D COM Server NT Authority System problem

Started by jemellin, January 09, 2014, 04:04:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3 ... 5
User actions

jemellin

January 09, 2014, 04:04:38 PM
Keep getting message D COM Server NT Authority system unexpectly terminated will shut down in 30 seconds. Also sometime get Malwarebye blocked 66.45.56.109 outgoing. Run malawarebyles and virus scan and scan got almost done and then message  about system unexpected terminated  and will shut down.
Results of screen317's Security Check version 0.99.78 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running! This report may not be accurate!
PC Cleaners               
ESET NOD32 Antivirus 7.0   
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300 
Java(TM) 6 Update 31 
Java version out of Date!
Adobe Flash Player    11.9.900.170 
Adobe Reader XI 
Mozilla Firefox 23.0.1 Firefox out of Date! 
Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent````````[/u] 
ESET NOD32 Antivirus egui.exe 
ESET NOD32 Antivirus ekrn.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````[/u]

jemellin

#1
January 09, 2014, 04:07:07 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2009 11:40:18 AM
System Uptime: 1/9/2014 9:07:09 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0JJW8N
Processor: Intel(R) Core(TM)2 Duo CPU     E7500  @ 2.93GHz | Socket 775 | 2925/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 258.163 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1283: 10/11/2013 12:50:11 PM - System Checkpoint
RP1284: 10/12/2013 1:33:26 PM - System Checkpoint
RP1285: 10/13/2013 1:58:20 PM - Software Distribution Service 3.0
RP1286: 10/14/2013 4:31:27 PM - System Checkpoint
RP1287: 10/15/2013 4:40:48 PM - System Checkpoint
RP1288: 10/19/2013 5:42:29 PM - System Checkpoint
RP1289: 10/20/2013 6:30:46 PM - System Checkpoint
RP1290: 10/22/2013 10:40:37 AM - System Checkpoint
RP1291: 10/23/2013 5:49:57 PM - System Checkpoint
RP1292: 10/25/2013 9:13:52 AM - System Checkpoint
RP1293: 10/28/2013 2:37:42 PM - System Checkpoint
RP1294: 10/29/2013 2:41:09 PM - System Checkpoint
RP1295: 10/30/2013 5:28:57 PM - System Checkpoint
RP1296: 11/1/2013 8:05:35 AM - System Checkpoint
RP1297: 11/3/2013 5:07:07 PM - System Checkpoint
RP1298: 11/5/2013 11:30:46 AM - System Checkpoint
RP1299: 11/6/2013 4:10:14 PM - System Checkpoint
RP1300: 11/8/2013 3:02:23 PM - System Checkpoint
RP1301: 11/9/2013 4:29:14 PM - System Checkpoint
RP1302: 11/10/2013 5:48:16 PM - System Checkpoint
RP1303: 11/12/2013 5:34:56 PM - System Checkpoint
RP1304: 11/13/2013 5:27:00 PM - Software Distribution Service 3.0
RP1305: 11/15/2013 11:52:10 AM - System Checkpoint
RP1306: 11/18/2013 10:44:48 AM - System Checkpoint
RP1307: 11/19/2013 12:27:57 PM - System Checkpoint
RP1308: 11/20/2013 4:09:05 PM - System Checkpoint
RP1309: 11/24/2013 8:51:53 AM - System Checkpoint
RP1310: 11/26/2013 11:37:26 AM - System Checkpoint
RP1311: 11/27/2013 4:13:19 PM - System Checkpoint
RP1312: 11/28/2013 4:59:05 PM - System Checkpoint
RP1313: 12/1/2013 7:12:30 PM - System Checkpoint
RP1314: 12/2/2013 2:01:20 PM - Removed ESET NOD32 Antivirus
RP1315: 12/2/2013 2:01:37 PM - Installed ESET NOD32 Antivirus
RP1316: 12/3/2013 2:47:14 PM - System Checkpoint
RP1317: 12/4/2013 5:33:22 PM - System Checkpoint
RP1318: 12/5/2013 6:40:57 PM - System Checkpoint
RP1319: 12/6/2013 7:00:20 PM - System Checkpoint
RP1320: 12/7/2013 7:05:50 PM - System Checkpoint
RP1321: 12/8/2013 7:19:04 PM - System Checkpoint
RP1322: 12/9/2013 7:34:32 PM - System Checkpoint
RP1323: 12/10/2013 8:27:56 PM - System Checkpoint
RP1324: 12/11/2013 9:40:01 PM - Software Distribution Service 3.0
RP1325: 12/13/2013 11:16:53 AM - System Checkpoint
RP1326: 12/13/2013 6:20:49 PM - Software Distribution Service 3.0
RP1327: 12/15/2013 8:22:39 AM - System Checkpoint
RP1328: 12/16/2013 2:21:41 PM - System Checkpoint
RP1329: 12/17/2013 2:33:22 PM - System Checkpoint
RP1330: 12/19/2013 4:52:01 PM - System Checkpoint
RP1331: 12/21/2013 8:00:51 AM - System Checkpoint
RP1332: 12/22/2013 1:13:35 PM - System Checkpoint
RP1333: 12/23/2013 2:22:17 PM - System Checkpoint
RP1334: 12/24/2013 5:14:39 PM - System Checkpoint
RP1335: 12/25/2013 6:08:25 PM - System Checkpoint
RP1336: 12/26/2013 8:46:41 AM - Removed DriverUpdate
RP1337: 12/27/2013 10:34:43 AM - System Checkpoint
RP1338: 12/28/2013 11:52:26 AM - System Checkpoint
RP1339: 12/29/2013 5:51:09 PM - System Checkpoint
RP1340: 12/30/2013 6:32:06 PM - System Checkpoint
RP1341: 1/1/2014 12:22:00 PM - System Checkpoint
RP1342: 1/2/2014 12:47:07 PM - System Checkpoint
RP1343: 1/3/2014 1:38:42 PM - Software Distribution Service 3.0
RP1344: 1/5/2014 7:16:21 AM - System Checkpoint
RP1345: 1/5/2014 12:30:12 PM - Removed Adobe Reader XI (11.0.05).
RP1346: 1/6/2014 6:03:56 PM - Restore Operation
RP1347: 1/7/2014 7:20:23 AM - Software Distribution Service 3.0
RP1348: 1/8/2014 8:54:14 AM - System Checkpoint
RP1349: 1/8/2014 1:56:12 PM - Removed Skype™ 6.1
RP1350: 1/8/2014 1:58:05 PM - Removed Skype Click to Call
.
==== Installed Programs ======================
.
abrMate version 1.0
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
aioprnt
aioscnnr
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Skin Exposure
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Eye Candy 6
Alien Skin Eye Candy 7
Alien Skin Xenofex 2.0
AMP Font Viewer
AMS Photo Effects 2.71
AnswerWorks 5.0 English Runtime
Apache Tomcat 6.0 (remove only)
Ask Toolbar
Auto FX Free
Bing Bar
BJCS
Bonjour
C4USelfUpdater
center
CenturyLink QuickAssist Desktop Tools
Clickfree Easy Image
Colour Studio 2.0 Demo
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Corel PaintShop Photo Pro X3
Coupon Printer for Windows
Dell Backup and Recovery Manager
Dell System Detect Bootstrapper
Desktop Restore
Diagnostic Utility
Elevated Installer
ESET NOD32 Antivirus
essentials
Eye Candy 4000
Filter Forge Freepack 5 - Hearts 2.009
Filters Unlimited 2.0
FlashPeak SlimBrowser
Font Thumbnail
Garmin Communicator Plugin
Garmin Express
Garmin Express Tray
Garmin Update Service
Garmin USB Drivers
getPlus(R) Download Manager for Corel
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICA
Inbox Toolbar
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IPM_PSP_Pro
Jasc Animation Shop 3
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
ksDIP
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Essentials
neroxml
Nikon Message Center 2
Nikon Movie Editor
ocr
OGA Notifier 2.0.0048.0
Paint Shop Pro 7 Anniversary Edition
Photobucket Backup
Picture Control Utility
PowerDVD DX
PreReq
PrintProjects
PSPPContent
PSPPRO_DCRAW
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setup
SmartSound Common Data
SmartSound Quicktracks 5
Sonic CinePlayer Decoder Pack
Sqirlz Water Reflections
StartNow Toolbar
Ulead GIF Animator 5 ESD
Ulead Particle.Plugin 1.0
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX 2
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/8/2014 2:57:27 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  TfFsMon TfSysMon
1/8/2014 2:57:27 PM, error: Service Control Manager [7022]  - The ESET Service service hung on starting.
1/8/2014 2:56:10 PM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
1/8/2014 2:56:10 PM, error: Service Control Manager [7000]  - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error:  The system cannot find the file specified.
1/8/2014 2:52:37 PM, error: Service Control Manager [7034]  - The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).
1/8/2014 2:52:37 PM, error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/8/2014 12:54:01 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the FullImagingService service to connect.
1/8/2014 12:54:01 PM, error: Service Control Manager [7000]  - The FullImagingService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/7/2014 4:12:07 PM, error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

Corrine

#2
January 09, 2014, 05:00:31 PM
Hi, Jemelin.  Welcome to LandzDown Forum.

Please copy/paste a copy of the DDS.txt log for review.

Thank you.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#3
January 09, 2014, 05:59:34 PM
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by USER at 9:46:26 on 2014-01-09
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.1407 [GMT -6:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\documents and settings\all users\application data\Clickfree\cfagent.exe
C:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FibReminder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FullImagingService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uProxyOverride = 127.0.0.1:9421;<local>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PCTools Site Guard: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
uRun: [] c:\documents and settings\user\ahhotfftppiuzkqohbadbwc.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
uRun: [ClickfreeMonitor] c:\documents and settings\all users\application data\clickfree\cfagent.exe
uRun: [FibReminder] c:\documents and settings\all users\application data\clickfree\fullimagingbackup\FibReminder.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ErrorTeck] c:\program files\errorteck\ErrorTeck.exe /scan
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
uExplorerRun: [eacbafdeeeeb] c:\documents and settings\user\application data\42e0800a-74cb-4973-afd7-36e4e3e1e60b79\eacbafdeeeeb.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: New Value #1 = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : NameServer = 64.91.3.46,208.54.220.20
TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\cqnf6uhv.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 118768]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2011-7-6 57344]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 FullImagingService;FullImagingService;c:\documents and settings\all users\application data\clickfree\fullimagingbackup\FullImagingService.exe [2013-9-6 235848]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2013-3-15 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2013-1-15 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-6 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-6 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-22 22016]
R2 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-1-28 57344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-6 22856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 cpuz132;cpuz132;

  • S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-22 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-22 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-23 13464]
    S3 TfNetMon;TfNetMon;

  • .
    =============== File Associations ===============
    .
    ShellExec: Photoshp.exe: open=c:\program files\adobe\photoshop 5.5\Photoshp.exe
    .
    =============== Created Last 30 ================
    .
    2014-01-07 00:23:16   --------   d-----w-   c:\documents and settings\user\application data\Malwarebytes
    2014-01-07 00:23:12   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
    2014-01-07 00:23:11   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2014-01-07 00:23:11   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2014-01-07 00:04:40   --------   d-----w-   c:\windows\system32\wbem\repository\FS
    2014-01-07 00:04:40   --------   d-----w-   c:\windows\system32\wbem\Repository
    2014-01-06 22:00:59   647280   ----a-w-   c:\program files\mozilla firefox\libGLESv2.dll
    .
    ==================== Find3M  ====================
    .
    2014-01-07 22:10:54   1682   --sha-w-   c:\windows\system32\KGyGaAvL.sys
    2013-12-26 12:39:32   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
    2013-12-11 20:42:31   71048   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-12-11 20:42:31   692616   -c--a-w-   c:\windows\system32\FlashPlayerApp.exe
    2013-11-13 02:59:42   150528   ----a-w-   c:\windows\system32\imagehlp.dll
    2013-11-07 05:38:51   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
    2013-11-06 01:03:31   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
    2013-10-30 02:26:17   1879040   ----a-w-   c:\windows\system32\win32k.sys
    2013-10-29 07:57:34   920064   ----a-w-   c:\windows\system32\wininet.dll
    2013-10-29 07:57:33   43520   ------w-   c:\windows\system32\licmgr10.dll
    2013-10-29 07:57:33   18944   ----a-w-   c:\windows\system32\corpol.dll
    2013-10-29 07:57:33   1469440   ------w-   c:\windows\system32\inetcpl.cpl
    2013-10-29 00:45:02   385024   ------w-   c:\windows\system32\html.iec
    2013-10-23 23:45:49   172032   ----a-w-   c:\windows\system32\scrrun.dll
    2013-10-12 15:56:19   278528   ----a-w-   c:\windows\system32\oakley.dll
    2011-08-23 23:42:54   332144   -c--a-w-   c:\program files\common files\MediaOrganizer.dll
    2011-08-23 23:35:38   33136   -c--a-w-   c:\program files\common files\FlickrProvider.dll
    2011-08-23 23:35:14   402800   -c--a-w-   c:\program files\common files\facebook.dll
    2011-08-23 23:35:14   130416   -c--a-w-   c:\program files\common files\PluginCommon.dll
    2011-08-23 23:34:26   465264   -c--a-w-   c:\program files\common files\AppFramework.dll
    .
    ============= FINISH:  9:48:01.23 ===============

Corrine

#4
January 09, 2014, 06:55:26 PM
Thank you for the additional log, jemellin.

I haven't seen anyone with the NT Authority shutdown notice in a very long time.  It used to happen with users of Ad-Aware and others with the Blaster Worm.  You can use this tool to disable/enable DCOM.  http://www.grc.com/dcom/ or when the 60-second countdown starts, cancel the shutdown command:

Click > Start > select Run, type shutdown -a but do not click OK yet.  As soon as you see that shutdown message appear click on OK to launch the shutdown -a command. This will abort the shutdown.

Although there are other things I would like to address, I'd like you to run ComboFix first.  Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#5
January 09, 2014, 07:46:21 PM
I did as you said and it starting to do the scan went through about 25 stages then a big blue screen came up saying someting about a shutdown to protect the computer and a driver. I never did get a report!

jemellin

#6
January 09, 2014, 07:47:43 PM
Also I now have a red icon on my virus protector saying my firewall is off I cannoy turn it back on

Corrine

#7
January 09, 2014, 08:46:10 PM
According to the log, the Security Center was already off.  Let's see if we can get to that trojan from a different direction that seems to have worked with Windows XP.  Please do the following:

1.  Please download AdwCleaner by Xplode to your Desktop.

  • Click on the Scan button.
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
2.  Please download & save to your Desktop from RogueKiller or from here      

  • Note:  Close all open programs and disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7,  right-click and select "Run as  Administrator"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#8
January 09, 2014, 09:51:24 PM
After running ADWcleaner it did nothing and didn't restart computer then ran RogueKiller
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Scan -- Date : 01/09/2014 15:45:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run :  (C:\Documents and Settings\USER\ahhotfftppiuzkqohbadbwc.exe
  • ) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : ClickfreeMonitor (c:\documents and settings\all users\application data\Clickfree\cfagent.exe [7]) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : FibReminder (c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FibReminder.exe [7]) -> FOUND
    [DNS][PUM] HKLM\[...]\CCSet\[...]\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : NameServer (64.91.3.46,208.54.220.20 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
    [DNS][PUM] HKLM\[...]\CS001\[...]\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : NameServer (64.91.3.46,208.54.220.20 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
    [DNS][PUM] HKLM\[...]\CS003\[...]\{B0E18D04-350B-4C5B-95FF-550EEA4A455D} : NameServer (64.91.3.46,208.54.220.20 [UNITED STATES (US) - UNITED STATES (US)]) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][File] @ : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\@ [-] --> FOUND
    [ZeroAccess][File] @ : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\@ [-] --> FOUND
    [ZeroAccess][Folder] U : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\U [-] --> FOUND
    [ZeroAccess][Folder] U : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\U [-] --> FOUND
    [ZeroAccess][Folder] L : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\L [-] --> FOUND
    [ZeroAccess][Folder] L : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\L [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT721050SLA360 +++++
    --- User ---
    [MBR] 45ddf30012c31eff4afde8a7c45e2bee
    [BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 476899 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_01092014_154507.txt >>


    RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : USER [Admin rights]
    Mode : Remove -- Date : 01/09/2014 15:45:52
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run :  (C:\Documents and Settings\USER\ahhotfftppiuzkqohbadbwc.exe
  • ) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : ClickfreeMonitor (c:\documents and settings\all users\application data\Clickfree\cfagent.exe [7]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : FibReminder (c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FibReminder.exe [7]) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][File] @ : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\@ [-] --> DELETED
    [ZeroAccess][File] @ : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\@ [-] --> DELETED
    [ZeroAccess][Folder] U : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\U [-] --> DELETED
    [ZeroAccess][Folder] U : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\U [-] --> DELETED
    [ZeroAccess][Folder] L : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\L [-] --> DELETED
    [ZeroAccess][Folder] L : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\L [-] --> DELETED
    [ZeroAccess][File] 00000004.@ : C:\WINDOWS\INSTAL~1\{D7B4D~1\L\00000004.@ [-] --> DELETED
    [ZeroAccess][File] 1afb2d56 : C:\WINDOWS\INSTAL~1\{D7B4D~1\L\1afb2d56 [-] --> DELETED
    [ZeroAccess][File] 201d3dde : C:\WINDOWS\INSTAL~1\{D7B4D~1\L\201d3dde [-] --> DELETED

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT721050SLA360 +++++
    --- User ---
    [MBR] 45ddf30012c31eff4afde8a7c45e2bee
    [BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 476899 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_01092014_154552.txt >>
    RKreport[0]_S_01092014_154507.txt





jemellin

#9
January 09, 2014, 09:52:22 PM
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Remove -- Date : 01/09/2014 15:45:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run :  (C:\Documents and Settings\USER\ahhotfftppiuzkqohbadbwc.exe
  • ) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : ClickfreeMonitor (c:\documents and settings\all users\application data\Clickfree\cfagent.exe [7]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : FibReminder (c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FibReminder.exe [7]) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][File] @ : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\@ [-] --> DELETED
    [ZeroAccess][File] @ : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\@ [-] --> DELETED
    [ZeroAccess][Folder] U : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\U [-] --> DELETED
    [ZeroAccess][Folder] U : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\U [-] --> DELETED
    [ZeroAccess][Folder] L : C:\WINDOWS\Installer\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\L [-] --> DELETED
    [ZeroAccess][Folder] L : C:\Documents and Settings\USER\Local Settings\Application Data\{d7b4d545-327d-3466-4d05-cecb6a7246e3}\L [-] --> DELETED
    [ZeroAccess][File] 00000004.@ : C:\WINDOWS\INSTAL~1\{D7B4D~1\L\00000004.@ [-] --> DELETED
    [ZeroAccess][File] 1afb2d56 : C:\WINDOWS\INSTAL~1\{D7B4D~1\L\1afb2d56 [-] --> DELETED
    [ZeroAccess][File] 201d3dde : C:\WINDOWS\INSTAL~1\{D7B4D~1\L\201d3dde [-] --> DELETED

    ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1       localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT721050SLA360 +++++
    --- User ---
    [MBR] 45ddf30012c31eff4afde8a7c45e2bee
    [BSP] 57ebeff2313f991a6fe753b171cc7198 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 476899 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_01092014_154552.txt >>
    RKreport[0]_S_01092014_154507.txt



Corrine

#10
January 10, 2014, 12:26:29 AM
1.  In lieu of AdwCleaner, please do the following:  Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
2. After running JRT, please restart your computer and try to run ComboFix again.  I'll repeat the instructions for you:

Please follow these instructions carefully.

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

    Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts. 
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#11
January 10, 2014, 06:06:05 PM
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by USER on Fri 01/10/2014 at 11:28:14.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 24x7helpsvc
Successfully deleted: [Service] 24x7helpsvc
Successfully stopped: [Service] update jump flip
Successfully deleted: [Service] update jump flip



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\24x7help
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\24x7help
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\inbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\startnow toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{612ad33d-9824-4e87-8396-92374e91c4bb}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a957f04c-49f4-4375-8c8a-d04b769efe47}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2233703
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{704AC797-ECA0-4033-BB80-ABD42E0682F1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\24x7 help"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\mysearchdial"
Successfully deleted: [Folder] "C:\Documents and Settings\USER\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Program Files\24x7help"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\jump flip"
Successfully deleted: [Folder] "C:\Program Files\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files\openit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\24x7 help"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\open it!"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\user.js
Successfully deleted: [File] C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\extensions\staged
Successfully deleted the following from C:\Documents and Settings\USER\Application Data\mozilla\firefox\profiles\cqnf6uhv.default\prefs.js

user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "stp.startnow.com");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0D0E0A0DtDyBtAtCzyyCtN0D0Tzu0SyByEtCtN1L2XzutBtFtBtFtCyEt
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("browser.search.defaultenginename", "Mysearchdial");



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/10/2014 at 11:33:30.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 14-01-08.03 - USER 01/10/2014  11:41:29.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2019 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\A416D46112.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\24x7 Help.lnk
c:\documents and settings\USER\Local Settings\Temporary Internet Files\009f5209-cf94-40d0-8ba9-7cf5444e2466.jpg
c:\documents and settings\USER\Local Settings\Temporary Internet Files\ApnStub.exe
c:\documents and settings\USER\Local Settings\Temporary Internet Files\Jump Flip_iels
c:\documents and settings\USER\WINDOWS
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))
.
.
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-10 16:55   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-09 21:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-07 00:04 . 2014-01-07 00:04   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-09 . FCAD241DEA0005135DBDF5D77EC7919D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 846C48ABE7539394D4C39980DFB69FE1 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 10:16 AM 14336]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 4:21 PM 249648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 2:23 PM 196176]
    S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    Akamai   REG_MULTI_SZ      Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-10 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
    HKLM-Run-ErrorTeck - c:\program files\ErrorTeck\ErrorTeck.exe
    HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    AddRemove-AMS Photo Effects_is1 - c:\e backup\PlugIns\Plug-ins\Plugins\Photoeffect\AMS Photo Effects\unins000.exe
    AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
    AddRemove-Eye Candy 6 - c:\docume~1\USER\Desktop\ALIENS~1\EYECAN~1\Unwise32.exe
    AddRemove-EyeCandy5Impact - c:\plugins\Plugins\ALIENS~1\EYECAN~2\Unwise32.exe
    AddRemove-Filter Forge Freepack 5 - Hearts_is1 - c:\e backup\PlugIns\Filter Forge Freepack 5 - Hearts\unins000.exe
    AddRemove-Jump Flip - c:\program files\Jump Flip\JumpFlipuninstall.exe
    AddRemove-{1B141C01-6491-45C1-BF2F-3FE6BF1FFE7C}_is1 - c:\program files\ColourStudioDemo\unins000.exe
    AddRemove-{5cf7c628-f8bb-4aad-8135-c418d85f6128} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-10 11:55
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2014-01-10  11:58:31
    ComboFix-quarantined-files.txt  2014-01-10 17:58
    .
    Pre-Run: 277,005,139,968 bytes free
    Post-Run: 281,659,105,280 bytes free
    .
    - - End Of File - - FDF9CB2A17555B3ACF2A05A5A3686CEE
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#12
January 10, 2014, 07:35:36 PM
Good job!  I'd like to see another scan but first let's get Oracle Java updated. 

1.  Please uninstall Java(TM) 6 Update 31 and then install the latest version from here:  Java Version 7 Update 45.  (Note:  expect another Java update on or about January 14, 2014.)

2.  Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see:  How to change the file extension.
  • Click the Start Scan button.  Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.

    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
3.  How is your computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#13
January 10, 2014, 08:20:21 PM
14:13:58.0421 0x0610  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:14:25.0281 0x0610  ============================================================
14:14:25.0281 0x0610  Current date / time: 2014/01/10 14:14:25.0281
14:14:25.0281 0x0610  SystemInfo:
14:14:25.0281 0x0610 
14:14:25.0281 0x0610  OS Version: 5.1.2600 ServicePack: 3.0
14:14:25.0281 0x0610  Product type: Workstation
14:14:25.0281 0x0610  ComputerName: D1WPTGK1
14:14:25.0281 0x0610  UserName: USER
14:14:25.0281 0x0610  Windows directory: C:\WINDOWS
14:14:25.0281 0x0610  System windows directory: C:\WINDOWS
14:14:25.0281 0x0610  Processor architecture: Intel x86
14:14:25.0281 0x0610  Number of processors: 2
14:14:25.0281 0x0610  Page size: 0x1000
14:14:25.0281 0x0610  Boot type: Normal boot
14:14:25.0281 0x0610  ============================================================
14:14:25.0578 0x0610  KLMD registered as C:\WINDOWS\system32\drivers\82615509.sys
14:14:26.0015 0x0610  System UUID: {608D9F43-4C8D-1FA6-CAD4-F0FA23393D13}
14:14:27.0312 0x0610  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:14:27.0328 0x0610  ============================================================
14:14:27.0328 0x0610  \Device\Harddisk0\DR0:
14:14:27.0328 0x0610  MBR partitions:
14:14:27.0328 0x0610  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3A371830
14:14:27.0328 0x0610  ============================================================
14:14:27.0375 0x0610  C: <-> \Device\Harddisk0\DR0\Partition1
14:14:27.0375 0x0610  ============================================================
14:14:27.0375 0x0610  Initialize success
14:14:27.0375 0x0610  ============================================================
14:14:31.0015 0x065c  ============================================================
14:14:31.0015 0x065c  Scan started
14:14:31.0015 0x065c  Mode: Manual;
14:14:31.0015 0x065c  ============================================================
14:14:31.0015 0x065c  KSN ping started
14:14:31.0328 0x065c  KSN ping finished: true
14:14:31.0625 0x065c  ================ Scan system memory ========================
14:14:33.0218 0x065c  System memory - ok
14:14:33.0218 0x065c  ================ Scan services =============================
14:14:33.0578 0x065c  Abiosdsk - ok
14:14:33.0625 0x065c  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:14:33.0625 0x065c  abp480n5 - ok
14:14:33.0765 0x065c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:14:33.0765 0x065c  ACPI - ok
14:14:33.0781 0x065c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:14:33.0781 0x065c  ACPIEC - ok
14:14:33.0875 0x065c  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:14:33.0890 0x065c  AdobeFlashPlayerUpdateSvc - ok
14:14:33.0953 0x065c  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:14:33.0953 0x065c  adpu160m - ok
14:14:34.0000 0x065c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:14:34.0015 0x065c  aec - ok
14:14:34.0078 0x065c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:14:34.0078 0x065c  AFD - ok
14:14:34.0109 0x065c  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:14:34.0109 0x065c  agp440 - ok
14:14:34.0125 0x065c  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:14:34.0125 0x065c  agpCPQ - ok
14:14:34.0140 0x065c  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:14:34.0140 0x065c  Aha154x - ok
14:14:34.0140 0x065c  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:14:34.0156 0x065c  aic78u2 - ok
14:14:34.0187 0x065c  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:14:34.0187 0x065c  aic78xx - ok
14:14:34.0468 0x065c  [ BBE9054FDADC8D49D29C5DA4FB84A803, 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF ] Akamai          c:\program files\common files\akamai/netsession_win_8fa3539.dll
14:14:34.0468 0x065c  Suspicious file ( Hidden ): c:\program files\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803, sha256: 4315C1D7DBD35A80E25F15B45587AA76F6E9FCDC617B5ABF62301570771066AF
14:14:34.0468 0x065c  Akamai - detected HiddenFile.Multi.Generic ( 1 )
14:14:34.0828 0x065c  Detect skipped due to KSN trusted
14:14:34.0828 0x065c  Akamai - ok
14:14:34.0859 0x065c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:14:34.0875 0x065c  Alerter - ok
14:14:34.0906 0x065c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
14:14:34.0906 0x065c  ALG - ok
14:14:34.0937 0x065c  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:14:34.0937 0x065c  AliIde - ok
14:14:34.0984 0x065c  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:14:34.0984 0x065c  alim1541 - ok
14:14:34.0984 0x065c  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:14:34.0984 0x065c  amdagp - ok
14:14:35.0015 0x065c  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
14:14:35.0015 0x065c  amsint - ok
14:14:35.0125 0x065c  [ BEF294FFE5F40BE768BDCBE1837DFABE, A5EBC3289758E2E152BA1571BB288FA33D7E2D23FE715CB51D39992369FDFC19 ] APNMCP          C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
14:14:35.0125 0x065c  APNMCP - ok
14:14:35.0140 0x065c  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:14:35.0140 0x065c  AppMgmt - ok
14:14:35.0156 0x065c  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
14:14:35.0171 0x065c  asc - ok
14:14:35.0171 0x065c  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:14:35.0187 0x065c  asc3350p - ok
14:14:35.0187 0x065c  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:14:35.0187 0x065c  asc3550 - ok
14:14:35.0312 0x065c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:14:35.0328 0x065c  aspnet_state - ok
14:14:35.0359 0x065c  [ 0C83FC56707BF68DB04947052A8188B1, 7F91E45B10D434FD4670E0E00E58E0356B9CC25036601E031D45484D8547ACBC ] ASTSRV          C:\WINDOWS\system32\ASTSRV.EXE
14:14:35.0359 0x065c  ASTSRV - ok
14:14:35.0375 0x065c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:14:35.0390 0x065c  AsyncMac - ok
14:14:35.0406 0x065c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:14:35.0406 0x065c  atapi - ok
14:14:35.0406 0x065c  Atdisk - ok
14:14:35.0453 0x065c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:14:35.0453 0x065c  Atmarpc - ok
14:14:35.0484 0x065c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:14:35.0500 0x065c  AudioSrv - ok
14:14:35.0500 0x065c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:14:35.0515 0x065c  audstub - ok
14:14:35.0515 0x065c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:14:35.0515 0x065c  Beep - ok
14:14:35.0578 0x065c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:14:35.0625 0x065c  BITS - ok
14:14:35.0671 0x065c  [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:14:35.0671 0x065c  Bonjour Service - ok
14:14:35.0718 0x065c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
14:14:35.0718 0x065c  Browser - ok
14:14:35.0875 0x065c  catchme - ok
14:14:35.0921 0x065c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:14:35.0921 0x065c  cbidf - ok
14:14:35.0921 0x065c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:14:35.0921 0x065c  cbidf2k - ok
14:14:35.0953 0x065c  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:14:35.0953 0x065c  cd20xrnt - ok
14:14:35.0984 0x065c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:14:35.0984 0x065c  Cdaudio - ok
14:14:36.0000 0x065c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:14:36.0000 0x065c  Cdfs - ok
14:14:36.0046 0x065c  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:14:36.0046 0x065c  Cdrom - ok
14:14:36.0062 0x065c  Changer - ok
14:14:36.0109 0x065c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:14:36.0109 0x065c  CiSvc - ok
14:14:36.0125 0x065c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:14:36.0140 0x065c  ClipSrv - ok
14:14:36.0218 0x065c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:36.0250 0x065c  clr_optimization_v2.0.50727_32 - ok
14:14:36.0281 0x065c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:36.0312 0x065c  clr_optimization_v4.0.30319_32 - ok
14:14:36.0359 0x065c  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:14:36.0359 0x065c  CmdIde - ok
14:14:36.0359 0x065c  COMSysApp - ok
14:14:36.0390 0x065c  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:14:36.0390 0x065c  Cpqarray - ok
14:14:36.0390 0x065c  cpuz132 - ok
14:14:36.0421 0x065c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:14:36.0421 0x065c  CryptSvc - ok
14:14:36.0453 0x065c  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:14:36.0453 0x065c  dac2w2k - ok
14:14:36.0500 0x065c  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:14:36.0500 0x065c  dac960nt - ok
14:14:36.0562 0x065c  [ FCAD241DEA0005135DBDF5D77EC7919D, 8B67DA9D4623204EF71BA35ADD1A9882A25E8B990E8ECC1034B64D1DA6C5BCD4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:14:36.0562 0x065c  DcomLaunch - ok
14:14:36.0609 0x065c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:14:36.0609 0x065c  Dhcp - ok
14:14:36.0687 0x065c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:14:36.0687 0x065c  Disk - ok
14:14:36.0703 0x065c  [ A0500678A33802D8954153839301D539, C0EC7164985DD805A08EC13D30E2596017AF76C97BD912A635AEEF1762D49564 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
14:14:36.0718 0x065c  DLABMFSM - ok
14:14:36.0734 0x065c  [ B8D2F68CAC54D46281399F9092644794, A5CEA410D0EEB6A3E1FC003DEFB2E5DAE8761CCC280B741306E3D7AA5D57EDF3 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
14:14:36.0734 0x065c  DLABOIOM - ok
14:14:36.0750 0x065c  [ 0EE93AB799D1CB4EC90B36F3612FE907, 8BEAC6C686429F67D9147E8D1E675F9E993650F8037DE6D9A9829784E8116C6F ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:14:36.0750 0x065c  DLACDBHM - ok
14:14:36.0750 0x065c  [ 87413B94AE1FABC117C4E8AE6725134E, 8B34AE7CB31DA7F215B5F94D74EBD7CDBB1B239763417BD1A43B2F21830074E0 ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
14:14:36.0750 0x065c  DLADResM - ok
14:14:36.0765 0x065c  [ 766A148235BE1C0039C974446E4C0EDC, C9823A75083BE88B5F35D09B0F188856F6FBE37098787E61F780D1950E1B8C63 ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
14:14:36.0765 0x065c  DLAIFS_M - ok
14:14:36.0765 0x065c  [ 38267CCA177354F1C64450A43A4F7627, DEC627B16BB13273ADD6F629CD99BB138081C276AD539206BBA8723092E7FEE0 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
14:14:36.0765 0x065c  DLAOPIOM - ok
14:14:36.0781 0x065c  [ FD363369FD313B46B5AEAB1A688B52E9, 67E8F268727555F2FA9EACE32131A924DC164ADAED320AF5999B5647701EC0E7 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
14:14:36.0781 0x065c  DLAPoolM - ok
14:14:36.0781 0x065c  [ 336AE18F0912EF4FBE5518849E004D74, 652F47AF0401B8EE8303B3D3113B87C18313EFA0F4F20793A140411CD6984F22 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:14:36.0781 0x065c  DLARTL_M - ok
14:14:36.0796 0x065c  [ FD85F682C1CC2A7CA878C7A448E6D87E, FF63F13DD5203B262A7CC442CD8CC9E7611BB246DC5E79676379742B88E1B0DD ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
14:14:36.0796 0x065c  DLAUDFAM - ok
14:14:36.0796 0x065c  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0, 58D4A7886FD114E65D5B2E80F451160A5092FF91A81CED314F959E51A8F98BFE ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
14:14:36.0796 0x065c  DLAUDF_M - ok
14:14:36.0812 0x065c  dmadmin - ok
14:14:36.0859 0x065c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:14:36.0906 0x065c  dmboot - ok
14:14:36.0906 0x065c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:14:36.0921 0x065c  dmio - ok
14:14:36.0921 0x065c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:14:36.0921 0x065c  dmload - ok
14:14:36.0968 0x065c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:14:36.0968 0x065c  dmserver - ok
14:14:37.0015 0x065c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:14:37.0015 0x065c  DMusic - ok
14:14:37.0062 0x065c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:14:37.0062 0x065c  Dnscache - ok
14:14:37.0078 0x065c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:14:37.0093 0x065c  Dot3svc - ok
14:14:37.0125 0x065c  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:14:37.0125 0x065c  dpti2o - ok
14:14:37.0156 0x065c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:14:37.0156 0x065c  drmkaud - ok
14:14:37.0203 0x065c  [ 5D3B71BB2BB0009D65D290E2EF374BD3, 8D3A6164654975CEB85306A9FA24C554BD8BDF786CB8AC670D2E1314C567EF0A ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:14:37.0203 0x065c  DRVMCDB - ok
14:14:37.0218 0x065c  [ C591BA9F96F40A1FD6494DAFDCD17185, 645BAACFF58131674559959B594FC7DB2400F1009FC0338C4AD54CB41B0B384C ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:14:37.0218 0x065c  DRVNDDM - ok
14:14:37.0250 0x065c  [ 0C51F1D7A7501FC948D35AE0FDE764A5, 18AD67B2E5BDED5C322B4649CF51F5DAC0BB89F342A2FE7BE1D43A942F135CCD ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
14:14:37.0250 0x065c  eamon - ok
14:14:37.0281 0x065c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:14:37.0281 0x065c  EapHost - ok
14:14:37.0328 0x065c  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
14:14:37.0328 0x065c  ehdrv - ok
14:14:37.0468 0x065c  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
14:14:37.0500 0x065c  ekrn - ok
14:14:37.0546 0x065c  [ 8727A2182BBCD588E255C60C1AA7B357, DD6FA861FD2B8C58DA07CB815CD04AA1381924E2EA5613AC18B7FF3F628B1711 ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
14:14:37.0546 0x065c  epfwtdir - ok
14:14:37.0562 0x065c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:14:37.0562 0x065c  ERSvc - ok
14:14:37.0625 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
14:14:37.0625 0x065c  Eventlog - ok
14:14:37.0671 0x065c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
14:14:37.0687 0x065c  EventSystem - ok
14:14:37.0734 0x065c  [ 3EF58F2EAE3AECAB45D682152DB2F67D, 61A0904D27572B1129B17CE073AEBF30E26398D8B9BD8279458D1A4363555467 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
14:14:37.0734 0x065c  exFat - ok
14:14:37.0781 0x065c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:14:37.0781 0x065c  Fastfat - ok
14:14:37.0843 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:14:37.0843 0x065c  FastUserSwitchingCompatibility - ok
14:14:37.0921 0x065c  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
14:14:37.0937 0x065c  Fax - ok
14:14:37.0984 0x065c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:14:37.0984 0x065c  Fdc - ok
14:14:38.0015 0x065c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:14:38.0015 0x065c  Fips - ok
14:14:38.0031 0x065c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:14:38.0031 0x065c  Flpydisk - ok
14:14:38.0093 0x065c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:14:38.0093 0x065c  FltMgr - ok
14:14:38.0171 0x065c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:14:38.0171 0x065c  FontCache3.0.0.0 - ok
14:14:38.0203 0x065c  [ C865B83411D7347627A4BEEC22543FB1, 40F2232892CABF192903DA148ABD359F6FC0C5A21AC0B61EDC011C7CC4AA54BF ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:14:38.0203 0x065c  Fs_Rec - ok
14:14:38.0203 0x065c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:14:38.0203 0x065c  Ftdisk - ok
14:14:38.0296 0x065c  [ 78A907FCD6AFA1E255FDDBBA43F3A695, D21EE771CCFF7D45069AE3DDB20EA31310C652C36AFE39B92DE41A4C8CAAE8C1 ] FullImagingService c:\documents and settings\all users\application data\Clickfree\FullImagingBackup\FullImagingService.exe
14:14:38.0296 0x065c  FullImagingService - ok
14:14:38.0406 0x065c  [ CFD54D70F76E84E1E737AE1140FBC5C0, 29B71794842FDFEC1512EAD8E298E2D0568E062A119141F7C309CC8910C6BA9C ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
14:14:38.0406 0x065c  Garmin Core Update Service - ok
14:14:38.0453 0x065c  [ CE8F5B65D6CFE435FB9BF875EDA99D55, D47D6A64BDEA5215CC87F5379640E9671A2FCE8B9F2C13019855B6F438A66568 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
14:14:38.0468 0x065c  getPlusHelper - ok
14:14:38.0500 0x065c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:14:38.0531 0x065c  Gpc - ok
14:14:38.0546 0x065c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:14:38.0546 0x065c  HDAudBus - ok
14:14:38.0625 0x065c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:14:38.0625 0x065c  helpsvc - ok
14:14:38.0671 0x065c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:14:38.0671 0x065c  HidServ - ok
14:14:38.0687 0x065c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:14:38.0687 0x065c  hidusb - ok
14:14:38.0718 0x065c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:14:38.0718 0x065c  hkmsvc - ok
14:14:38.0734 0x065c  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
14:14:38.0734 0x065c  hpn - ok
14:14:38.0781 0x065c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:14:38.0781 0x065c  HTTP - ok
14:14:38.0828 0x065c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:14:38.0828 0x065c  HTTPFilter - ok
14:14:38.0875 0x065c  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
14:14:38.0875 0x065c  i2omgmt - ok
14:14:38.0890 0x065c  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:14:38.0890 0x065c  i2omp - ok
14:14:38.0921 0x065c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:14:38.0937 0x065c  i8042prt - ok
14:14:39.0031 0x065c  [ 52E8A3CC8269ADB27D25182284C5E650, 2D33F0B461C8C0B929E5CE1A3293437BC55E6F61134872558F9BB1F1097AFE34 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:14:39.0046 0x065c  IAANTMON - ok
14:14:39.0343 0x065c  [ 2DA364EE62D4949620B6FAE4FFEA16A7, 90A462558074E4503EBD025301E7F32A71CB88D20AA41B06EBB2D177906A3D54 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:14:39.0468 0x065c  ialm - ok
14:14:39.0500 0x065c  [ 71ECC07BC7C5E24C3DD01D8A29A24054, 03BB7E80212B038E26B439F41D757152B00CBC5E20ADE54B0FC903B199B73E88 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
14:14:39.0500 0x065c  iaStor - ok
14:14:39.0593 0x065c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:14:39.0625 0x065c  IDriverT - ok
14:14:39.0703 0x065c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:14:39.0750 0x065c  idsvc - ok
14:14:39.0796 0x065c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:14:39.0796 0x065c  Imapi - ok
14:14:39.0843 0x065c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:14:39.0843 0x065c  ImapiService - ok
14:14:39.0890 0x065c  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:14:39.0890 0x065c  ini910u - ok
14:14:40.0093 0x065c  [ 5C8F36CDCB489111B24003AF4DFE1FDC, 38272780B9852051A6E3D36D77CEC94EA68B636650A71E977BF481FB3E80351C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:14:40.0203 0x065c  IntcAzAudAddService - ok
14:14:40.0234 0x065c  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:14:40.0234 0x065c  IntelIde - ok
14:14:40.0265 0x065c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:14:40.0265 0x065c  intelppm - ok
14:14:40.0281 0x065c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:14:40.0281 0x065c  Ip6Fw - ok
14:14:40.0328 0x065c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:14:40.0328 0x065c  IpFilterDriver - ok
14:14:40.0359 0x065c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:14:40.0359 0x065c  IpInIp - ok
14:14:40.0375 0x065c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:14:40.0375 0x065c  IpNat - ok
14:14:40.0406 0x065c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:14:40.0406 0x065c  IPSec - ok
14:14:40.0437 0x065c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:14:40.0437 0x065c  IRENUM - ok
14:14:40.0468 0x065c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:14:40.0468 0x065c  isapnp - ok
14:14:40.0640 0x065c  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:14:40.0640 0x065c  JavaQuickStarterService - ok
14:14:40.0671 0x065c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:14:40.0671 0x065c  Kbdclass - ok
14:14:40.0687 0x065c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:14:40.0687 0x065c  kbdhid - ok
14:14:40.0703 0x065c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:14:40.0703 0x065c  kmixer - ok
14:14:40.0843 0x065c  [ 140692763A50BFFF322CDC076300587E, 4B6D9AE479EDDB429C1DE36406517FA65C2B3927B20792B3A27CEE05A6B7A3AB ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
14:14:40.0859 0x065c  Kodak AiO Network Discovery Service - ok
14:14:40.0906 0x065c  [ E29F999616D7C08B0E91296908C47CAF, 285594B526A15911238B89E5FCBCFFA48A6C69CCC481918D2C474C6BB12869E6 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
14:14:40.0937 0x065c  Kodak AiO Status Monitor Service - ok
14:14:41.0000 0x065c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:14:41.0000 0x065c  KSecDD - ok
14:14:41.0031 0x065c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:14:41.0031 0x065c  LanmanServer - ok
14:14:41.0062 0x065c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:14:41.0062 0x065c  lanmanworkstation - ok
14:14:41.0078 0x065c  lbrtfdc - ok
14:14:41.0109 0x065c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:14:41.0109 0x065c  LmHosts - ok
14:14:41.0140 0x065c  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:14:41.0156 0x065c  MBAMProtector - ok
14:14:41.0265 0x065c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:14:41.0281 0x065c  MBAMScheduler - ok
14:14:41.0312 0x065c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:14:41.0343 0x065c  MBAMService - ok
14:14:41.0375 0x065c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:14:41.0390 0x065c  Messenger - ok
14:14:41.0421 0x065c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:14:41.0421 0x065c  mnmdd - ok
14:14:41.0468 0x065c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:14:41.0468 0x065c  mnmsrvc - ok
14:14:41.0484 0x065c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:14:41.0500 0x065c  Modem - ok
14:14:41.0515 0x065c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:14:41.0515 0x065c  Mouclass - ok
14:14:41.0531 0x065c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:14:41.0531 0x065c  mouhid - ok
14:14:41.0531 0x065c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:14:41.0531 0x065c  MountMgr - ok
14:14:41.0593 0x065c  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:14:41.0593 0x065c  MozillaMaintenance - ok
14:14:41.0640 0x065c  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:14:41.0640 0x065c  mraid35x - ok
14:14:41.0656 0x065c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:14:41.0656 0x065c  MRxDAV - ok
14:14:41.0734 0x065c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:14:41.0750 0x065c  MRxSmb - ok
14:14:41.0781 0x065c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:14:41.0796 0x065c  MSDTC - ok
14:14:41.0796 0x065c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:14:41.0796 0x065c  Msfs - ok
14:14:41.0796 0x065c  MSIServer - ok
14:14:41.0843 0x065c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:14:41.0843 0x065c  MSKSSRV - ok
14:14:41.0843 0x065c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:14:41.0843 0x065c  MSPCLOCK - ok
14:14:41.0859 0x065c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:14:41.0859 0x065c  MSPQM - ok
14:14:41.0890 0x065c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:14:41.0890 0x065c  mssmbios - ok
14:14:41.0921 0x065c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:14:41.0921 0x065c  Mup - ok
14:14:41.0953 0x065c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:14:41.0968 0x065c  napagent - ok
14:14:42.0000 0x065c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:14:42.0015 0x065c  NDIS - ok
14:14:42.0046 0x065c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:14:42.0046 0x065c  NdisTapi - ok
14:14:42.0093 0x065c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:14:42.0093 0x065c  Ndisuio - ok
14:14:42.0093 0x065c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:14:42.0109 0x065c  NdisWan - ok
14:14:42.0125 0x065c  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:14:42.0125 0x065c  NDProxy - ok
14:14:42.0140 0x065c  Nero BackItUp Scheduler 4.0 - ok
14:14:42.0171 0x065c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:14:42.0171 0x065c  NetBIOS - ok
14:14:42.0187 0x065c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:14:42.0187 0x065c  NetBT - ok
14:14:42.0218 0x065c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:14:42.0218 0x065c  NetDDE - ok
14:14:42.0218 0x065c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:14:42.0234 0x065c  NetDDEdsdm - ok
14:14:42.0265 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:14:42.0265 0x065c  Netlogon - ok
14:14:42.0312 0x065c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
14:14:42.0328 0x065c  Netman - ok
14:14:42.0359 0x065c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:14:42.0375 0x065c  NetTcpPortSharing - ok
14:14:42.0406 0x065c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:14:42.0421 0x065c  Nla - ok
14:14:42.0453 0x065c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:14:42.0453 0x065c  Npfs - ok
14:14:42.0515 0x065c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:14:42.0546 0x065c  Ntfs - ok
14:14:42.0546 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:14:42.0546 0x065c  NtLmSsp - ok
14:14:42.0593 0x065c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:14:42.0609 0x065c  NtmsSvc - ok
14:14:42.0640 0x065c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:14:42.0640 0x065c  Null - ok
14:14:42.0656 0x065c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:14:42.0656 0x065c  NwlnkFlt - ok
14:14:42.0671 0x065c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:14:42.0671 0x065c  NwlnkFwd - ok
14:14:42.0781 0x065c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:14:42.0796 0x065c  odserv - ok
14:14:42.0843 0x065c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:14:42.0859 0x065c  ose - ok
14:14:42.0890 0x065c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:14:42.0906 0x065c  Parport - ok
14:14:42.0953 0x065c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:14:42.0953 0x065c  PartMgr - ok
14:14:42.0984 0x065c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:14:42.0984 0x065c  ParVdm - ok
14:14:42.0984 0x065c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:14:42.0984 0x065c  PCI - ok
14:14:43.0000 0x065c  PCIDump - ok
14:14:43.0031 0x065c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:14:43.0031 0x065c  PCIIde - ok
14:14:43.0062 0x065c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:14:43.0062 0x065c  Pcmcia - ok
14:14:43.0078 0x065c  pctplsg - ok
14:14:43.0078 0x065c  PDCOMP - ok
14:14:43.0078 0x065c  PDFRAME - ok
14:14:43.0078 0x065c  PDRELI - ok
14:14:43.0093 0x065c  PDRFRAME - ok
14:14:43.0109 0x065c  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
14:14:43.0109 0x065c  perc2 - ok
14:14:43.0125 0x065c  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:14:43.0125 0x065c  perc2hib - ok
14:14:43.0156 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:14:43.0171 0x065c  PlugPlay - ok
14:14:43.0203 0x065c  [ DCDF0421A1C14F2923E298A30FD7636D, 7C2007A349E86105952816211F3F23D4983E5B43C38AAA062EFBCF10DC4DCA83 ] Point32         C:\WINDOWS\system32\DRIVERS\point32.sys
14:14:43.0203 0x065c  Point32 - ok
14:14:43.0203 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:14:43.0203 0x065c  PolicyAgent - ok
14:14:43.0250 0x065c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:14:43.0281 0x065c  PptpMiniport - ok
14:14:43.0296 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:14:43.0296 0x065c  ProtectedStorage - ok
14:14:43.0328 0x065c  [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
14:14:43.0343 0x065c  ProtexisLicensing - ok
14:14:43.0343 0x065c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:14:43.0343 0x065c  PSched - ok
14:14:43.0359 0x065c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:14:43.0359 0x065c  Ptilink - ok
14:14:43.0406 0x065c  [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:14:43.0406 0x065c  PxHelp20 - ok
14:14:43.0437 0x065c  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:14:43.0437 0x065c  ql1080 - ok
14:14:43.0468 0x065c  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:14:43.0468 0x065c  Ql10wnt - ok
14:14:43.0515 0x065c  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:14:43.0515 0x065c  ql12160 - ok
14:14:43.0515 0x065c  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:14:43.0531 0x065c  ql1240 - ok
14:14:43.0531 0x065c  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:14:43.0546 0x065c  ql1280 - ok
14:14:43.0562 0x065c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:14:43.0578 0x065c  RasAcd - ok
14:14:43.0609 0x065c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:14:43.0609 0x065c  RasAuto - ok
14:14:43.0640 0x065c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:14:43.0640 0x065c  Rasl2tp - ok
14:14:43.0656 0x065c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:14:43.0656 0x065c  RasMan - ok
14:14:43.0656 0x065c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:14:43.0671 0x065c  RasPppoe - ok
14:14:43.0671 0x065c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:14:43.0671 0x065c  Raspti - ok
14:14:43.0718 0x065c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:14:43.0718 0x065c  Rdbss - ok
14:14:43.0750 0x065c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:14:43.0750 0x065c  RDPCDD - ok
14:14:43.0765 0x065c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:14:43.0781 0x065c  rdpdr - ok
14:14:43.0843 0x065c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:14:43.0859 0x065c  RDPWD - ok
14:14:43.0921 0x065c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:14:43.0937 0x065c  RDSessMgr - ok
14:14:43.0953 0x065c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:14:43.0953 0x065c  redbook - ok
14:14:44.0000 0x065c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:14:44.0000 0x065c  RemoteAccess - ok
14:14:44.0015 0x065c  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:14:44.0031 0x065c  RemoteRegistry - ok
14:14:44.0046 0x065c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:14:44.0062 0x065c  RpcLocator - ok
14:14:44.0093 0x065c  [ FCAD241DEA0005135DBDF5D77EC7919D, 8B67DA9D4623204EF71BA35ADD1A9882A25E8B990E8ECC1034B64D1DA6C5BCD4 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:14:44.0109 0x065c  RpcSs - ok
14:14:44.0125 0x065c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:14:44.0140 0x065c  RSVP - ok
14:14:44.0187 0x065c  [ E47C52F0380F0950E2BC9F1BCDC0DE9B, 8AC25B5F6F618DE8BAB3A3A795ECF05B4D45A00CBBB9527EA5F08FCF6E8651A7 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:14:44.0187 0x065c  RTLE8023xp - ok
14:14:44.0234 0x065c  [ 9F6B9F66223B1265ED66D005D93E539D, 5F7C38128147FA317A93394E998C146C38E5271C1EA3894F30DBE545BB79342A ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
14:14:44.0234 0x065c  RTLTEAMING - ok
14:14:44.0250 0x065c  [ 6EC43DC18746BB9B6DDEC4C99B15B6FC, 92AC8D03345774D55743F443EFBA0479EBFB995BFDBBBD06B630DAB5EF065D05 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
14:14:44.0250 0x065c  RTLVLAN - ok
14:14:44.0296 0x065c  [ 5FFD2AAF467B80FAB34929AFB7702060, FCBC04F23D522E959DE388AF2261EEDF28870E7ECA391E4940F14BFBC78AC0EF ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
14:14:44.0296 0x065c  RtNdPt5x - ok
14:14:44.0296 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:14:44.0296 0x065c  SamSs - ok
14:14:44.0328 0x065c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:14:44.0328 0x065c  SCardSvr - ok
14:14:44.0359 0x065c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:14:44.0359 0x065c  Schedule - ok
14:14:44.0406 0x065c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:14:44.0406 0x065c  Secdrv - ok
14:14:44.0437 0x065c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:14:44.0453 0x065c  seclogon - ok
14:14:44.0453 0x065c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
14:14:44.0453 0x065c  SENS - ok
14:14:44.0468 0x065c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:14:44.0468 0x065c  Serenum - ok
14:14:44.0484 0x065c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:14:44.0484 0x065c  Serial - ok
14:14:44.0500 0x065c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:14:44.0500 0x065c  Sfloppy - ok
14:14:44.0546 0x065c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:14:44.0562 0x065c  SharedAccess - ok
14:14:44.0578 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:14:44.0593 0x065c  ShellHWDetection - ok
14:14:44.0593 0x065c  Simbad - ok
14:14:44.0625 0x065c  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:14:44.0625 0x065c  sisagp - ok
14:14:44.0656 0x065c  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:14:44.0656 0x065c  Sparrow - ok
14:14:44.0671 0x065c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:14:44.0671 0x065c  splitter - ok
14:14:44.0718 0x065c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:14:44.0718 0x065c  Spooler - ok
14:14:44.0765 0x065c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:44.0765 0x065c  sr - ok

jemellin

#14
January 10, 2014, 08:30:45 PM
I am getting this message from Windows Security Alert about Akamai Net session client askine me if I still want to block it or unblocked it ??????
Computer is slow loading up my start area to the connection to the internet
Print
Go Up Pages1 2 3 ... 5
User actions