D COM Server NT Authority System problem

Started by jemellin, January 09, 2014, 04:04:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4 5
User actions

jemellin

#30
January 12, 2014, 07:54:58 PM
tried to run system look says it requires a script!! Doesn't run!

Corrine

#31
January 13, 2014, 04:40:27 PM
After launching SystemLook, you need to paste the text from the code box.
Code Select

:filefind
c:\windows\system32\sfzwurs.bjt
c:\windows\system32\hlgcv.fnq


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#32
January 13, 2014, 06:55:51 PM
I D/L to my desktop clicked on run then on Look box opens and says system error script required!

Corrine

#33
January 13, 2014, 07:09:10 PM
There is no "run" for SystemLook.  Clicking the downloaded file opens a box which you paste the code into and then click "Look".  Attached is an image of what it looks like.  Isn't this what you're seeing?  If not, can you attach a screen capture?



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#34
January 13, 2014, 07:26:42 PM
SystemLook 30.07.11 by jpshortstuff
Log created at 13:13 on 13/01/2014 by USER
Administrator - Elevation successful

========== filefind ==========

Searching for "c:\windows\system32\sfzwurs.bjt"
No files found.

Searching for "c:\windows\system32\hlgcv.fnq"
No files found.

-= EOF =-

Corrine

#35
January 13, 2014, 08:13:41 PM
That is what I was hoping for.  Excellent!  Thank you. 

I need to go back over your logs.  In the meantime, how is your computer now?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#36
January 13, 2014, 08:15:33 PM
Seems to be better so far today no shut down notices!!

Corrine

#37
January 13, 2014, 08:28:30 PM
That is good news!  Let's do some cleanup of a couple of left-overs.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

DDS:
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
BHO: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: PCTools Site Guard: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -
TB: Ask Toolbar: {4F524A2D-5637-4300-76A7-7A786E7484D7} -


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#38
January 13, 2014, 09:12:02 PM
ComboFix 14-01-08.03 - USER 01/13/2014  14:42:38.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2135 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-07 00:04 . 2014-01-07 00:04   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-13 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-13 14:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2692)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2014-01-13  14:46:32
    ComboFix-quarantined-files.txt  2014-01-13 20:46
    ComboFix2.txt  2014-01-10 17:58
    .
    Pre-Run: 283,390,758,912 bytes free
    Post-Run: 283,412,639,744 bytes free
    .
    - - End Of File - - FAD2A0C6EF11DC9785CA072AD3B75518
    CDB4DE4BBD714F152979DA2DCBEF57EB

jemellin

#39
January 13, 2014, 09:15:58 PM
I now noticed  that I have Google Chrome down on the right side of my task bar

Corrine

#40
January 13, 2014, 09:57:02 PM
Hi, jemellin.

Your very first post showed Google Chrome 31.0.1650.63 in SecurityCheck, although your last DDS log did not show it listed in installed programs.  Check installed programs to see if you missed unchecking the option when updating Java.

Is there some reason why you didn't allow ComboFix to update when prompted?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#41
January 13, 2014, 10:07:40 PM
Did not see chrome in my installed programs. About conbo fix how do I get it to update

Corrine

#42
January 13, 2014, 10:38:36 PM
That's ok.  I was just curious as seeing "reduced mode" in the log implies that there was an update offered. 

If you're willing to continue, we could try a different tool to see if it shows other signs of Google Chrome.  I say this because I looked back over your logs and saw adware removed from Chrome but not an actual installation.

If you don't wish to try & track it down, let me know and I'll provide other instructions for removing the tools we used.  To continue, do the following. 

Please download OTL by Old TimerSave it to your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#43
January 13, 2014, 11:12:52 PM
OTL logfile created on: 1/13/2014 4:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.20% Memory free
4.81 Gb Paging File | 4.03 Gb Available in Paging File | 83.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/08/22 13:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 09:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/02 16:29:04 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8e046b70030b67810579a40abda1e3aa\System.WorkflowServices.ni.dll
MOD - [2014/01/02 16:27:10 | 001,076,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\69a3f31684a38a4bb0581f969adb09f5\System.ServiceModel.Web.ni.dll
MOD - [2013/11/28 09:36:40 | 000,137,544 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\VssClientDll.dll
MOD - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
MOD - [2013/10/09 10:03:25 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:35:28 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 06:31:48 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\92e77253888dbd9c0bba085083619459\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 06:31:47 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\85a498bbd8b627f024494aff48293868\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 06:31:46 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b497fb14e3235ee6c29125b069dec168\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 06:31:46 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e9a7e4f157404d716b2da7e33d9b6530\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 06:31:43 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1adbc62df2ee2812328adaa2b29db646\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:31:25 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ff7a142f6b3bdfea11e82d43196c7611\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:30:27 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ed61ee6ddf10acbd36e8eef05639e6e8\System.Data.DataSetExtensions.ni.dll
MOD - [2013/10/09 06:30:09 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7a55f1a3264f1482d90d89faf722c32\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:30:08 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2317d10bd132b3b52081f90051e21afe\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:30:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:25:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\76be8eddc22a93ae3bb03e2429cec546\PresentationFramework.ni.dll
MOD - [2013/10/09 06:25:46 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/10/09 06:25:45 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:25:43 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\325d0892f38cfa9dc4dd834066b218de\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:25:33 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\545c9efd86994100a4397aaefc753d22\PresentationCore.ni.dll
MOD - [2013/10/09 06:25:33 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f4b3731e5bbead895061725c5fe89e74\System.Data.ni.dll
MOD - [2013/10/09 06:25:28 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 06:25:24 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\386c47ad5b7e82f3832a668b777c4756\WindowsBase.ni.dll
MOD - [2013/09/26 16:08:34 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll
MOD - [2013/09/26 16:08:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll
MOD - [2013/09/26 16:08:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll
MOD - [2013/09/26 16:08:29 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll
MOD - [2013/09/26 16:08:28 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll
MOD - [2013/09/26 16:08:28 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll
MOD - [2013/09/26 16:08:26 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll
MOD - [2013/09/26 16:08:25 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll
MOD - [2013/08/27 15:17:27 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78329ab1c7f5e92c6f2462188ad1de79\SMDiagnostics.ni.dll
MOD - [2013/08/15 10:23:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:23:34 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 10:22:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 10:22:13 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 04:15:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:15:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 04:15:27 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/15 04:15:17 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:15:13 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 04:13:30 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:13:05 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:12:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 09:34:54 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 09:32:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/07 18:07:02 | 000,113,664 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/01/06 16:01:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:42:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () [Auto | Running] -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/11 11:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/28 13:27:43 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/28 16:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/26 06:39:32 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/05 09:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 08:59:06 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/09 08:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{C62C35BF-E421-4F34-B607-1A2B73807829}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/12/02 14:01:55 | 000,000,000 | ---D | M]

[2010/12/28 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2014/01/10 11:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions
[2014/01/06 13:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\firefox@jumpflip.net.xpi
[2013/08/25 13:21:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 14:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/06 16:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/06 16:01:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/10 11:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..Trusted Domains: bestbuy.com ([www-ssl] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 16:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 15:02:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/13 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\ccd_APassionateFascination_ts
[2014/01/13 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Valentine dreams
[2014/01/12 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Toad ally in love with you
[2014/01/12 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Fin sigs
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfzwurs.bjt
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlgcv.fnq
[2014/01/10 14:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Sun
[2014/01/10 14:11:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:11:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/10 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/10 11:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/10 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DigitalSites
[2014/01/09 15:45:05 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 000,028,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:53 | 004,752,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:35:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder
[2014/01/09 13:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/09 13:05:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/09 13:05:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/09 13:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/09 13:05:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/09 13:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 13:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/06 18:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2014/01/06 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 18:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 18:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 17:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Slow cooker recipes
[2013/08/10 13:45:06 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\USER\Application Data\dotNetFx40_Full_setup.exe
[2010/09/03 20:09:59 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/09/03 20:09:59 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/09/03 20:09:59 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 16:40:35 | 001,656,352 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\76-2-JoelAdams_LilGrace.psd
[2014/01/13 16:40:23 | 003,236,018 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\PSPTUBESTOP_Faith_CarolMoore.psd
[2014/01/13 16:40:12 | 001,463,675 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\13-2-AnnaMarine.psd
[2014/01/13 16:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/13 16:22:21 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Jasc Paint Shop Pro 9.lnk
[2014/01/13 16:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 15:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/13 15:06:39 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 15:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 12:50:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
[2014/01/12 15:09:22 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2014/01/12 09:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 11:02:56 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/11 11:02:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/11 09:16:14 | 000,000,090 | ---- | M] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/10 14:11:19 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:15 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:15 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:15 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:07:34 | 000,505,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/10 14:07:34 | 000,089,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/10 11:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/09 15:45:05 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:03:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2014/01/09 15:01:22 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/01/09 13:07:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 15:18:38 | 000,978,236 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Start-Stop DCOM Server Process Launcher service in Windows 7 from Services, Regedit or CMD.mht
[2014/01/08 08:19:30 | 012,099,717 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/07 12:44:40 | 000,000,072 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2014/01/06 18:23:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 13:44:33 | 001,384,066 | ---- | M] () -- C:\Documents and Settings\US

jemellin

#44
January 13, 2014, 11:13:23 PM
OTL Extras logfile created on: 1/13/2014 4:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.20% Memory free
4.81 Gb Paging File | 4.03 Gb Available in Paging File | 83.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{06BA6321-B6FC-4A36-8571-B642404D22B6}" = Photobucket Backup
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}" = ESET NOD32 Antivirus
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228CEA74-6DD1-40B9-B95F-77273F4316B5}" = Desktop Restore
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E23DF0-7FAE-4DA2-9DA2-45B984AA742C}_is1" = CenturyLink QuickAssist Desktop Tools
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2F46CB46-5E2B-414D-882C-F8F51FF30C01}" = Auto FX Free
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31a12940-e5c8-4d27-a6ac-005212152f1f}" = Garmin Express
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369FA236-890F-4490-B607-092BC17E10CD}" = Elevated Installer
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{417F3E7E-C754-4707-BF5B-94750B83D58A}" = Garmin Express Tray
"{42B9D779-CF1F-478D-A393-950CE0E48177}" = Garmin Update Service
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) Download Manager for Corel
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{658AB1BF-9A07-4AAD-B6BB-7CADD2307C75}" = Garmin Express
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{817A0268-DEA8-421B-AD9B-92919BB97C6A}" = BJCS
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = IntelĀ® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}" = Dell Backup and Recovery Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B39DC03B-F2C0-4F7E-B1DD-328F73BD98FD}" = Font Thumbnail
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"abrMate_is1" = abrMate version 1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alien Skin Eye Candy 7" = Alien Skin Eye Candy 7
"AMP Font Viewer" = AMP Font Viewer
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"Clickfree Easy Image" = Clickfree Easy Image
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Exposure" = Alien Skin Exposure
"Eye Candy 4000" = Eye Candy 4000
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Filters Unlimited_is1" = Filters Unlimited 2.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PrintProjects" = PrintProjects
"SlimBrowser" = FlashPeak SlimBrowser
"Sqirlz Water Reflections" = Sqirlz Water Reflections
"Ulead Particle.Plugin 1.0" = Ulead Particle.Plugin 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex2" = Alien Skin Xenofex 2.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2014 12:03:56 PM | Computer Name = D1WPTGK1 | Source = Application Hang | ID = 1002
Description = Hanging application Paint Shop Pro 9.exe, version 9.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/10/2014 4:07:31 PM | Computer Name = D1WPTGK1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 26430, the bogus index value is the first  DWORD in Data section
while the last valid index values are the second and  third DWORD in Data section.

Error - 1/10/2014 4:07:31 PM | Computer Name = D1WPTGK1 | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The  Error code is the first DWORD in Data section.

Error - 1/10/2014 4:07:34 PM | Computer Name = D1WPTGK1 | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 26430, the bogus index value is the first  DWORD in Data section
while the last valid index values are the second and  third DWORD in Data section.

Error - 1/11/2014 5:05:45 PM | Computer Name = D1WPTGK1 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x5ad7a270.

Error - 1/11/2014 5:05:54 PM | Computer Name = D1WPTGK1 | Source = Application Error | ID = 1001
Description = Fault bucket 00000008.

Error - 1/12/2014 3:46:43 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

Error - 1/12/2014 3:46:44 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

Error - 1/12/2014 3:46:52 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

Error - 1/12/2014 3:46:57 PM | Computer Name = D1WPTGK1 | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 25001. The following applications must
be closed before continuing the uninstall:   Internet Explorer

[ System Events ]
Error - 1/13/2014 2:46:53 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the FullImagingService service
to connect.

Error - 1/13/2014 2:46:53 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7000
Description = The FullImagingService service failed to start due to the following
error:   %%1053

Error - 1/13/2014 2:48:23 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7022
Description = The ESET Service service hung on starting.

Error - 1/13/2014 2:48:23 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TfSysMon

Error - 1/13/2014 4:52:08 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error:   %%2

Error - 1/13/2014 4:52:08 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7024
Description = The Apache Tomcat service terminated with service-specific error 0
(0x0).

Error - 1/13/2014 4:52:23 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TfSysMon

Error - 1/13/2014 5:07:09 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error:   %%2

Error - 1/13/2014 5:07:09 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7024
Description = The Apache Tomcat service terminated with service-specific error 0
(0x0).

Error - 1/13/2014 5:07:28 PM | Computer Name = D1WPTGK1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   TfFsMon  TfSysMon


< End of report >
Print
Go Up Pages 1 2 3 4 5
User actions