted successfully.
HKCU\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
HKLM\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\USER\Application Data\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Documents and Settings\USER\Application Data\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Application Data\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Application Data\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.

(end)
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 11, 2014, 10:36:43 PM
Could you try running AdwCleaner again?  It should be on your desktop.  The instructions are on the previous page at http://www.landzdown.com/analysis-and-malware-removal/d-com-server-nt-authority-system-problem/msg164394/#msg164394.

Then post the fresh DDS log, please.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 12, 2014, 03:45:26 PM
# AdwCleaner v3.016 - Report created 12/01/2014 at 09:40:20
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : USER - D1WPTGK1
# Running from : C:\Documents and Settings\USER\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Documents and Settings\USER\Local Settings\Application Data\AskPartnerNetwork
Folder Deleted : C:\DOCUME~1\USER\LOCALS~1\Temp\apn

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 127.0.0.1:9421;<local>

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12219 octets] - [09/01/2014 15:35:45]
AdwCleaner[R1].txt - [7251 octets] - [12/01/2014 09:32:25]
AdwCleaner[R2].txt - [7300 octets] - [12/01/2014 09:39:24]
AdwCleaner[S0].txt - [1903 octets] - [09/01/2014 15:40:59]
AdwCleaner[S1].txt - [7487 octets] - [12/01/2014 09:40:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7547 octets] ##########
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 12, 2014, 04:46:28 PM
Excellent!  Please provide fresh DDS logs.  DDS.scr should still be on your desktop.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 12, 2014, 05:11:05 PM
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 11:40:18 AM
System Uptime: 1/12/2014 9:41:18 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 0JJW8N
Processor: Intel(R) Core(TM)2 Duo CPU     E7500  @ 2.93GHz | Socket 775 | 2925/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 260.915 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1285: 10/13/2013 1:58:20 PM - Software Distribution Service 3.0
RP1286: 10/14/2013 4:31:27 PM - System Checkpoint
RP1287: 10/15/2013 4:40:48 PM - System Checkpoint
RP1288: 10/19/2013 5:42:29 PM - System Checkpoint
RP1289: 10/20/2013 6:30:46 PM - System Checkpoint
RP1290: 10/22/2013 10:40:37 AM - System Checkpoint
RP1291: 10/23/2013 5:49:57 PM - System Checkpoint
RP1292: 10/25/2013 9:13:52 AM - System Checkpoint
RP1293: 10/28/2013 2:37:42 PM - System Checkpoint
RP1294: 10/29/2013 2:41:09 PM - System Checkpoint
RP1295: 10/30/2013 5:28:57 PM - System Checkpoint
RP1296: 11/1/2013 8:05:35 AM - System Checkpoint
RP1297: 11/3/2013 5:07:07 PM - System Checkpoint
RP1298: 11/5/2013 11:30:46 AM - System Checkpoint
RP1299: 11/6/2013 4:10:14 PM - System Checkpoint
RP1300: 11/8/2013 3:02:23 PM - System Checkpoint
RP1301: 11/9/2013 4:29:14 PM - System Checkpoint
RP1302: 11/10/2013 5:48:16 PM - System Checkpoint
RP1303: 11/12/2013 5:34:56 PM - System Checkpoint
RP1304: 11/13/2013 5:27:00 PM - Software Distribution Service 3.0
RP1305: 11/15/2013 11:52:10 AM - System Checkpoint
RP1306: 11/18/2013 10:44:48 AM - System Checkpoint
RP1307: 11/19/2013 12:27:57 PM - System Checkpoint
RP1308: 11/20/2013 4:09:05 PM - System Checkpoint
RP1309: 11/24/2013 8:51:53 AM - System Checkpoint
RP1310: 11/26/2013 11:37:26 AM - System Checkpoint
RP1311: 11/27/2013 4:13:19 PM - System Checkpoint
RP1312: 11/28/2013 4:59:05 PM - System Checkpoint
RP1313: 12/1/2013 7:12:30 PM - System Checkpoint
RP1314: 12/2/2013 2:01:20 PM - Removed ESET NOD32 Antivirus
RP1315: 12/2/2013 2:01:37 PM - Installed ESET NOD32 Antivirus
RP1316: 12/3/2013 2:47:14 PM - System Checkpoint
RP1317: 12/4/2013 5:33:22 PM - System Checkpoint
RP1318: 12/5/2013 6:40:57 PM - System Checkpoint
RP1319: 12/6/2013 7:00:20 PM - System Checkpoint
RP1320: 12/7/2013 7:05:50 PM - System Checkpoint
RP1321: 12/8/2013 7:19:04 PM - System Checkpoint
RP1322: 12/9/2013 7:34:32 PM - System Checkpoint
RP1323: 12/10/2013 8:27:56 PM - System Checkpoint
RP1324: 12/11/2013 9:40:01 PM - Software Distribution Service 3.0
RP1325: 12/13/2013 11:16:53 AM - System Checkpoint
RP1326: 12/13/2013 6:20:49 PM - Software Distribution Service 3.0
RP1327: 12/15/2013 8:22:39 AM - System Checkpoint
RP1328: 12/16/2013 2:21:41 PM - System Checkpoint
RP1329: 12/17/2013 2:33:22 PM - System Checkpoint
RP1330: 12/19/2013 4:52:01 PM - System Checkpoint
RP1331: 12/21/2013 8:00:51 AM - System Checkpoint
RP1332: 12/22/2013 1:13:35 PM - System Checkpoint
RP1333: 12/23/2013 2:22:17 PM - System Checkpoint
RP1334: 12/24/2013 5:14:39 PM - System Checkpoint
RP1335: 12/25/2013 6:08:25 PM - System Checkpoint
RP1336: 12/26/2013 8:46:41 AM - Removed DriverUpdate
RP1337: 12/27/2013 10:34:43 AM - System Checkpoint
RP1338: 12/28/2013 11:52:26 AM - System Checkpoint
RP1339: 12/29/2013 5:51:09 PM - System Checkpoint
RP1340: 12/30/2013 6:32:06 PM - System Checkpoint
RP1341: 1/1/2014 12:22:00 PM - System Checkpoint
RP1342: 1/2/2014 12:47:07 PM - System Checkpoint
RP1343: 1/3/2014 1:38:42 PM - Software Distribution Service 3.0
RP1344: 1/5/2014 7:16:21 AM - System Checkpoint
RP1345: 1/5/2014 12:30:12 PM - Removed Adobe Reader XI (11.0.05).
RP1346: 1/6/2014 6:03:56 PM - Restore Operation
RP1347: 1/7/2014 7:20:23 AM - Software Distribution Service 3.0
RP1348: 1/8/2014 8:54:14 AM - System Checkpoint
RP1349: 1/8/2014 1:56:12 PM - Removed Skype™ 6.1
RP1350: 1/8/2014 1:58:05 PM - Removed Skype Click to Call
RP1351: 1/9/2014 2:15:25 PM - System Checkpoint
RP1352: 1/9/2014 4:18:51 PM - Software Distribution Service 3.0
RP1353: 1/10/2014 12:10:28 PM - Removed Bing Bar
RP1354: 1/10/2014 2:00:55 PM - Removed Java(TM) 6 Update 31
RP1355: 1/10/2014 2:11:01 PM - Installed Java 7 Update 45
RP1356: 1/12/2014 9:29:17 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
abrMate version 1.0
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
aioprnt
aioscnnr
Akamai NetSession Interface
Alien Skin Exposure
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Eye Candy 7
Alien Skin Xenofex 2.0
AMP Font Viewer
AnswerWorks 5.0 English Runtime
Apache Tomcat 6.0 (remove only)
Ask Toolbar
Auto FX Free
BJCS
Bonjour
C4USelfUpdater
center
CenturyLink QuickAssist Desktop Tools
Clickfree Easy Image
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Corel PaintShop Photo Pro X3
Dell Backup and Recovery Manager
Dell System Detect Bootstrapper
Desktop Restore
Diagnostic Utility
Elevated Installer
ESET NOD32 Antivirus
essentials
Eye Candy 4000
Filters Unlimited 2.0
FlashPeak SlimBrowser
Font Thumbnail
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin Update Service
Garmin USB Drivers
getPlus(R) Download Manager for Corel
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICA
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPM_PSP_Pro
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
neroxml
Nikon Message Center 2
Nikon Movie Editor
ocr
OGA Notifier 2.0.0048.0
Paint Shop Pro 7 Anniversary Edition
Photobucket Backup
Picture Control Utility
PowerDVD DX
PreReq
PrintProjects
PSPPContent
PSPPRO_DCRAW
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setup
SmartSound Common Data
SmartSound Quicktracks 5
Sonic CinePlayer Decoder Pack
Sqirlz Water Reflections
Ulead GIF Animator 5 ESD
Ulead Particle.Plugin 1.0
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX 2
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/9/2014 6:07:03 AM, error: Service Control Manager [7034]  - The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).
1/9/2014 6:07:03 AM, error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/9/2014 1:28:57 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  TfFsMon TfSysMon
1/9/2014 1:28:57 PM, error: Service Control Manager [7022]  - The ESET Service service hung on starting.
1/9/2014 1:27:27 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
1/9/2014 1:27:27 PM, error: Service Control Manager [7000]  - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:  The system cannot find the file specified.
1/9/2014 1:05:08 PM, error: Service Control Manager [7034]  - The FullImagingService service terminated unexpectedly.  It has done this 1 time(s).
1/8/2014 12:54:01 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the FullImagingService service to connect.
1/8/2014 12:54:01 PM, error: Service Control Manager [7000]  - The FullImagingService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/7/2014 4:12:07 PM, error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/11/2014 12:00:48 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Apache Tomcat service to connect.
1/11/2014 12:00:48 PM, error: Service Control Manager [7000]  - The Apache Tomcat service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/10/2014 2:05:43 PM, error: Service Control Manager [7022]  - The SharedAccess service hung on starting.
1/10/2014 2:03:41 PM, error: Service Control Manager [7024]  - The Apache Tomcat service terminated with service-specific error 0 (0x0).
1/10/2014 11:21:10 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'mysearchdial.dll' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
1/10/2014 11:16:39 AM, error: Service Control Manager [7000]  - The 24x7HelpService service failed to start due to the following error:  The system cannot find the file specified.
1/10/2014 11:15:53 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'JumpFlipBHO.dll' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
1/10/2014 11:14:25 AM, error: Service Control Manager [7000]  - The Update Jump Flip service failed to start due to the following error:  The system cannot find the file specified.
1/10/2014 11:14:20 AM, error: Service Control Manager [7031]  - The Update Jump Flip service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/10/2014 11:14:06 AM, error: Service Control Manager [7034]  - The 24x7HelpService service terminated unexpectedly.  It has done this 1 time(s).
1/10/2014 11:08:49 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file '24x7desk.dll' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
.
==== End Of File ===========================
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 12, 2014, 05:11:52 PM
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by USER at 11:03:31 on 2014-01-12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2015 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FullImagingService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PCTools Site Guard: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: New Value #1 = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : NameServer = 64.91.3.46,208.54.220.20
TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : DHCPNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\cqnf6uhv.default\
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-7-6 57344]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 FullImagingService;FullImagingService;c:\documents and settings\all users\application data\clickfree\fullimagingbackup\FullImagingService.exe [2013-9-6 235848]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-6 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-6 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-22 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-6 22856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 12, 2014, 06:43:23 PM
Thank you, jemellin.

I don't like that I keep seeing so many of the same adware files after you've run JRT, MBAM and AdwCleaner.

Please go to installed programs and uninstall Ask Toolbar

Next, I want to confirm whether these files are still on your computer with SystemLook:

Code Select

:filefind
c:\windows\system32\sfzwurs.bjt
c:\windows\system32\hlgcv.fnq
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 12, 2014, 07:54:58 PM
tried to run system look says it requires a script!! Doesn't run!
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 04:40:27 PM
After launching SystemLook, you need to paste the text from the code box.
Code Select

:filefind
c:\windows\system32\sfzwurs.bjt
c:\windows\system32\hlgcv.fnq
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 06:55:51 PM
I D/L to my desktop clicked on run then on Look box opens and says system error script required!
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 07:09:10 PM
There is no "run" for SystemLook.  Clicking the downloaded file opens a box which you paste the code into and then click "Look".  Attached is an image of what it looks like.  Isn't this what you're seeing?  If not, can you attach a screen capture?

Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 07:26:42 PM
SystemLook 30.07.11 by jpshortstuff
Log created at 13:13 on 13/01/2014 by USER
Administrator - Elevation successful

========== filefind ==========

Searching for "c:\windows\system32\sfzwurs.bjt"
No files found.

Searching for "c:\windows\system32\hlgcv.fnq"
No files found.

-= EOF =-
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 08:13:41 PM
That is what I was hoping for.  Excellent!  Thank you. 

I need to go back over your logs.  In the meantime, how is your computer now?
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 08:15:33 PM
Seems to be better so far today no shut down notices!!
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 08:28:30 PM
That is good news!  Let's do some cleanup of a couple of left-overs.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

DDS:
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PCTools Site Guard: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 09:12:02 PM
ComboFix 14-01-08.03 - USER 01/13/2014  14:42:38.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2135 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-07 00:04 . 2014-01-07 00:04   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 09:15:58 PM
I now noticed  that I have Google Chrome down on the right side of my task bar
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 09:57:02 PM
Hi, jemellin.

Your very first post showed Google Chrome 31.0.1650.63 in SecurityCheck, although your last DDS log did not show it listed in installed programs.  Check installed programs to see if you missed unchecking the option when updating Java.

Is there some reason why you didn't allow ComboFix to update when prompted?
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 10:07:40 PM
Did not see chrome in my installed programs. About conbo fix how do I get it to update
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 10:38:36 PM
That's ok.  I was just curious as seeing "reduced mode" in the log implies that there was an update offered. 

If you're willing to continue, we could try a different tool to see if it shows other signs of Google Chrome.  I say this because I looked back over your logs and saw adware removed from Chrome but not an actual installation.

If you don't wish to try & track it down, let me know and I'll provide other instructions for removing the tools we used.  To continue, do the following. 

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer.  Save it to your Desktop.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 11:12:52 PM
OTL logfile created on: 1/13/2014 4:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.20% Memory free
4.81 Gb Paging File | 4.03 Gb Available in Paging File | 83.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/08/22 13:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 09:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/02 16:29:04 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8e046b70030b67810579a40abda1e3aa\System.WorkflowServices.ni.dll
MOD - [2014/01/02 16:27:10 | 001,076,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\69a3f31684a38a4bb0581f969adb09f5\System.ServiceModel.Web.ni.dll
MOD - [2013/11/28 09:36:40 | 000,137,544 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\VssClientDll.dll
MOD - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
MOD - [2013/10/09 10:03:25 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:35:28 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 06:31:48 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\92e77253888dbd9c0bba085083619459\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 06:31:47 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\85a498bbd8b627f024494aff48293868\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 06:31:46 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b497fb14e3235ee6c29125b069dec168\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 06:31:46 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e9a7e4f157404d716b2da7e33d9b6530\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 06:31:43 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1adbc62df2ee2812328adaa2b29db646\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:31:25 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ff7a142f6b3bdfea11e82d43196c7611\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:30:27 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ed61ee6ddf10acbd36e8eef05639e6e8\System.Data.DataSetExtensions.ni.dll
MOD - [2013/10/09 06:30:09 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7a55f1a3264f1482d90d89faf722c32\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:30:08 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2317d10bd132b3b52081f90051e21afe\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:30:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:25:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\76be8eddc22a93ae3bb03e2429cec546\PresentationFramework.ni.dll
MOD - [2013/10/09 06:25:46 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/10/09 06:25:45 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:25:43 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\325d0892f38cfa9dc4dd834066b218de\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:25:33 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\545c9efd86994100a4397aaefc753d22\PresentationCore.ni.dll
MOD - [2013/10/09 06:25:33 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f4b3731e5bbead895061725c5fe89e74\System.Data.ni.dll
MOD - [2013/10/09 06:25:28 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 06:25:24 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\386c47ad5b7e82f3832a668b777c4756\WindowsBase.ni.dll
MOD - [2013/09/26 16:08:34 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll
MOD - [2013/09/26 16:08:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll
MOD - [2013/09/26 16:08:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll
MOD - [2013/09/26 16:08:29 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll
MOD - [2013/09/26 16:08:28 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll
MOD - [2013/09/26 16:08:28 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll
MOD - [2013/09/26 16:08:26 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll
MOD - [2013/09/26 16:08:25 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll
MOD - [2013/08/27 15:17:27 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78329ab1c7f5e92c6f2462188ad1de79\SMDiagnostics.ni.dll
MOD - [2013/08/15 10:23:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:23:34 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 10:22:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 10:22:13 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 04:15:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:15:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 04:15:27 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/15 04:15:17 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:15:13 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 04:13:30 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:13:05 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:12:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 09:34:54 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 09:32:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/07 18:07:02 | 000,113,664 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/01/06 16:01:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:42:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () [Auto | Running] -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/11 11:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/28 13:27:43 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/28 16:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/26 06:39:32 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/05 09:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 08:59:06 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/09 08:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{C62C35BF-E421-4F34-B607-1A2B73807829}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/12/02 14:01:55 | 000,000,000 | ---D | M]

[2010/12/28 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2014/01/10 11:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions
[2014/01/06 13:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\firefox@jumpflip.net.xpi
[2013/08/25 13:21:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 14:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/06 16:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/06 16:01:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/10 11:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..Trusted Domains: bestbuy.com ([www-ssl] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 16:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 15:02:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/13 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\ccd_APassionateFascination_ts
[2014/01/13 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Valentine dreams
[2014/01/12 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Toad ally in love with you
[2014/01/12 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Fin sigs
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfzwurs.bjt
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlgcv.fnq
[2014/01/10 14:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Sun
[2014/01/10 14:11:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:11:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/10 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/10 11:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/10 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DigitalSites
[2014/01/09 15:45:05 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 000,028,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:53 | 004,752,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:35:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder
[2014/01/09 13:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/09 13:05:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/09 13:05:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/09 13:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/09 13:05:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/09 13:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 13:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/06 18:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2014/01/06 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 18:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 18:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 17:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Slow cooker recipes
[2013/08/10 13:45:06 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\USER\Application Data\dotNetFx40_Full_setup.exe
[2010/09/03 20:09:59 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/09/03 20:09:59 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/09/03 20:09:59 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 16:40:35 | 001,656,352 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\76-2-JoelAdams_LilGrace.psd
[2014/01/13 16:40:23 | 003,236,018 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\PSPTUBESTOP_Faith_CarolMoore.psd
[2014/01/13 16:40:12 | 001,463,675 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\13-2-AnnaMarine.psd
[2014/01/13 16:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/13 16:22:21 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Jasc Paint Shop Pro 9.lnk
[2014/01/13 16:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 15:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/13 15:06:39 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 15:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 12:50:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
[2014/01/12 15:09:22 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2014/01/12 09:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 11:02:56 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/11 11:02:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/11 09:16:14 | 000,000,090 | ---- | M] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/10 14:11:19 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:15 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:15 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:15 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:07:34 | 000,505,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/10 14:07:34 | 000,089,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/10 11:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/09 15:45:05 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:03:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2014/01/09 15:01:22 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/01/09 13:07:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 15:18:38 | 000,978,236 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Start-Stop DCOM Server Process Launcher service in Windows 7 from Services, Regedit or CMD.mht
[2014/01/08 08:19:30 | 012,099,717 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/07 12:44:40 | 000,000,072 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2014/01/06 18:23:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 13:44:33 | 001,384,066 | ---- | M] () -- C:\Documents and Settings\US
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 13, 2014, 11:13:23 PM
OTL Extras logfile created on: 1/13/2014 4:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.20% Memory free
4.81 Gb Paging File | 4.03 Gb Available in Paging File | 83.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{06BA6321-B6FC-4A36-8571-B642404D22B6}" = Photobucket Backup
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}" = ESET NOD32 Antivirus
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228CEA74-6DD1-40B9-B95F-77273F4316B5}" = Desktop Restore
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23DF0-7FAE-4DA2-9DA2-45B984AA742C}_is1" = CenturyLink QuickAssist Desktop Tools
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2F46CB46-5E2B-414D-882C-F8F51FF30C01}" = Auto FX Free
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31a12940-e5c8-4d27-a6ac-005212152f1f}" = Garmin Express
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369FA236-890F-4490-B607-092BC17E10CD}" = Elevated Installer
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{417F3E7E-C754-4707-BF5B-94750B83D58A}" = Garmin Express Tray
"{42B9D779-CF1F-478D-A393-950CE0E48177}" = Garmin Update Service
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) Download Manager for Corel
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{658AB1BF-9A07-4AAD-B6BB-7CADD2307C75}" = Garmin Express
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{817A0268-DEA8-421B-AD9B-92919BB97C6A}" = BJCS
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}" = Dell Backup and Recovery Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B39DC03B-F2C0-4F7E-B1DD-328F73BD98FD}" = Font Thumbnail
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"abrMate_is1" = abrMate version 1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alien Skin Eye Candy 7" = Alien Skin Eye Candy 7
"AMP Font Viewer" = AMP Font Viewer
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"Clickfree Easy Image" = Clickfree Easy Image
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Exposure" = Alien Skin Exposure
"Eye Candy 4000" = Eye Candy 4000
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Filters Unlimited_is1" = Filters Unlimited 2.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PrintProjects" = PrintProjects
"SlimBrowser" = FlashPeak SlimBrowser
"Sqirlz Water Reflections" = Sqirlz Water Reflections
"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex2" = Alien Skin Xenofex 2.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2014 12:03:56 PM | Computer Name = D1WPTGK1 | Source = Application Hang | ID = 1002
Description = Hanging application Paint Shop Pro 9.exe, version 9.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2014 4:07:31 PM | Computer Name = D1WPTGK1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 26430, the bogus index value is the first  DWORD in Data section
while the last valid index values are the second and  third DWORD in Data section.

Error - 1/10/2014 4:07:31 PM | Computer Name = D1WPTGK1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/10/2014 4:07:34 PM | Computer Name = D1WPTGK1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 26430, the bogus index value is the first  DWORD in Data section
while the last valid index values are the second and  third DWORD in Data section.

Error - 1/11/2014 5:05:45 PM | Computer Name = D1WPTGK1 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x5ad7a270.

Error - 1/11/2014 5:05:54 PM | Computer Name = D1WPTGK1 | Source = Application Error | ID = 1001
Description = Fault bucket 00000008.

Error - 1/12/2014 3:46:43 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

Error - 1/12/2014 3:46:44 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

Error - 1/12/2014 3:46:52 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

Error - 1/12/2014 3:46:57 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

[ System Events ]
Error - 1/13/2014 2:46:53 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the FullImagingService service
to connect.

Error - 1/13/2014 2:46:53 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7000
Description = The FullImagingService service failed to start due to the following
error:   %%1053

Error - 1/13/2014 2:48:23 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7022
Description = The ESET Service service hung on starting.

Error - 1/13/2014 2:48:23 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TfSysMon

Error - 1/13/2014 4:52:08 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error:   %%2

Error - 1/13/2014 4:52:08 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7024
Description = The Apache Tomcat service terminated with service-specific error 0
(0x0).

Error - 1/13/2014 4:52:23 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TfSysMon

Error - 1/13/2014 5:07:09 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error:   %%2

Error - 1/13/2014 5:07:09 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7024
Description = The Apache Tomcat service terminated with service-specific error 0
(0x0).

Error - 1/13/2014 5:07:28 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TfSysMon


< End of report >
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 13, 2014, 11:46:02 PM
Due to the length of the log, the end of OTL.txt got cut off.  Please locate the line below and copy/paste the content below that to the end.  (Click Edit > Find to search the log.)

[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.l
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 14, 2014, 01:03:57 AM
I cannot find do you want  me to rerun it?
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 14, 2014, 01:20:32 AM
OTL logfile created on: 1/13/2014 7:06:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.44% Memory free
4.81 Gb Paging File | 3.98 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/08/22 13:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 09:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/02 16:29:04 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8e046b70030b67810579a40abda1e3aa\System.WorkflowServices.ni.dll
MOD - [2014/01/02 16:27:10 | 001,076,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\69a3f31684a38a4bb0581f969adb09f5\System.ServiceModel.Web.ni.dll
MOD - [2013/11/28 09:36:40 | 000,137,544 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\VssClientDll.dll
MOD - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
MOD - [2013/10/09 10:03:25 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:35:28 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 06:31:48 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\92e77253888dbd9c0bba085083619459\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 06:31:47 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\85a498bbd8b627f024494aff48293868\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 06:31:46 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b497fb14e3235ee6c29125b069dec168\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 06:31:46 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e9a7e4f157404d716b2da7e33d9b6530\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 06:31:43 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1adbc62df2ee2812328adaa2b29db646\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:31:25 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ff7a142f6b3bdfea11e82d43196c7611\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:30:27 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ed61ee6ddf10acbd36e8eef05639e6e8\System.Data.DataSetExtensions.ni.dll
MOD - [2013/10/09 06:30:09 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7a55f1a3264f1482d90d89faf722c32\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:30:08 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2317d10bd132b3b52081f90051e21afe\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:30:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:25:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\76be8eddc22a93ae3bb03e2429cec546\PresentationFramework.ni.dll
MOD - [2013/10/09 06:25:46 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/10/09 06:25:45 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:25:43 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\325d0892f38cfa9dc4dd834066b218de\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:25:33 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\545c9efd86994100a4397aaefc753d22\PresentationCore.ni.dll
MOD - [2013/10/09 06:25:33 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f4b3731e5bbead895061725c5fe89e74\System.Data.ni.dll
MOD - [2013/10/09 06:25:28 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 06:25:24 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\386c47ad5b7e82f3832a668b777c4756\WindowsBase.ni.dll
MOD - [2013/09/26 16:08:34 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll
MOD - [2013/09/26 16:08:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll
MOD - [2013/09/26 16:08:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll
MOD - [2013/09/26 16:08:29 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll
MOD - [2013/09/26 16:08:28 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll
MOD - [2013/09/26 16:08:28 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll
MOD - [2013/09/26 16:08:26 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll
MOD - [2013/09/26 16:08:25 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll
MOD - [2013/08/27 15:17:27 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78329ab1c7f5e92c6f2462188ad1de79\SMDiagnostics.ni.dll
MOD - [2013/08/15 10:23:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:23:34 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 10:22:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 10:22:13 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 04:15:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:15:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 04:15:27 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/15 04:15:17 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:15:13 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 04:13:30 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:13:05 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:12:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 09:34:54 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 09:32:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/07 18:07:02 | 000,113,664 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/01/06 16:01:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:42:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () [Auto | Running] -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/11 11:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/28 13:27:43 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/28 16:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/26 06:39:32 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/05 09:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 08:59:06 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/09 08:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{C62C35BF-E421-4F34-B607-1A2B73807829}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/12/02 14:01:55 | 000,000,000 | ---D | M]

[2010/12/28 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2014/01/10 11:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions
[2014/01/06 13:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\firefox@jumpflip.net.xpi
[2013/08/25 13:21:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 14:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/06 16:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/06 16:01:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/10 11:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..Trusted Domains: bestbuy.com ([www-ssl] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 19:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\QTL folders
[2014/01/13 16:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 15:02:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/13 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\ccd_APassionateFascination_ts
[2014/01/13 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Valentine dreams
[2014/01/12 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Toad ally in love with you
[2014/01/12 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Fin sigs
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfzwurs.bjt
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlgcv.fnq
[2014/01/10 14:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Sun
[2014/01/10 14:11:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:11:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/10 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/10 11:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/10 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DigitalSites
[2014/01/09 15:45:05 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 000,028,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:53 | 004,752,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:35:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder
[2014/01/09 13:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/09 13:05:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/09 13:05:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/09 13:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/09 13:05:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/09 13:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 13:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/06 18:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2014/01/06 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 18:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 18:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 17:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Slow cooker recipes
[2013/08/10 13:45:06 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\USER\Application Data\dotNetFx40_Full_setup.exe
[2010/09/03 20:09:59 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/09/03 20:09:59 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/09/03 20:09:59 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 19:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 18:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/13 17:08:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 16:40:35 | 001,656,352 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\76-2-JoelAdams_LilGrace.psd
[2014/01/13 16:40:23 | 003,236,018 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\PSPTUBESTOP_Faith_CarolMoore.psd
[2014/01/13 16:40:12 | 001,463,675 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\13-2-AnnaMarine.psd
[2014/01/13 16:22:21 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Jasc Paint Shop Pro 9.lnk
[2014/01/13 15:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/13 15:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 12:50:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
[2014/01/12 15:09:22 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2014/01/12 09:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 11:02:56 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/11 11:02:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/11 09:16:14 | 000,000,090 | ---- | M] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/10 14:11:19 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:15 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:15 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:15 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:07:34 | 000,505,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/10 14:07:34 | 000,089,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/10 11:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/09 15:45:05 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:03:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2014/01/09 15:01:22 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/01/09 13:07:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 15:18:38 | 000,978,236 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Start-Stop DCOM Server Process Launcher service in Windows 7 from Services, Regedit or CMD.mht
[2014/01/08 08:19:30 | 012,099,717 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/07 12:44:40 | 000,000,072 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2014/01/06 18:23:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launc
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 14, 2014, 01:22:12 AM
OTL logfile created on: 1/13/2014 7:06:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.44% Memory free
4.81 Gb Paging File | 3.98 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/08/22 13:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 09:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/02 16:29:04 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8e046b70030b67810579a40abda1e3aa\System.WorkflowServices.ni.dll
MOD - [2014/01/02 16:27:10 | 001,076,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\69a3f31684a38a4bb0581f969adb09f5\System.ServiceModel.Web.ni.dll
MOD - [2013/11/28 09:36:40 | 000,137,544 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\VssClientDll.dll
MOD - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
MOD - [2013/10/09 10:03:25 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:35:28 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 06:31:48 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\92e77253888dbd9c0bba085083619459\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 06:31:47 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\85a498bbd8b627f024494aff48293868\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 06:31:46 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b497fb14e3235ee6c29125b069dec168\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 06:31:46 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e9a7e4f157404d716b2da7e33d9b6530\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 06:31:43 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1adbc62df2ee2812328adaa2b29db646\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:31:25 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ff7a142f6b3bdfea11e82d43196c7611\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:30:27 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ed61ee6ddf10acbd36e8eef05639e6e8\System.Data.DataSetExtensions.ni.dll
MOD - [2013/10/09 06:30:09 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7a55f1a3264f1482d90d89faf722c32\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:30:08 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2317d10bd132b3b52081f90051e21afe\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:30:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:25:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\76be8eddc22a93ae3bb03e2429cec546\PresentationFramework.ni.dll
MOD - [2013/10/09 06:25:46 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/10/09 06:25:45 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:25:43 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\325d0892f38cfa9dc4dd834066b218de\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:25:33 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\545c9efd86994100a4397aaefc753d22\PresentationCore.ni.dll
MOD - [2013/10/09 06:25:33 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f4b3731e5bbead895061725c5fe89e74\System.Data.ni.dll
MOD - [2013/10/09 06:25:28 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 06:25:24 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\386c47ad5b7e82f3832a668b777c4756\WindowsBase.ni.dll
MOD - [2013/09/26 16:08:34 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll
MOD - [2013/09/26 16:08:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll
MOD - [2013/09/26 16:08:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll
MOD - [2013/09/26 16:08:29 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll
MOD - [2013/09/26 16:08:28 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll
MOD - [2013/09/26 16:08:28 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll
MOD - [2013/09/26 16:08:26 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll
MOD - [2013/09/26 16:08:25 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll
MOD - [2013/08/27 15:17:27 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78329ab1c7f5e92c6f2462188ad1de79\SMDiagnostics.ni.dll
MOD - [2013/08/15 10:23:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:23:34 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 10:22:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 10:22:13 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 04:15:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:15:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 04:15:27 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/15 04:15:17 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:15:13 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 04:13:30 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:13:05 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:12:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 09:34:54 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 09:32:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/07 18:07:02 | 000,113,664 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/01/06 16:01:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:42:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () [Auto | Running] -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/11 11:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/28 13:27:43 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/28 16:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/26 06:39:32 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/05 09:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 08:59:06 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/09 08:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{C62C35BF-E421-4F34-B607-1A2B73807829}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/12/02 14:01:55 | 000,000,000 | ---D | M]

[2010/12/28 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2014/01/10 11:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions
[2014/01/06 13:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\firefox@jumpflip.net.xpi
[2013/08/25 13:21:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 14:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/06 16:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/06 16:01:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/10 11:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..Trusted Domains: bestbuy.com ([www-ssl] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 19:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\QTL folders
[2014/01/13 16:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 15:02:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/13 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\ccd_APassionateFascination_ts
[2014/01/13 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Valentine dreams
[2014/01/12 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Toad ally in love with you
[2014/01/12 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Fin sigs
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfzwurs.bjt
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlgcv.fnq
[2014/01/10 14:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Sun
[2014/01/10 14:11:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:11:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/10 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/10 11:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/10 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DigitalSites
[2014/01/09 15:45:05 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 000,028,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:53 | 004,752,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:35:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder
[2014/01/09 13:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/09 13:05:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/09 13:05:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/09 13:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/09 13:05:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/09 13:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 13:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/06 18:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2014/01/06 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 18:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 18:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 17:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Slow cooker recipes
[2013/08/10 13:45:06 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\USER\Application Data\dotNetFx40_Full_setup.exe
[2010/09/03 20:09:59 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/09/03 20:09:59 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/09/03 20:09:59 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 19:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 18:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/13 17:08:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 16:40:35 | 001,656,352 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\76-2-JoelAdams_LilGrace.psd
[2014/01/13 16:40:23 | 003,236,018 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\PSPTUBESTOP_Faith_CarolMoore.psd
[2014/01/13 16:40:12 | 001,463,675 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\13-2-AnnaMarine.psd
[2014/01/13 16:22:21 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Jasc Paint Shop Pro 9.lnk
[2014/01/13 15:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/13 15:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 12:50:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
[2014/01/12 15:09:22 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2014/01/12 09:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 11:02:56 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/11 11:02:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/11 09:16:14 | 000,000,090 | ---- | M] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/10 14:11:19 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:15 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:15 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:15 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:07:34 | 000,505,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/10 14:07:34 | 000,089,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/10 11:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/09 15:45:05 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:03:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2014/01/09 15:01:22 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/01/09 13:07:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 15:18:38 | 000,978,236 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Start-Stop DCOM Server Process Launcher service in Windows 7 from Services, Regedit or CMD.mht
[2014/01/08 08:19:30 | 012,099,717 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/07 12:44:40 | 000,000,072 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2014/01/06 18:23:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launc
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 14, 2014, 01:27:52 AM
[2014/01/08 08:19:21 | 012,099,717 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/06 18:23:13 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 16:03:09 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 15:57:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 15:57:28 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 13:54:23 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\Mozilla Firefox.lnk
[2014/01/06 13:44:00 | 001,384,066 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\bookmark.htm
[2014/01/05 11:55:13 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2014/01/02 12:18:11 | 000,150,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/01/02 09:53:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qpgh.vbg
[2014/01/02 09:43:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/02 09:41:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\pyez.wwv
[2014/01/02 09:41:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmkgrg.zyh
[2014/01/02 09:25:41 | 000,101,213 | --S- | C] () -- C:\WINDOWS\System32\lipwzq.nqv
[2013/12/30 13:43:20 | 000,131,594 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\Postal receipt.pdf
[2013/08/30 14:20:38 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\USER\.recently-used.xbel
[2013/08/30 09:58:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2013/08/30 09:54:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Rule Actions
[2013/07/30 11:13:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Speech Enhancer
[2013/07/30 11:13:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\Soundtrack
[2013/07/30 11:13:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2013/07/30 11:13:02 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sports
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Specifications
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\Space Choir
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\Sounds
[2013/07/30 11:12:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/07/30 11:12:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/07/30 11:12:27 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Leads
[2013/07/30 10:50:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
[2013/07/30 10:50:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\String Comparison
[2013/07/30 10:50:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2013/07/30 10:50:46 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
[2013/04/16 16:32:19 | 000,000,297 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2013/03/15 11:27:25 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/11/23 16:34:02 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/21 13:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 07:39:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/09 17:33:05 | 010,676,670 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2203466315-1556017997-98728662-1005-0.dat
[2011/11/09 17:33:05 | 000,249,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 09:39:34 | 000,148,177 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2010/09/03 20:09:59 | 000,402,800 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll
[2010/09/03 20:09:59 | 000,130,416 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll
[2010/01/28 14:28:42 | 000,008,354 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/17 10:38:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/28 23:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 14, 2014, 05:47:34 PM
Thank you, Jemellin.  That is what I needed to see. 

Although I'm expecting a bunch of "not found" in the log, because you do not want Google Chrome, I've provided every instance of an inclusion of Chrome.  First, right-click on Chrome in your task bar and select close or exit. Then, please do the following:

Warning:  This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Code Select

:Commands
[CREATERESTOREPOINT]

:OTL
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

:File
C:\WINDOWS\System32\qpgh.vbg
C:\WINDOWS\System32\zfxmlml.mzf
C:\WINDOWS\System32\pyez.wwv
C:\WINDOWS\System32\cmkgrg.zyh
C:\WINDOWS\System32\lipwzq.nqv
C:\Program Files\Google
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[Reboot]

After posting the resulting Fix log, please rescan as follows:

Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 15, 2014, 12:35:02 PM
I know there is alot to fix but the OTL run fix has been going 14 hrs. at this point. Is this to be expected? I am on my husbands computer now! Thanks Corrine for your help.
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 15, 2014, 06:43:19 PM
That is definitely not normal.  I've been concerned with the age of your computer and being Windows XP, nearing the end of support. 

Please restart your computer.  If you have any problems restarting, boot to Safe Mode and restore your computer to an earlier date.  In fact, OTL should have created a restore point before starting.

Microsoft Windows XP - Start the computer in safe mode (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true)
How to restore Windows XP to a previous state (http://support.microsoft.com/kb/306084)
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 15, 2014, 07:06:22 PM
Ok I restored my computer to yesterday morning @8:59
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 15, 2014, 07:16:52 PM
I just noticed this log after rebooting is it one we already had??
ComboFix 14-01-08.03 - USER 01/13/2014  14:42:38.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2135 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-07 00:04 . 2014-01-07 00:04   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 15, 2014, 11:38:13 PM
Good job, jemellin. 

With the age of your computer and the end of support for Windows XP rapidly approaching (April 8, 2014), there isn't a lot that can be done.  However, if you still want to remove Chrome, we can use ComboFix to remove the Chrome folder.  It should also remove the orphans.  If it doesn't we can do it in another run.  First, right-click on Chrome in your task bar and select close or exit. Then, please do the following:

Note:  After ComboFix launches, click Yes if you see the following:

(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCFupdate.gif&hash=571f3c705aea32a2110e0368ef36e31d788752f9)

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

c:\program files\Google

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 16, 2014, 04:26:18 PM
ComboFix 14-01-16.03 - USER 01/16/2014  10:17:41.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2191 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 16, 2014, 06:32:51 PM
Hi, jemellin.  It looks like ComboFix took care of it but I need to see the previous log.  Either manually navigate to C:\Qoobox\ComboFix2.txt and open in Notepad or do the following:

Hold down the Windows Key and the "R" key.  A run box will appear.  Copy and paste the following:
C:\Qoobox\ComboFix2.txt then click OK
Notepad will open with a log.  Post the contents of that log in your next reply.

Thank you.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 16, 2014, 07:10:00 PM
ComboFix 14-01-16.03 - USER 01/16/2014  10:03:41.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2175 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 16, 2014, 07:42:36 PM
Well, no wonder!  I am so sorry, jemellin, it certainly would have helped if I told ComboFox what I wanted removed!  :smash:  I didn't even realize that the code I gave you didn't include the appropriate directive.  The instructions below properly tell ComboFix what to do.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

Folder::
c:\program files\Google

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 16, 2014, 08:01:36 PM
ComboFix 14-01-16.03 - USER 01/16/2014  13:50:53.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2138 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_100_percent.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_child.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_frame_helper.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_frame_helper.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_launcher.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\chrome_touch_100_percent.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\d3dcompiler_43.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\d3dcompiler_46.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\docs.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\drive.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\external_extensions.json
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\gmail.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\search.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\default_apps\youtube.crx
c:\program files\Google\Chrome\Application\31.0.1650.63\delegate_execute.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\Extensions\external_extensions.json
c:\program files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\icudt.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrome.7z
c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\libegl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\libpeerconnection.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\am.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\am.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ar.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ar.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bg.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bg.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bn.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\bn.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ca.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ca.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\cs.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\cs.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\da.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\da.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\de.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\de.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\el.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\el.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-GB.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-GB.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-US.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\en-US.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es-419.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es-419.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\es.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\et.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\et.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fa.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fa.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fi.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fi.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fil.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fil.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\fr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\gu.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\gu.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\he.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\he.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hi.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hi.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hu.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\hu.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\id.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\id.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\it.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\it.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ja.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ja.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\kn.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\kn.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ko.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ko.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lt.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lt.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lv.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\lv.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ml.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ml.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\mr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\mr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ms.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ms.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nb.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nb.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\nl.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pl.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-BR.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-BR.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-PT.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\pt-PT.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ro.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ro.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ru.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ru.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sk.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sk.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sl.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sl.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sv.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sv.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sw.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\sw.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ta.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\ta.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\te.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\te.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\th.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\th.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\tr.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\tr.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\uk.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\uk.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\vi.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\vi.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-CN.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-CN.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-TW.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\Locales\zh-TW.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\metro_driver.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\nacl_irt_x86_32.nexe
c:\program files\Google\Chrome\Application\31.0.1650.63\nacl_irt_x86_64.nexe
c:\program files\Google\Chrome\Application\31.0.1650.63\nacl64.exe
c:\program files\Google\Chrome\Application\31.0.1650.63\npchrome_frame.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\pdf.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\PepperFlash\manifest.json
c:\program files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\resources.pak
c:\program files\Google\Chrome\Application\31.0.1650.63\secondarytile.png
c:\program files\Google\Chrome\Application\31.0.1650.63\VisualElements\logo.png
c:\program files\Google\Chrome\Application\31.0.1650.63\VisualElements\smalllogo.png
c:\program files\Google\Chrome\Application\31.0.1650.63\VisualElements\splash-620x300.png
c:\program files\Google\Chrome\Application\31.0.1650.63\widevinecdmadapter.dll
c:\program files\Google\Chrome\Application\31.0.1650.63\xinput1_3.dll
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\debug.log
c:\program files\Google\Chrome\Application\Dictionaries\en-US-3-0.bdic
c:\program files\Google\Chrome\Application\VisualElementsManifest.xml
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdate.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.22.3\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.22.3\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.22.3\goopdate.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_am.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ar.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_bg.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_bn.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ca.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_cs.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_da.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_de.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_el.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_en.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_es.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_et.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fa.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fi.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fil.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_fr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_gu.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_hi.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_hr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_hu.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_id.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_is.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_it.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_iw.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ja.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_kn.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ko.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_lt.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_lv.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ml.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_mr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ms.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_nl.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_no.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_pl.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ro.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ru.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sk.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sl.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sv.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_sw.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ta.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_te.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_th.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_tr.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_uk.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_ur.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_vi.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.22.3\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.22.3\psmachine.dll
c:\program files\Google\Update\1.3.22.3\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.22.3\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\31.0.1650.63\31.0.1650.63_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 17, 2014, 12:07:08 AM
Perfect, jemellin!  That is what I needed to see.  Now that I've (finally) found and obtained access to a better source for researching the MD5's in the failed sigcheck part of your log, we can get that fixed.  (I was beginning to question my search skills.)  This next step will replace the D COM files damaged by the malware with correct files. 

Please do the following. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

FCopy::
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll | c:\windows\system32\rpcss.dll
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll | c:\windows\system32\dllcache\rpcss.dll

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 17, 2014, 03:56:57 PM
ComboFix 14-01-16.03 - USER 01/17/2014   9:43.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2083 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll --> c:\windows\system32\rpcss.dll
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll --> c:\windows\system32\dllcache\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-17 to 2014-01-17  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 17, 2014, 05:56:36 PM
:dance:  Ok, jemellin, that did it!  Now to clean up the tools we used and set a path forward.

1.  Right-click on the following on your desktop and select Delete:

SecurityCheck
TDSSKiller
RogueKiller
SystemLook

2.  Double-click on AdwCleaner.exe to run the tool again.
3.  Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).


4.  As I mentioned earlier, Windows XP will soon be reaching its end of life.  That means that Microsoft will not be releasing any additional security updates for Windows XP, regardless of any new vulnerabilities.  My best advice is to start saving for a new computer so that you will be in a position to replace this one sooner rather than later.  In the meantime, it will be more important than ever to keep Adobe products (Adobe Acrobat, Adobe AIR, Adobe Reader and Adobe Flash Player) as well as Oracle Java updated. 

Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" (http://securitygarden.blogspot.com/p/blog-page.html) and let me know if you have any questions.
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 17, 2014, 06:58:58 PM
tried to update Adobe  Acrobat says cannot connect the server make sure I have connection to the internet......which I do!
Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 17, 2014, 07:25:15 PM
A quick question please I last backed up my computer about Jan. 5th 2014 Using the click free C6. If I now backup the computer will I still have all the old bad files on it ? Wondering in case I would ever want to tranfer files to a new computer!
Thanks
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 17, 2014, 07:43:46 PM
I was listing all of the Adobe products when I wrote that.  However, I checked the list of installed programs and see it shows Acrobat 5.0, which is from ~2003.  There are no updates for that as Acrobat is at v11 and is a licensed program.  You can uninstall Adobe Acrobat from your computer.  You can also find information on the latest updates for the other programs in the General Software News, Updates & Discussions (http://www.landzdown.com/general-software-news-updates-discussions/) forum.

Uninstalling AdwCleaner and deleting RogueCleaner would have removed any of those quarantined files.  More importantly, the uninstall of ComboFix cleared old restore points that may have been infected and removed the quarantined files. 

Since you have Windows Live installed, I would guess you have a Hotmail/Outlook.com e-mail account.  It wouldn't hurt to also back up pictures and documents that you want to keep to SkyDrive.  If you haven't used SkyDrive before, my blog post from last year and the references at the bottom should help you get started:  Moving to SkyDrive (http://securitygarden.blogspot.com/2013/02/moviing-to-skydrive.html).  For sensitive documents, see SkyDrive Security (http://securitygarden.blogspot.com/2013/03/skydrive-security.html).

Title: Re: D COM Server NT Authority System problem
Post by: jemellin on January 26, 2014, 10:52:48 PM
Corrine thanks for all your help and time helping me with my problem...................I really appreciate it! :mitch:
Title: Re: D COM Server NT Authority System problem
Post by: Corrine on January 26, 2014, 11:14:01 PM
You are very welcome, jemellin.  I was happy to do so.
Text only | Text with Images