D COM Server NT Authority System problem

Started by jemellin, January 09, 2014, 04:04:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3 4 5
User actions

Corrine

#45
January 13, 2014, 11:46:02 PM
Due to the length of the log, the end of OTL.txt got cut off.  Please locate the line below and copy/paste the content below that to the end.  (Click Edit > Find to search the log.)

[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.l


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#46
January 14, 2014, 01:03:57 AM
I cannot find do you want  me to rerun it?

jemellin

#47
January 14, 2014, 01:20:32 AM
OTL logfile created on: 1/13/2014 7:06:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.44% Memory free
4.81 Gb Paging File | 3.98 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/08/22 13:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 09:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/02 16:29:04 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8e046b70030b67810579a40abda1e3aa\System.WorkflowServices.ni.dll
MOD - [2014/01/02 16:27:10 | 001,076,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\69a3f31684a38a4bb0581f969adb09f5\System.ServiceModel.Web.ni.dll
MOD - [2013/11/28 09:36:40 | 000,137,544 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\VssClientDll.dll
MOD - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
MOD - [2013/10/09 10:03:25 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:35:28 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 06:31:48 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\92e77253888dbd9c0bba085083619459\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 06:31:47 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\85a498bbd8b627f024494aff48293868\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 06:31:46 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b497fb14e3235ee6c29125b069dec168\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 06:31:46 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e9a7e4f157404d716b2da7e33d9b6530\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 06:31:43 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1adbc62df2ee2812328adaa2b29db646\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:31:25 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ff7a142f6b3bdfea11e82d43196c7611\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:30:27 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ed61ee6ddf10acbd36e8eef05639e6e8\System.Data.DataSetExtensions.ni.dll
MOD - [2013/10/09 06:30:09 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7a55f1a3264f1482d90d89faf722c32\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:30:08 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2317d10bd132b3b52081f90051e21afe\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:30:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:25:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\76be8eddc22a93ae3bb03e2429cec546\PresentationFramework.ni.dll
MOD - [2013/10/09 06:25:46 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/10/09 06:25:45 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:25:43 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\325d0892f38cfa9dc4dd834066b218de\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:25:33 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\545c9efd86994100a4397aaefc753d22\PresentationCore.ni.dll
MOD - [2013/10/09 06:25:33 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f4b3731e5bbead895061725c5fe89e74\System.Data.ni.dll
MOD - [2013/10/09 06:25:28 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 06:25:24 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\386c47ad5b7e82f3832a668b777c4756\WindowsBase.ni.dll
MOD - [2013/09/26 16:08:34 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll
MOD - [2013/09/26 16:08:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll
MOD - [2013/09/26 16:08:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll
MOD - [2013/09/26 16:08:29 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll
MOD - [2013/09/26 16:08:28 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll
MOD - [2013/09/26 16:08:28 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll
MOD - [2013/09/26 16:08:26 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll
MOD - [2013/09/26 16:08:25 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll
MOD - [2013/08/27 15:17:27 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78329ab1c7f5e92c6f2462188ad1de79\SMDiagnostics.ni.dll
MOD - [2013/08/15 10:23:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:23:34 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 10:22:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 10:22:13 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 04:15:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:15:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 04:15:27 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/15 04:15:17 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:15:13 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 04:13:30 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:13:05 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:12:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 09:34:54 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 09:32:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/07 18:07:02 | 000,113,664 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/01/06 16:01:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:42:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () [Auto | Running] -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/11 11:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/28 13:27:43 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/28 16:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/26 06:39:32 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/05 09:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 08:59:06 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/09 08:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{C62C35BF-E421-4F34-B607-1A2B73807829}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/12/02 14:01:55 | 000,000,000 | ---D | M]

[2010/12/28 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2014/01/10 11:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions
[2014/01/06 13:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\firefox@jumpflip.net.xpi
[2013/08/25 13:21:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 14:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/06 16:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/06 16:01:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/10 11:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..Trusted Domains: bestbuy.com ([www-ssl] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 19:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\QTL folders
[2014/01/13 16:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 15:02:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/13 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\ccd_APassionateFascination_ts
[2014/01/13 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Valentine dreams
[2014/01/12 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Toad ally in love with you
[2014/01/12 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Fin sigs
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfzwurs.bjt
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlgcv.fnq
[2014/01/10 14:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Sun
[2014/01/10 14:11:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:11:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/10 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/10 11:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/10 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DigitalSites
[2014/01/09 15:45:05 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 000,028,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:53 | 004,752,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:35:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder
[2014/01/09 13:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/09 13:05:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/09 13:05:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/09 13:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/09 13:05:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/09 13:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 13:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/06 18:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2014/01/06 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 18:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 18:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 17:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Slow cooker recipes
[2013/08/10 13:45:06 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\USER\Application Data\dotNetFx40_Full_setup.exe
[2010/09/03 20:09:59 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/09/03 20:09:59 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/09/03 20:09:59 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 19:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 18:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/13 17:08:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 16:40:35 | 001,656,352 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\76-2-JoelAdams_LilGrace.psd
[2014/01/13 16:40:23 | 003,236,018 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\PSPTUBESTOP_Faith_CarolMoore.psd
[2014/01/13 16:40:12 | 001,463,675 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\13-2-AnnaMarine.psd
[2014/01/13 16:22:21 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Jasc Paint Shop Pro 9.lnk
[2014/01/13 15:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/13 15:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 12:50:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
[2014/01/12 15:09:22 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2014/01/12 09:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 11:02:56 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/11 11:02:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/11 09:16:14 | 000,000,090 | ---- | M] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/10 14:11:19 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:15 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:15 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:15 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:07:34 | 000,505,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/10 14:07:34 | 000,089,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/10 11:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/09 15:45:05 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:03:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2014/01/09 15:01:22 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/01/09 13:07:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 15:18:38 | 000,978,236 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Start-Stop DCOM Server Process Launcher service in Windows 7 from Services, Regedit or CMD.mht
[2014/01/08 08:19:30 | 012,099,717 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/07 12:44:40 | 000,000,072 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2014/01/06 18:23:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launc

jemellin

#48
January 14, 2014, 01:22:12 AM
OTL logfile created on: 1/13/2014 7:06:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\USER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.44% Memory free
4.81 Gb Paging File | 3.98 Gb Available in Paging File | 82.87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.72 Gb Total Space | 264.06 Gb Free Space | 56.70% Space Free | Partition Type: NTFS

Computer Name: D1WPTGK1 | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/08/22 13:00:26 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 09:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/02 16:29:04 | 001,228,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\8e046b70030b67810579a40abda1e3aa\System.WorkflowServices.ni.dll
MOD - [2014/01/02 16:27:10 | 001,076,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\69a3f31684a38a4bb0581f969adb09f5\System.ServiceModel.Web.ni.dll
MOD - [2013/11/28 09:36:40 | 000,137,544 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\VssClientDll.dll
MOD - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe
MOD - [2013/10/09 10:03:25 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:35:28 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 06:31:48 | 000,373,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\92e77253888dbd9c0bba085083619459\System.ServiceModel.Routing.ni.dll
MOD - [2013/10/09 06:31:47 | 001,153,536 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\85a498bbd8b627f024494aff48293868\System.ServiceModel.Discovery.ni.dll
MOD - [2013/10/09 06:31:46 | 001,548,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b497fb14e3235ee6c29125b069dec168\System.ServiceModel.Activities.ni.dll
MOD - [2013/10/09 06:31:46 | 000,084,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\e9a7e4f157404d716b2da7e33d9b6530\System.ServiceModel.Channels.ni.dll
MOD - [2013/10/09 06:31:43 | 018,150,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1adbc62df2ee2812328adaa2b29db646\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:31:25 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ff7a142f6b3bdfea11e82d43196c7611\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:30:27 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\ed61ee6ddf10acbd36e8eef05639e6e8\System.Data.DataSetExtensions.ni.dll
MOD - [2013/10/09 06:30:09 | 001,031,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7a55f1a3264f1482d90d89faf722c32\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:30:08 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2317d10bd132b3b52081f90051e21afe\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:30:06 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:25:50 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\76be8eddc22a93ae3bb03e2429cec546\PresentationFramework.ni.dll
MOD - [2013/10/09 06:25:46 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/10/09 06:25:45 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 06:25:43 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\325d0892f38cfa9dc4dd834066b218de\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:25:33 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\545c9efd86994100a4397aaefc753d22\PresentationCore.ni.dll
MOD - [2013/10/09 06:25:33 | 006,866,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f4b3731e5bbead895061725c5fe89e74\System.Data.ni.dll
MOD - [2013/10/09 06:25:28 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
MOD - [2013/10/09 06:25:24 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\386c47ad5b7e82f3832a668b777c4756\WindowsBase.ni.dll
MOD - [2013/09/26 16:08:34 | 000,292,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll
MOD - [2013/09/26 16:08:30 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll
MOD - [2013/09/26 16:08:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll
MOD - [2013/09/26 16:08:29 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll
MOD - [2013/09/26 16:08:28 | 000,862,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll
MOD - [2013/09/26 16:08:28 | 000,181,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll
MOD - [2013/09/26 16:08:26 | 000,081,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll
MOD - [2013/09/26 16:08:25 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll
MOD - [2013/08/27 15:17:27 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78329ab1c7f5e92c6f2462188ad1de79\SMDiagnostics.ni.dll
MOD - [2013/08/15 10:23:55 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:23:34 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
MOD - [2013/08/15 10:22:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/15 10:22:13 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/15 04:15:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:15:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/15 04:15:27 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/15 04:15:17 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/15 04:15:13 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/08/15 04:13:30 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:13:05 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:12:58 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 09:34:54 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 09:32:15 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/09/07 18:07:02 | 000,113,664 | ---- | M] () -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll
MOD - [2007/10/30 18:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007/07/23 14:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2014/01/10 14:11:17 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/01/06 16:01:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:42:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/28 09:36:26 | 000,235,848 | R--- | M] () [Auto | Running] -- c:\Documents and Settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe -- (FullImagingService)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/08/22 13:00:04 | 000,220,504 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/15 14:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 12:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/09/11 11:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/01/28 13:27:43 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/19 11:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/28 16:39:38 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] --  -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\USER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/26 06:39:32 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/09/17 15:17:38 | 000,184,664 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,118,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/06/05 09:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/16 12:35:06 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2009/02/16 08:59:06 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2008/08/18 16:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/09 08:11:34 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\SearchScopes\{C62C35BF-E421-4F34-B607-1A2B73807829}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/12/02 14:01:55 | 000,000,000 | ---D | M]

[2010/12/28 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2014/01/10 11:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions
[2014/01/06 13:32:46 | 000,007,376 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\firefox@jumpflip.net.xpi
[2013/08/25 13:21:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2014/01/10 14:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/06 16:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/06 16:01:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/10 11:55:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [Akamai NetSession Interface] C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: New Value #1 = 0
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..Trusted Domains: bestbuy.com ([www-ssl] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260473224875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344974532109 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/13 19:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\QTL folders
[2014/01/13 16:42:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 15:02:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/13 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\ccd_APassionateFascination_ts
[2014/01/13 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Valentine dreams
[2014/01/12 17:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\Toad ally in love with you
[2014/01/12 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Fin sigs
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfzwurs.bjt
[2014/01/12 09:28:06 | 000,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlgcv.fnq
[2014/01/10 14:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Sun
[2014/01/10 14:11:38 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:38 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:11:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/01/10 14:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2014/01/10 11:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/10 10:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DigitalSites
[2014/01/09 15:45:05 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 000,028,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:53 | 004,752,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | C] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | C] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:35:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/09 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Desktop\New Folder
[2014/01/09 13:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/09 13:05:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/09 13:05:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/09 13:05:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/09 13:05:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/09 13:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 13:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/06 18:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes
[2014/01/06 18:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 18:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 18:23:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 16:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 17:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Slow cooker recipes
[2013/08/10 13:45:06 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\USER\Application Data\dotNetFx40_Full_setup.exe
[2010/09/03 20:09:59 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2010/09/03 20:09:59 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2010/09/03 20:09:59 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/13 19:08:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 18:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/13 17:08:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 16:42:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2014/01/13 16:40:35 | 001,656,352 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\76-2-JoelAdams_LilGrace.psd
[2014/01/13 16:40:23 | 003,236,018 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\PSPTUBESTOP_Faith_CarolMoore.psd
[2014/01/13 16:40:12 | 001,463,675 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\13-2-AnnaMarine.psd
[2014/01/13 16:22:21 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Jasc Paint Shop Pro 9.lnk
[2014/01/13 15:07:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/13 15:06:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 12:50:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
[2014/01/12 15:09:22 | 000,000,011 | ---- | M] () -- C:\WINDOWS\3DShadow.INI
[2014/01/12 09:36:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/11 11:02:56 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/11 11:02:13 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/11 09:16:14 | 000,000,090 | ---- | M] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/10 14:11:19 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/01/10 14:11:15 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/01/10 14:11:15 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/01/10 14:11:15 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/01/10 14:11:15 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/01/10 14:07:34 | 000,505,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/10 14:07:34 | 000,089,568 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/10 11:55:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/09 15:45:05 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys.bak
[2014/01/09 15:45:05 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmilib.sys.bak
[2014/01/09 15:45:04 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\vdmindvd.sys.bak
[2014/01/09 15:45:03 | 000,144,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys.bak
[2014/01/09 15:45:03 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys.bak
[2014/01/09 15:45:02 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys.bak
[2014/01/09 15:45:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys.bak
[2014/01/09 15:45:02 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys.bak
[2014/01/09 15:45:02 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys.bak
[2014/01/09 15:45:01 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tosdvd.sys.bak
[2014/01/09 15:45:01 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\drivers\tsbvcap.sys.bak
[2014/01/09 15:45:00 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys.bak
[2014/01/09 15:45:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys.bak
[2014/01/09 15:44:59 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys.bak
[2014/01/09 15:44:58 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys.bak
[2014/01/09 15:44:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys.bak
[2014/01/09 15:44:57 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys.bak
[2014/01/09 15:44:57 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smclib.sys.bak
[2014/01/09 15:44:55 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys.bak
[2014/01/09 15:44:55 | 000,028,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTLTEAMING.SYS.bak
[2014/01/09 15:44:55 | 000,022,016 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RtNdPt5x.sys.bak
[2014/01/09 15:44:55 | 000,017,536 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\RTLVLAN.SYS.bak
[2014/01/09 15:44:54 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys.bak
[2014/01/09 15:44:53 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys.bak
[2014/01/09 15:44:53 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys.bak
[2014/01/09 15:44:53 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\riodrv.sys.bak
[2014/01/09 15:44:52 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\rio8drv.sys.bak
[2014/01/09 15:44:51 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rawwan.sys.bak
[2014/01/09 15:44:49 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys.bak
[2014/01/09 15:44:48 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys.bak
[2014/01/09 15:44:47 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnknb.sys.bak
[2014/01/09 15:44:47 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkspx.sys.bak
[2014/01/09 15:44:47 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oprghdlr.sys.bak
[2014/01/09 15:44:46 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys.bak
[2014/01/09 15:44:45 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys.bak
[2014/01/09 15:44:45 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\System32\drivers\nikedrv.sys.bak
[2014/01/09 15:44:42 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys.bak
[2014/01/09 15:44:41 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys.bak
[2014/01/09 15:44:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys.bak
[2014/01/09 15:44:41 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/09 15:44:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcd.sys.bak
[2014/01/09 15:44:36 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys.bak
[2014/01/09 15:44:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys.bak
[2014/01/09 15:44:35 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fsvga.sys.bak
[2014/01/09 15:44:34 | 000,184,664 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\eamon.sys.bak
[2014/01/09 15:44:34 | 000,134,248 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\ehdrv.sys.bak
[2014/01/09 15:44:34 | 000,118,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\drivers\epfwtdir.sys.bak
[2014/01/09 15:44:33 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys.bak
[2014/01/09 15:44:33 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxapi.sys.bak
[2014/01/09 15:44:33 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgthk.sys.bak
[2014/01/09 15:44:32 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys.bak
[2014/01/09 15:44:31 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2014/01/09 15:44:31 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2014/01/09 15:44:31 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2014/01/09 15:44:30 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2014/01/09 15:44:30 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2014/01/09 15:44:30 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2014/01/09 15:44:30 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2014/01/09 15:44:30 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2014/01/09 15:44:30 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2014/01/09 15:44:29 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2014/01/09 15:44:29 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys.bak
[2014/01/09 15:44:28 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\drivers\cinemst2.sys.bak
[2014/01/09 15:44:28 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys.bak
[2014/01/09 15:44:28 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\System32\drivers\cpqdap01.sys.bak
[2014/01/09 15:44:27 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys.bak
[2014/01/09 15:44:27 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys.bak
[2014/01/09 15:44:25 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmuni.sys.bak
[2014/01/09 15:44:25 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys.bak
[2014/01/09 15:44:25 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmepvc.sys.bak
[2014/01/09 15:44:22 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys.bak
[2014/01/09 15:03:36 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2014/01/09 15:01:22 | 000,001,682 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2014/01/09 13:07:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/01/08 15:18:38 | 000,978,236 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Start-Stop DCOM Server Process Launcher service in Windows 7 from Services, Regedit or CMD.mht
[2014/01/08 08:19:30 | 012,099,717 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/07 12:44:40 | 000,000,072 | ---- | M] () -- C:\WINDOWS\JascCmdFile.INI
[2014/01/06 18:23:13 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 17:57:05 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launc

jemellin

#49
January 14, 2014, 01:27:52 AM
[2014/01/08 08:19:21 | 012,099,717 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\101 Household Tips for Every Room in your Home  Glamumous!.mht
[2014/01/06 18:23:13 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 16:03:09 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 15:57:28 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 15:57:28 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 13:54:23 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\Mozilla Firefox.lnk
[2014/01/06 13:44:00 | 001,384,066 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\bookmark.htm
[2014/01/05 11:55:13 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat Reader 5.0.lnk
[2014/01/02 12:18:11 | 000,150,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/01/02 09:53:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qpgh.vbg
[2014/01/02 09:43:52 | 000,000,090 | ---- | C] () -- C:\WINDOWS\System32\zfxmlml.mzf
[2014/01/02 09:41:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\pyez.wwv
[2014/01/02 09:41:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmkgrg.zyh
[2014/01/02 09:25:41 | 000,101,213 | --S- | C] () -- C:\WINDOWS\System32\lipwzq.nqv
[2013/12/30 13:43:20 | 000,131,594 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\Postal receipt.pdf
[2013/08/30 14:20:38 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\USER\.recently-used.xbel
[2013/08/30 09:58:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2013/08/30 09:54:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Rule Actions
[2013/07/30 11:13:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Speech Enhancer
[2013/07/30 11:13:02 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\Soundtrack
[2013/07/30 11:13:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2013/07/30 11:13:02 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sports
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Specifications
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\Space Choir
[2013/07/30 11:12:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\Sounds
[2013/07/30 11:12:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/07/30 11:12:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/07/30 11:12:27 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Leads
[2013/07/30 10:50:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
[2013/07/30 10:50:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\USER\Application Data\String Comparison
[2013/07/30 10:50:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeo.DAT
[2013/07/30 10:50:46 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
[2013/04/16 16:32:19 | 000,000,297 | ---- | C] () -- C:\WINDOWS\Solitaire.ini
[2013/03/15 11:27:25 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/11/23 16:34:02 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/21 13:14:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 07:39:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/09 17:33:05 | 010,676,670 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2203466315-1556017997-98728662-1005-0.dat
[2011/11/09 17:33:05 | 000,249,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 09:39:34 | 000,148,177 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2010/09/03 20:09:59 | 000,402,800 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll
[2010/09/03 20:09:59 | 000,130,416 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll
[2010/01/28 14:28:42 | 000,008,354 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/12/17 10:38:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/28 23:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Corrine

#50
January 14, 2014, 05:47:34 PM
Thank you, Jemellin.  That is what I needed to see. 

Although I'm expecting a bunch of "not found" in the log, because you do not want Google Chrome, I've provided every instance of an inclusion of Chrome.  First, right-click on Chrome in your task bar and select close or exit. Then, please do the following:

Warning:  This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.


  • Double-click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code Select

:Commands
[CREATERESTOREPOINT]

:OTL
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Docs = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Poppit = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File not found
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2203466315-1556017997-98728662-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

:File
C:\WINDOWS\System32\qpgh.vbg
C:\WINDOWS\System32\zfxmlml.mzf
C:\WINDOWS\System32\pyez.wwv
C:\WINDOWS\System32\cmkgrg.zyh
C:\WINDOWS\System32\lipwzq.nqv
C:\Program Files\Google
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[Reboot]


  • Click the Run Fix button.
  • OTL will now process the instructions.  Please let it run without interruption.
  • If not prompted to restart by OTL, please restart manually.
  • After restarting, the fix log will open. (The Fix log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log)
  • Copy/Paste the log in your next reply please.
After posting the resulting Fix log, please rescan as follows:

Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#51
January 15, 2014, 12:35:02 PM
I know there is alot to fix but the OTL run fix has been going 14 hrs. at this point. Is this to be expected? I am on my husbands computer now! Thanks Corrine for your help.

Corrine

#52
January 15, 2014, 06:43:19 PM
That is definitely not normal.  I've been concerned with the age of your computer and being Windows XP, nearing the end of support. 

Please restart your computer.  If you have any problems restarting, boot to Safe Mode and restore your computer to an earlier date.  In fact, OTL should have created a restore point before starting.

Microsoft Windows XP - Start the computer in safe mode
How to restore Windows XP to a previous state


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#53
January 15, 2014, 07:06:22 PM
Ok I restored my computer to yesterday morning @8:59

jemellin

#54
January 15, 2014, 07:16:52 PM
I just noticed this log after rebooting is it one we already had??
ComboFix 14-01-08.03 - USER 01/13/2014  14:42:38.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2135 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-13 to 2014-01-13  )))))))))))))))))))))))))))))))
.
.
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-07 00:04 . 2014-01-07 00:04   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-13 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-13 14:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2692)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2014-01-13  14:46:32
    ComboFix-quarantined-files.txt  2014-01-13 20:46
    ComboFix2.txt  2014-01-10 17:58
    .
    Pre-Run: 283,390,758,912 bytes free
    Post-Run: 283,412,639,744 bytes free
    .
    - - End Of File - - FAD2A0C6EF11DC9785CA072AD3B75518
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#55
January 15, 2014, 11:38:13 PM
Good job, jemellin. 

With the age of your computer and the end of support for Windows XP rapidly approaching (April 8, 2014), there isn't a lot that can be done.  However, if you still want to remove Chrome, we can use ComboFix to remove the Chrome folder.  It should also remove the orphans.  If it doesn't we can do it in another run.  First, right-click on Chrome in your task bar and select close or exit. Then, please do the following:

Note:  After ComboFix launches, click Yes if you see the following:



Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

c:\program files\Google


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#56
January 16, 2014, 04:26:18 PM
ComboFix 14-01-16.03 - USER 01/16/2014  10:17:41.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2191 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-15 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-16 10:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2516)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2014-01-16  10:21:51
    ComboFix-quarantined-files.txt  2014-01-16 16:21
    ComboFix2.txt  2014-01-16 16:12
    ComboFix3.txt  2014-01-13 20:46
    ComboFix4.txt  2014-01-10 17:58
    .
    Pre-Run: 283,091,845,120 bytes free
    Post-Run: 283,078,094,848 bytes free
    .
    - - End Of File - - 94F2E2DC44F66A3565B2B3202F020F7B
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#57
January 16, 2014, 06:32:51 PM
Hi, jemellin.  It looks like ComboFix took care of it but I need to see the previous log.  Either manually navigate to C:\Qoobox\ComboFix2.txt and open in Notepad or do the following:

Hold down the Windows Key and the "R" key.  A run box will appear.  Copy and paste the following:
C:\Qoobox\ComboFix2.txt then click OK
Notepad will open with a log.  Post the contents of that log in your next reply.

Thank you.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

jemellin

#58
January 16, 2014, 07:10:00 PM
ComboFix 14-01-16.03 - USER 01/16/2014  10:03:41.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2175 [GMT -6:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-15 18:59 . 2014-01-15 18:59   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-01-14 21:58 . 2014-01-14 21:58   --------   d-----w-   C:\_OTL
2014-01-12 15:28 . 2009-02-09 12:10   401408   -c--a-w-   c:\windows\system32\sfzwurs.bjt
2014-01-12 15:28 . 2009-02-09 12:10   401408   ----a-w-   c:\windows\system32\hlgcv.fnq
2014-01-10 20:12 . 2014-01-10 20:12   --------   d-----w-   c:\documents and settings\USER\Local Settings\Application Data\Sun
2014-01-10 20:11 . 2014-01-10 20:11   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-01-10 20:11 . 2014-01-10 20:11   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-01-10 20:10 . 2014-01-10 20:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2014-01-10 20:07 . 2014-01-10 20:07   6780   ----a-w-   c:\windows\system32\PerfStringBackup.TMP
2014-01-10 17:28 . 2014-01-10 17:28   --------   d-----w-   c:\windows\ERUNT
2014-01-10 16:55 . 2014-01-11 16:08   --------   d-----w-   c:\documents and settings\USER\Application Data\DigitalSites
2014-01-09 21:35 . 2014-01-12 15:40   --------   d-----w-   C:\AdwCleaner
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\USER\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-01-07 00:23 . 2014-01-07 00:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-01-02 15:54 . 2014-01-02 15:54   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 21:45 . 2014-01-09 21:45   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\viaide.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   42240   ----a-w-   c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   26368   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS.bak
2014-01-09 21:45 . 2014-01-09 21:45   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   4992   ----a-w-   c:\windows\system32\drivers\toside.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   36736   ----a-w-   c:\windows\system32\drivers\ultra.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2014-01-09 21:45 . 2014-01-09 21:45   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   32640   ----a-w-   c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30688   ----a-w-   c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   28384   ----a-w-   c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16256   ----a-w-   c:\windows\system32\drivers\symc810.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   19072   ----a-w-   c:\windows\system32\drivers\sparrow.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40960   ----a-w-   c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   22016   ----a-w-   c:\windows\system32\drivers\RtNdPt5x.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17536   ----a-w-   c:\windows\system32\drivers\RTLVLAN.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   28800   ----a-w-   c:\windows\system32\drivers\RTLTEAMING.SYS.bak
2014-01-09 21:44 . 2014-01-09 21:44   4752896   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   142336   ----a-w-   c:\windows\system32\drivers\Rtenicxp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   49024   ----a-w-   c:\windows\system32\drivers\ql1280.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   45312   ----a-w-   c:\windows\system32\drivers\ql12160.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   43840   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40448   ----a-w-   c:\windows\system32\drivers\ql1240.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   40320   ----a-w-   c:\windows\system32\drivers\ql1080.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   33152   ----a-w-   c:\windows\system32\drivers\ql10wnt.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   5504   ----a-w-   c:\windows\system32\drivers\perc2hib.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   21760   ----a-w-   c:\windows\system32\drivers\point32.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   17792   ----a-w-   c:\windows\system32\drivers\ptilink.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   146048   ----a-w-   c:\windows\system32\drivers\portcls.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   68224   ----a-w-   c:\windows\system32\drivers\pci.sys.bak
2014-01-09 21:44 . 2014-01-09 21:44   6784   ----a-w-   c:\windows\system32\drivers\parvdm.sys.bak
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[-] 2009-02-09 . 4C9D7409C767C9ED3AFA1AB6C7F7A26D . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . B7ACE57F6C62C43C31D505DCF6AB1C28 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-08-22 1093464]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 106560]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\USER\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 11:56 AM 134248]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 11:58 AM 118768]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [7/6/2011 8:48 AM 57344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [8/22/2013 1:00 PM 220504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/15/2013 2:07 PM 395640]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [1/15/2013 12:07 PM 780152]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/6/2014 6:23 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/6/2014 6:23 PM 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/22/2009 12:18 AM 22016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/6/2014 6:23 PM 22856]
S0 TfFsMon;TfFsMon;

  • S0 TfSysMon;TfSysMon;

  • S2 FullImagingService;FullImagingService;c:\documents and settings\All Users\Application Data\Clickfree\FullImagingBackup\FullImagingService.exe [9/6/2013 12:24 PM 235848]
    S2 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [1/28/2008 4:39 PM 57344]
    S3 pctplsg;pctplsg;

  • S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/22/2009 12:18 AM 28800]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/22/2009 12:18 AM 17536]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [11/23/2012 4:34 PM 13464]
    S3 TfNetMon;TfNetMon;

  • .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper   REG_MULTI_SZ      getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:42]
    .
    2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2014-01-06 21:57]
    .
    2014-01-15 c:\windows\Tasks\User_Feed_Synchronization-{C62D61F5-DE77-4B46-9ED4-A80980826EEA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    Trusted Zone: bestbuy.com\www-ssl
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{B0E18D04-350B-4C5B-95FF-550EEA4A455D}: NameServer = 64.91.3.46,208.54.220.20
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\cqnf6uhv.default\
    FF - ExtSQL: !HIDDEN! 2009-12-10 13:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-16 10:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
    "ImagePath"="\??\"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2204)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2014-01-16  10:12:41
    ComboFix-quarantined-files.txt  2014-01-16 16:12
    ComboFix2.txt  2014-01-13 20:46
    ComboFix3.txt  2014-01-10 17:58
    .
    Pre-Run: 283,101,380,608 bytes free
    Post-Run: 283,090,604,032 bytes free
    .
    - - End Of File - - 8EBE821236C7773487A3ABBCC6D52ABA
    CDB4DE4BBD714F152979DA2DCBEF57EB

Corrine

#59
January 16, 2014, 07:42:36 PM
Well, no wonder!  I am so sorry, jemellin, it certainly would have helped if I told ComboFox what I wanted removed!  :smash:  I didn't even realize that the code I gave you didn't include the appropriate directive.  The instructions below properly tell ComboFix what to do.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

Folder::
c:\program files\Google


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages 1 2 3 4 5
User actions