Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unable to access system restore due to virus [Solved]

Started by xppc , Jul 30 2013 01:20 PM

  • This topic is locked This topic is locked

#1
xppc
Posted 30 July 2013 - 01:20 PM

xppc

    Member

  • Member
  • PipPipPip
  • 148 posts
i got some type of virus (bad thing on my pc) while i believe i was updatine apple itunes. my pc's virus protection would not run saying i did not have admin authority. eventually i was able to run kaspersky and trend mirco scans and spybot which cleaned up some issues. i havent done a fresh install in two years and would like to do that to make sure everything is clean but my back up disks get a message saying the are not valid disks and i cannot access the restore partition..there is a message saying the pc can read the letters of the hard drive. recently win 7 claimed it was a bogus copy.. two later that suddenly stopped.

i have an acer timeline 4810 with win 7 home premium 64 bit anytime upgrade, intel core 2 solo cpu u3500 @ 1.4ghz, 4 gb memory


thanks for your help.

OTL logfile created on: 7/30/2013 11:47:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 51.26% Memory free
7.86 Gb Paging File | 5.34 Gb Available in Paging File | 67.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 170.36 Gb Total Space | 71.02 Gb Free Space | 41.69% Space Free | Partition Type: NTFS

Computer Name: EDDY-PC | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/30 11:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
PRC - [2013/07/24 08:50:04 | 000,224,464 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
PRC - [2013/07/24 08:50:04 | 000,213,712 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
PRC - [2013/07/24 08:50:04 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2013/07/14 06:57:38 | 001,821,384 | ---- | M] () -- C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
PRC - [2013/06/20 18:49:24 | 001,054,688 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\ApVxdWin.exe
PRC - [2013/06/18 16:14:14 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/30 08:47:44 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2013/03/29 11:54:36 | 000,099,144 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe
PRC - [2012/11/19 18:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PsCtrlS.exe
PRC - [2012/11/16 13:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\TPSrvWow.exe
PRC - [2012/11/09 15:59:18 | 000,537,448 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WondershareApplicationCenter.exe
PRC - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
PRC - [2012/09/21 08:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PavFnSvr.exe
PRC - [2012/04/04 18:00:28 | 000,108,032 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\WebProxy.exe
PRC - [2011/10/18 13:43:48 | 000,112,128 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PavBckPT.exe
PRC - [2011/10/18 13:43:48 | 000,091,648 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\SrvLoad.exe
PRC - [2011/04/13 12:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\pavsrvx86.exe
PRC - [2011/03/07 15:27:06 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\AVENGINE.EXE
PRC - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\psksvc.exe
PRC - [2010/05/17 09:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
PRC - [2010/05/17 09:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
PRC - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files (x86)\Panda Security\Panda Gold Protection\FIREWALL\PSHost.exe
PRC - [2009/08/27 00:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 20:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/08 22:08:56 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PsImSvc.exe
PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/29 09:25:17 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/11/09 15:59:32 | 000,016,744 | ---- | M] () -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\HttpRequest.dll
MOD - [2012/10/29 16:22:42 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\libcurl.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/17 09:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
MOD - [2010/05/17 09:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll
MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/02/14 13:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\MiniCrypto.dll
MOD - [2004/05/19 11:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\LIBXML2.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/08 16:59:40 | 006,199,520 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2013/06/18 11:15:29 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/24 09:26:34 | 000,347,968 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV:64bit: - [2010/08/13 04:40:12 | 000,158,120 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/04/14 15:01:44 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2010/04/14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV:64bit: - [2009/09/04 15:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2009/08/19 15:17:04 | 000,787,968 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2013/07/25 23:16:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/24 08:50:04 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/07/14 06:57:38 | 001,821,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
SRV - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/06/14 01:13:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/30 08:47:44 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/19 18:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2012/11/16 13:52:52 | 000,173,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\TPSrvWow.exe -- (TPSrv)
SRV - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) [Auto | Running] -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe -- (WACService)
SRV - [2012/09/21 08:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2011/04/13 12:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\pavsrvx86.exe -- (PAVSRV)
SRV - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\psksvc.exe -- (PskSvcRetail)
SRV - [2010/04/14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010/04/14 15:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\Program Files (x86)\Panda Security\Panda Gold Protection\FIREWALL\PSHost.exe -- (PSHost)
SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/29 15:11:22 | 000,015,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\COMFiltr.sys -- (ComFiltr)
DRV:64bit: - [2013/06/18 16:14:30 | 000,236,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/06/18 11:16:07 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/04/02 23:39:18 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013/03/29 19:03:28 | 000,040,232 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/09 22:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 15:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 15:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 17:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 17:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 17:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 17:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 17:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 17:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 17:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 17:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 17:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/07 10:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 13:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/26 18:57:36 | 000,071,432 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/31 16:41:28 | 000,129,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/09 16:23:00 | 000,078,920 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT)
DRV:64bit: - [2010/09/01 11:09:12 | 000,216,648 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1644.sys -- (NETIMFLT01060044)
DRV:64bit: - [2010/06/22 18:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/10/27 12:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009/09/25 14:54:08 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT)
DRV:64bit: - [2009/09/25 14:54:06 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI)
DRV:64bit: - [2009/09/25 14:54:02 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT)
DRV:64bit: - [2009/09/25 14:54:02 | 000,031,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON)
DRV:64bit: - [2009/09/15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/25 19:48:32 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/02/06 14:33:04 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/12/02 17:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008/09/22 09:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/01/30 21:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2013/06/18 16:14:30 | 000,357,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/06/18 16:14:30 | 000,229,040 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/03/29 09:25:08 | 000,586,072 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys -- (RapportCerberus_51755)
DRV - [2012/09/03 03:20:00 | 000,037,976 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...7-001F169FF0D1}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...7-001F169FF0D1}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_4810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/s...erms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yah...}&fr=chr-comodo
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...7-001F169FF0D1}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?_bc=1"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://us.search.yah...ytff-comodo&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Panda Safe Search"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_81.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_81.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 23:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 23:15:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/17 23:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Extensions
[2013/07/04 20:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\extensions
[2013/07/23 18:36:33 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2013/07/23 18:36:33 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2013/07/25 23:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/25 23:15:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/07/25 23:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/25 23:16:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/04 20:54:20 | 000,000,634 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/01/27 11:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeemon.exe] C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Gold Protection\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO livePCsupport\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark Pro700 Series] C:\Program Files (x86)\Lexmark Pro700 Series\fm3032.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Gold Protection\Inicio.exe (Panda Security, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C214B68E-86E2-45AA-8612-90B11D80745E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/30 11:43:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013/07/30 11:26:27 | 000,000,000 | R--D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/07/30 11:25:13 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/07/29 15:13:38 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2013/07/29 15:09:38 | 000,729,424 | ---- | C] (WeOnlyDo Software) -- C:\Windows\SysWow64\wodSFTP.dll
[2013/07/29 15:09:38 | 000,672,024 | ---- | C] (WeOnlyDo! COM) -- C:\Windows\SysWow64\wodKeys.dll
[2013/07/29 15:09:15 | 000,074,760 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\wnmflt64.sys
[2013/07/29 15:09:14 | 000,082,952 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\dsaflt64.sys
[2013/07/29 15:09:14 | 000,078,920 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\idsflt64.sys
[2013/07/29 15:08:52 | 000,129,096 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\APPFLT64.SYS
[2013/07/29 15:08:52 | 000,031,752 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\fnetm64.sys
[2013/07/29 15:08:51 | 000,170,504 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\NETTDI64.SYS
[2013/07/29 15:08:28 | 000,030,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2013/07/29 15:08:02 | 000,046,640 | ---- | C] (Panda Software) -- C:\Windows\SysNative\pavcpl64.cpl
[2013/07/29 15:07:30 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\HHActiveX.dll
[2013/07/29 15:07:23 | 000,202,048 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\TpUtilWow.dll
[2013/07/29 15:07:23 | 000,087,328 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavLspHookWow.dll
[2013/07/29 15:07:23 | 000,025,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\sysHelper32.dll
[2013/07/29 15:07:22 | 000,323,392 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\TpUtil64.dll
[2013/07/29 15:07:22 | 000,117,024 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavLspHook64.dll
[2013/07/29 15:07:22 | 000,090,944 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavIpc64.dll
[2013/07/29 15:07:22 | 000,066,880 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavIpcWow.dll
[2013/07/29 15:07:22 | 000,024,064 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\sysHelper64.dll
[2013/07/29 15:07:20 | 000,837,920 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\PavSHook64.dll
[2013/07/29 15:07:19 | 000,545,056 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysWow64\PavSHookWow.dll
[2013/07/29 15:07:16 | 000,216,648 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\n64i1644.sys
[2013/07/29 15:07:12 | 000,071,432 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\amm6460.sys
[2013/07/29 15:07:12 | 000,064,768 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\SysNative\avldr64.dll
[2013/07/29 15:06:44 | 000,048,136 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\ShldFlt.sys
[2013/07/27 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2013/07/26 21:50:06 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\Panda Security
[2013/07/26 21:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup
[2013/07/26 21:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Gold Protection
[2013/07/26 21:41:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PAV
[2013/07/26 21:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panda Security
[2013/07/26 11:53:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/26 11:53:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/26 11:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/26 11:53:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/26 11:53:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/26 11:53:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/26 11:53:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/26 11:53:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/26 11:53:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/26 11:53:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/26 11:53:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/26 11:53:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/26 11:53:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/26 11:53:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/26 11:53:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/25 23:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/25 23:08:32 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/25 23:08:31 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/25 23:08:27 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 23:08:24 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/25 22:50:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/25 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2013/07/02 22:29:24 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\lptmp799731127
[2013/07/02 21:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2013/07/02 21:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2013/07/02 21:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2013/07/02 20:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/02 20:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/07/02 19:45:30 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\QuickScan
[2013/07/01 20:31:04 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\LavasoftStatistics
[2013/07/01 20:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/07/01 20:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/07/01 20:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/07/01 20:19:49 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Local\adawarebp
[2013/07/01 20:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/07/01 20:09:33 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Ad-Aware Antivirus

========== Files - Modified Within 30 Days ==========

[2013/07/30 12:12:57 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/07/30 12:11:58 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/07/30 12:11:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/30 11:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013/07/30 11:36:49 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2013/07/30 11:35:29 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 11:35:29 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 11:34:47 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2013/07/30 11:34:47 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2013/07/30 11:34:44 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2013/07/30 11:34:44 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2013/07/30 11:34:44 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2013/07/30 11:34:44 | 000,000,092 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2013/07/30 11:34:44 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2013/07/30 11:34:44 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2013/07/30 11:34:44 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2013/07/30 11:34:44 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2013/07/30 11:34:42 | 000,278,776 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2013/07/30 11:34:42 | 000,278,776 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2013/07/30 11:34:13 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2013/07/30 11:34:13 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2013/07/30 11:25:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2013/07/30 11:25:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2013/07/30 11:25:21 | 000,000,152 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2013/07/30 11:25:21 | 000,000,152 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2013/07/30 11:23:40 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/07/30 11:22:58 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Basic clean-up1.job
[2013/07/30 11:22:58 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Basic clean-up.job
[2013/07/30 11:22:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/30 11:22:00 | 3166,015,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 15:14:59 | 000,726,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/29 15:14:58 | 000,872,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/29 15:14:58 | 000,146,156 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/29 15:11:22 | 000,015,928 | ---- | M] () -- C:\Windows\SysNative\drivers\COMFiltr.sys
[2013/07/29 15:11:13 | 000,000,253 | ---- | M] () -- C:\Windows\SysNative\PavCPL64.dat
[2013/07/29 15:11:12 | 000,002,096 | ---- | M] () -- C:\Users\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Gold Protection.lnk
[2013/07/29 15:08:34 | 000,002,473 | ---- | M] () -- C:\Users\Public\Desktop\Install remote access.lnk
[2013/07/29 15:08:33 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Panda Gold Protection.lnk
[2013/07/26 21:01:05 | 000,547,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/26 11:08:31 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/07/25 23:26:49 | 000,001,009 | ---- | M] () -- C:\Users\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/07/25 22:11:24 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/23 14:55:54 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[2013/07/02 20:51:28 | 001,186,345 | ---- | M] () -- C:\Users\Eddy\AppData\Local\census.cache
[2013/07/02 20:48:29 | 000,212,265 | ---- | M] () -- C:\Users\Eddy\AppData\Local\ars.cache
[2013/07/02 20:13:48 | 000,000,036 | ---- | M] () -- C:\Users\Eddy\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2013/07/30 11:36:48 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2013/07/30 11:33:55 | 000,001,132 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2013/07/30 11:33:55 | 000,001,132 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2013/07/30 11:31:33 | 000,278,776 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2013/07/30 11:31:33 | 000,278,776 | ---- | C] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2013/07/29 15:14:10 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/07/29 15:11:22 | 000,015,928 | ---- | C] () -- C:\Windows\SysNative\drivers\COMFiltr.sys
[2013/07/29 15:11:13 | 000,000,253 | ---- | C] () -- C:\Windows\SysNative\PavCPL64.dat
[2013/07/29 15:11:12 | 000,002,096 | ---- | C] () -- C:\Users\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Gold Protection.lnk
[2013/07/29 15:08:45 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Basic clean-up1.job
[2013/07/29 15:08:41 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\Basic clean-up.job
[2013/07/29 15:08:34 | 000,002,473 | ---- | C] () -- C:\Users\Public\Desktop\Install remote access.lnk
[2013/07/29 15:08:33 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Panda Gold Protection.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/07/23 14:55:54 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2013/07/02 20:51:28 | 001,186,345 | ---- | C] () -- C:\Users\Eddy\AppData\Local\census.cache
[2013/07/02 20:48:29 | 000,212,265 | ---- | C] () -- C:\Users\Eddy\AppData\Local\ars.cache
[2013/07/02 20:13:48 | 000,000,036 | ---- | C] () -- C:\Users\Eddy\AppData\Local\housecall.guid.cache
[2013/03/31 11:14:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/01/08 02:38:29 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/12/26 11:51:33 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll
[2012/12/26 11:51:32 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll
[2012/12/26 11:51:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll
[2012/12/26 11:51:29 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll
[2012/12/26 11:51:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll
[2012/12/26 11:51:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll
[2012/12/26 11:51:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll
[2012/12/26 11:51:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll
[2012/12/26 11:51:25 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll
[2012/12/26 11:51:24 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll
[2012/12/26 11:51:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll
[2012/12/26 11:51:23 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll
[2012/12/26 11:51:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll
[2012/12/26 11:51:21 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll
[2012/12/26 11:51:20 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll
[2012/12/26 11:51:18 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeih.exe
[2012/12/26 11:51:17 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll
[2012/12/26 11:51:16 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecoms.exe
[2012/12/26 11:51:14 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll
[2012/12/26 11:51:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll
[2012/12/26 11:51:12 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecfg.exe
[2012/11/19 13:12:15 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/11/19 13:12:15 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/10/24 23:16:35 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012/08/10 00:30:26 | 000,000,514 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/06 18:53:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/05/30 22:48:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/05/22 09:12:22 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll
[2012/05/22 09:12:21 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll
[2012/05/18 00:11:12 | 000,866,286 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/17 03:17:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/05/17 01:51:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012/05/16 22:09:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/05/16 22:09:15 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012/05/16 22:09:15 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2012/05/16 22:09:14 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 7/30/2013 11:47:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 51.26% Memory free
7.86 Gb Paging File | 5.34 Gb Available in Paging File | 67.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 170.36 Gb Total Space | 71.02 Gb Free Space | 41.69% Space Free | Partition Type: NTFS

Computer Name: EDDY-PC | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.jse[@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe[@ = VBEFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs[@ = VBSFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf[@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh[@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files (x86)\Panda Security\Panda Gold Protection\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = IceDragonHTML] -- C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe (COMODO Security Solutions)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0773A38B-3E2C-44EC-9ABD-A5D4746C2968}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B47B3CB-78A7-4FBD-A6C3-26609B6D099B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28385693-25D6-41F9-81A1-BAC9AAD02D2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28F47A28-CC5E-48A2-8107-78050E34B69A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A88AAD6-0C81-4DB9-A09A-01B91358EB89}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FAFC210-F5A0-44D2-8402-EC15255538BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{321B109E-0EA8-41DD-B9F0-4CFA7CC578CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CE1D252-029D-4ACD-9B9C-CE53B109D198}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FB12304-6DBD-4EBF-B885-F2E0DD532956}" = lport=138 | protocol=17 | dir=in | app=system |
"{54BDD180-09B7-4D7D-8705-E96F70199354}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63EB5890-3A54-4AF0-9211-A76F641E1521}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64DA9048-3A57-4E6B-BF25-B775BC112473}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6895BF0F-0C80-41C5-9EFE-32C8F366535D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EF50E05-7060-48EE-83B4-7E2512625CE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{845B260A-A1D3-4226-BC7B-50F7136F56D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8466A564-73A8-4B6D-AAEF-681704D0FB65}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84DF884D-EA9C-4643-8AC3-3F5F3593CAC3}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D2432D2-C073-49D3-A245-D588A7D84345}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F97841D-CD64-48BD-98D2-7BBA36F7BC29}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA17B656-DA99-4BC6-AEC3-0DC5ADA9313B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB3230FD-269D-4CD2-A661-165038E351BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6125C54-0BF2-46CF-8277-D37DD54262A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B7D75714-1443-4E18-9A0A-4DD658B4C69D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6E34913-2EC0-41B9-AE61-5B9476C850D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C9625F9E-EA6F-4B28-B6B6-4BC9522A1058}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D841E5ED-4293-4C42-A13F-DC82DA0ADF9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E01E6B53-9E85-40A6-B22E-43351089D96F}" = lport=445 | protocol=6 | dir=in | app=system |
"{E2AF57D2-950A-4ACA-8895-879AA1E4ABB1}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F7FE21-6D5C-4C37-A610-D2CA00D1919C}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{055D70B1-596C-4187-804E-F3F571A4FA5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0981312F-DEA6-49DB-95EF-2583511B3EA7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{0AD71E7F-2F71-4033-97E5-6E7D10A2228E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10390CFE-2784-4CDD-A189-E3BC3C063331}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{12E193E0-12EA-4AF1-B09F-F75688D7C0EC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{17FE5AF4-2705-4D8C-A6D0-1002092F2596}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{1F8D3848-952F-4C56-9F74-B794B7BA2C61}" = protocol=6 | dir=out | app=system |
"{256A3974-119A-493B-A62C-E5B4F42F619A}" = protocol=1 | dir=in | [email protected],-28543 |
"{2BDF2FBF-4A45-465A-A0EC-FC57A30792E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C9B87F0-2083-410B-9E61-F159D82E4413}" = protocol=1 | dir=out | [email protected],-28544 |
"{3392A767-32D5-41B2-8CAE-B1473B56CC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A27D2E7-FAD0-4FF3-A100-EE1EA1DAEA91}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{3B811D78-4C21-4518-8E3B-8DE4E0A3698F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C14BA5E-D9E3-4484-A5F3-B38B4CF1AB24}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C2208BF-3539-4F32-A283-DA55AE06CEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{447596CF-2649-4A2A-8D3F-990E107CFD95}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{45B0E269-BAFB-41C9-B7E0-861FFAFC688F}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{462F838A-01C2-4580-B898-8E5177A9CD5B}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{4684AC61-7211-4C75-A1B2-72FF92569B90}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{48DE7859-9972-4F22-BA44-9F97DC945A04}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{493FA41B-FE9E-4A3B-B0AF-19206F68AA50}" = protocol=17 | dir=in | app=c:\troopmaster software\tm4\troopmaster.exe |
"{4AB419F3-6DFB-4C9F-9B24-AB009097A0B6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{4C194E13-290F-4DF9-9380-BA4789F34515}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4E610191-8C53-4F09-ADAC-6C12D3760DDA}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{58B45CC4-DAB3-49A4-BBFA-4F070629A456}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A926682-1155-49DF-A09D-E6DE950B5043}" = protocol=17 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{60213829-12F7-4CCC-BC29-71F6E3AB020A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{60D017E5-5E0E-4B29-85E3-5196A5F8514E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{61D08C50-F9B7-4816-8A85-DEF2A907D421}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{636D309E-58CE-494E-8CEB-19386BC9C9B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64B71181-6698-4168-A450-7775EFF50EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{66B73F25-45DF-4B2D-96B2-F766DBDF6B53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66E78FE5-D277-4575-87D9-BB13CEA48D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{68EB63A0-82FD-419C-85A2-158F9DE7A1E2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{72BE17CB-41FD-495D-8B5F-0744F43E2A26}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{767D1DED-9E74-4591-97D4-9C96312DCC86}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{82702E27-C6E9-43DA-B273-AB737FB051B9}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{85996F60-4794-49FD-A262-63D5CB6E474D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{91C66697-6FA0-4954-9CA3-4DF1ABFD79D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{933B616B-BCF6-4299-B8E9-5966FFAFA64A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{936B2044-63E0-4820-84EE-5DAA2ACBFC6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93AA7ED7-EAB7-4FC4-BDE5-B62B26209601}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{9C5DEE50-9D83-4EF4-AB22-1CCA704222EE}" = protocol=6 | dir=in | app=c:\troopmaster software\tm4\troopmaster.exe |
"{9D983345-6C87-47A2-B5AE-2367C2C8BFDC}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A1404935-1D52-4666-BA43-777273AB444D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A2BB1213-1167-48B6-83B9-64FB6008FEB7}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{A302EDF5-CFBD-4126-8327-D4A8E48AAC92}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{A39FBA84-AB78-4310-B7A6-74E830A90AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{A39FD49B-AA50-4555-AB8C-E0A56627C82D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A69112EC-1856-4567-97AC-408FB52E9C45}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AD8497F6-F3D5-4E24-AD08-DBF52ACFA6E7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B002FA3A-C40F-4B99-BE88-3ED0B434E332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7FC8DB6-FFA5-42B7-ABC5-7A5A748CC61C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B9C7B97A-5175-453E-AF86-14B087280BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BAC47039-B13C-4157-B139-C9D5DA4C423A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{BBAA5B1F-1E5A-4913-8BC1-EF0A70ACF23E}" = protocol=58 | dir=in | [email protected],-28545 |
"{BF81FB7E-F7A5-4E5C-8715-1115D535A742}" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{C2967A10-51E5-4399-AE8C-BC5F042B4DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C4AE2F90-60B6-4ECA-8106-C60CC725FDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C5F20644-5339-4E95-8B46-8A4160997543}" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{C7D6F72A-95D4-428B-B3E9-77B0E1C0CB23}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{C7DE3202-833C-4061-806D-E125BF58B8D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD1F61EC-72DC-43B2-AF48-070ACB2DCB12}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{D16F3CB4-77F3-4F4B-A369-7091A649F78E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{D261B395-6831-4B65-B6C5-BDB2610F84E9}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{D7AEB7E9-16EC-4283-8C8F-462778279201}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E10475FE-2B1B-49BC-A417-64F54B711D5B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E62BAD9F-703B-4B0E-B054-3BDBDD9907CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E73681C1-0590-48E2-9503-60DBCC6654B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E88D7ED0-28AD-4883-B848-6533974CBA6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE3883F6-A7BC-44D2-9D75-1B670E68B96C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EF8EB8C1-C865-4F0F-B656-503558CD2946}" = protocol=6 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{FB90E89E-8403-4753-B47D-9AEE38BA8422}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{07DE8B5F-DA98-4FDF-87A9-80F56C0EE279}C:\program files (x86)\panda security\panda gold protection\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda gold protection\apvxdwin.exe |
"TCP Query User{DEDAFFC0-F8C9-48D6-9E18-933E551DF43A}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"TCP Query User{E6311A27-F757-443E-A8FD-0A6EC1924DD0}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{55F476F8-FCA6-4132-B025-69F8AD7B107C}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{7CAB33A9-A2B8-47CD-82BD-D077F7F92533}C:\program files (x86)\panda security\panda gold protection\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda gold protection\apvxdwin.exe |
"UDP Query User{C3C38F2F-D1D4-4254-8368-A33A3CAFABB4}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{2BF53A9A-EC11-4429-B29D-19A9276092EF}" = HP LaserJet Toolbox
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A945B7E-4F69-4DDA-B14B-E4DE8446A010}" = MrvlUsgTracking64
"{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}" = COMODO System Utilities
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{CC81CD6C-C2B3-4EE5-A11B-5E9A9B5941DF}" = COMODO Cloud Scanner
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F323676A-B911-4B57-827F-32D02DCD4971}" = HP Color LaserJet CP1210 Series Toolbox
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo for Android ( Version 3.1.0 )
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.16
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1" = Wondershare Application Center 1.0.0.58
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Gold Protection
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 4.0.1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6 - Panda Secure Vault Edition
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C5DF93B9-89DF-40AF-BD79-B172B27AC977}" = GeekBuddy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC888721-90FF-4B00-8887-DFB3CE20F234}" = Panda Global Protection 2014
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C0186F-640F-4C0D-A010-2E7247C6EDE6}" = Panda Global Protection 2014
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.47
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{F6F52B12-65B1-46BB-9EAE-07BEE2B7E7FD}_is1" = OA LodgeMaster Desktop 2.0
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FB9C1550-C380-11E0-6784-0B93E74E18BE}" = TroopMaster
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo IceDragon" = Comodo IceDragon
"COMODO livePCsupport" = COMODO livePCsupport
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Panda Security URL Filtering" = Panda Security URL Filtering
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2013 3:17:18 PM | Computer Name = Eddy-PC | Source = VSS | ID = 8193
Description =

Error - 7/30/2013 11:23:47 AM | Computer Name = Eddy-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/29/2013 3:11:23 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7030
Description = The Panda Software Controller service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 7/29/2013 3:56:27 PM | Computer Name = Eddy-PC | Source = DCOM | ID = 10010
Description =

Error - 7/30/2013 12:47:18 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7023
Description = The Panda On-Access Anti-Malware Service service terminated with the
following error: %%1

Error - 7/30/2013 11:23:23 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7000
Description = The Panda Product Service service failed to start due to the following
error: %%2

Error - 7/30/2013 11:24:49 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 7/30/2013 11:26:45 AM | Computer Name = Eddy-PC | Source = DCOM | ID = 10010
Description =

Error - 7/30/2013 11:27:11 AM | Computer Name = Eddy-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 7/30/2013 11:27:55 AM | Computer Name = Eddy-PC | Source = DCOM | ID = 10010
Description =

Error - 7/30/2013 11:29:27 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WwanSvc service.

Error - 7/30/2013 11:30:18 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%16389


< End of report >
  • 0

Advertisements

#2
Teima
Posted 30 July 2013 - 08:01 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello xppc,

My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)

Notes before we commence:

  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "xppc". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.

Extra

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:
  • 0

#3
xppc
Posted 31 July 2013 - 10:01 PM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
fantastic. i will be patient and look forward to working with you both
  • 0

#4
Teima
Posted 01 August 2013 - 04:25 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello xpcc. Thanks for your patience. :)

Step One

Your log files indicate signs of either two or multiple anti-virus scanners present. These have been identified as "COMODO Internet Security" and "Panda Cloud Antivirus".

  • Research shows that it's not safe to have more than one anti-virus installed on a computer, and doing so not only does not provide better protection, it will actually cause additional problems.
  • Having multiple anti-virus programs on one computer can cause your computer to run very slow, become unstable and can cause possible software conflicts, it's recommended that remove all but one anti-virus program.
Please let me know which one you would like removed and within my next series of instructions I'll post the appropriate steps for its removal.

Step Two

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={514DD575-96F1-11E2-9007-001F169FF0D1}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={514DD575-96F1-11E2-9007-001F169FF0D1}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={514DD575-96F1-11E2-9007-001F169FF0D1}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
O4 - HKLM..\Run: []  File not found

:Commands
[EMPTYTEMP]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.

Step Three

Download AdwCleaner from here to your desktop.

Run AdwCleaner and select Delete.

Posted Image

On reboot a log will be produced please attach that for me to review.
  • 0

#5
xppc
Posted 01 August 2013 - 08:19 PM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
i did an uninstall on the panda cloud..
below are the log file

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eddy
->Temp folder emptied: 1331810 bytes
->Temporary Internet Files folder emptied: 1652212 bytes
->Java cache emptied: 1880 bytes
->FireFox cache emptied: 83132500 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3578 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8728655 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78106 bytes
RecycleBin emptied: 160481538 bytes

Total Files Cleaned = 244.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08012013_214623

Files\Folders moved on Reboot...
C:\Users\Eddy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Eddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



# AdwCleaner v2.306 - Logfile created 08/01/2013 at 22:04:09
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Eddy - EDDY-PC
# Boot Mode : Normal
# Running from : C:\Users\Eddy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Wondershare
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Tencent
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Eddy\AppData\Local\Supreme Savings
Folder Deleted : C:\Users\Eddy\AppData\Local\Wondershare
Folder Deleted : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\adawaretb
Folder Deleted : C:\Users\Eddy\AppData\Roaming\Tencent
Folder Deleted : C:\Users\Eddy\AppData\Roaming\Wondershare
Folder Deleted : C:\Users\Eddy\Documents\Wondershare

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\prefs.js

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Panda Safe Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://my.yahoo.com/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

*************************

AdwCleaner[S1].txt - [5353 octets] - [01/08/2013 22:04:09]

########## EOF - C:\AdwCleaner[S1].txt - [5413 octets] ##########
  • 0

#6
Teima
Posted 02 August 2013 - 07:02 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Step One

I would assume you still have OTL on your machine. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.
Step Two

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by Teima, 02 August 2013 - 07:03 PM.

  • 0

#7
xppc
Posted 03 August 2013 - 10:02 AM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
OTL logfile created on: 8/3/2013 11:26:58 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.02% Memory free
7.86 Gb Paging File | 5.34 Gb Available in Paging File | 67.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 170.36 Gb Total Space | 75.30 Gb Free Space | 44.20% Space Free | Partition Type: NTFS

Computer Name: EDDY-PC | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/30 11:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
PRC - [2013/07/25 23:16:37 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/24 08:50:04 | 000,224,464 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
PRC - [2013/07/24 08:50:04 | 000,213,712 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
PRC - [2013/07/24 08:50:04 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
PRC - [2013/07/16 21:12:16 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/07/16 21:12:16 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/07/14 06:57:38 | 001,821,384 | ---- | M] () -- C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/14 01:13:04 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_81.exe
PRC - [2013/05/30 08:47:44 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/26 14:57:22 | 001,177,224 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
PRC - [2010/05/17 09:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
PRC - [2010/05/17 09:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
PRC - [2009/08/27 00:48:32 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 20:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/01/08 22:08:56 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/25 23:15:36 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/14 01:12:59 | 016,161,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_81.dll
MOD - [2013/03/29 09:25:17 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/17 09:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
MOD - [2010/05/17 09:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll
MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/08 16:59:40 | 006,199,520 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2013/06/18 11:15:29 | 000,158,936 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/24 09:26:34 | 000,347,968 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV:64bit: - [2010/08/13 04:40:12 | 000,158,120 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/04/14 15:01:44 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2010/04/14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV:64bit: - [2009/09/04 15:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV:64bit: - [2009/08/19 15:17:04 | 000,787,968 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2013/07/25 23:16:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/24 08:50:04 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/07/16 21:12:16 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/07/14 06:57:38 | 001,821,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/14 01:13:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/30 08:47:44 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) [Auto | Running] -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe -- (WACService)
SRV - [2010/04/14 15:01:37 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010/04/14 15:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/11 20:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/16 21:12:28 | 000,236,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/06/18 11:16:07 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2013/04/02 23:39:18 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013/03/29 19:03:28 | 000,040,232 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/09 22:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 15:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 15:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 17:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 17:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 17:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 17:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 17:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 17:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 17:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 17:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 17:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/07 10:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 13:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/03/25 19:48:32 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/02/06 14:33:04 | 000,262,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/12/02 17:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV:64bit: - [2008/09/22 09:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/01/30 21:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2013/07/16 21:12:28 | 000,357,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/07/16 21:12:28 | 000,229,040 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/03/29 09:25:08 | 000,586,072 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys -- (RapportCerberus_51755)
DRV - [2012/09/03 03:20:00 | 000,037,976 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_4810t
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yah...}&fr=chr-comodo
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?_bc=1"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://us.search.yah...ytff-comodo&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_81.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_81.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 23:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 23:15:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/17 23:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Extensions
[2013/07/04 20:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\extensions
[2013/07/23 18:36:33 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2013/07/23 18:36:33 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Eddy\AppData\Roaming\Mozilla\Firefox\Profiles\nnlp498d.default-1349759588836\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2013/08/01 13:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/01 13:05:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/01 13:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/01 13:05:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/25 23:16:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/27 11:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxeemon.exe] C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO livePCsupport\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark Pro700 Series] C:\Program Files (x86)\Lexmark Pro700 Series\fm3032.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C214B68E-86E2-45AA-8612-90B11D80745E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/03 11:15:20 | 000,000,000 | R--D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/08/03 11:14:04 | 000,000,000 | ---D | C] -- C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2013/08/02 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Order princesstuti2013_files
[2013/08/02 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\shadowkitty
[2013/08/01 21:46:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/01 12:49:01 | 000,000,000 | ---D | C] -- C:\Users\Eddy\Desktop\Lina - el salvador
[2013/07/30 11:43:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013/07/29 15:13:38 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2013/07/27 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2013/07/26 21:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup
[2013/07/26 11:53:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/26 11:53:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/26 11:53:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/26 11:53:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/26 11:53:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/26 11:53:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/26 11:53:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/26 11:53:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/26 11:53:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/26 11:53:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/26 11:53:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/26 11:53:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/26 11:53:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/26 11:53:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/26 11:53:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/25 23:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/25 23:08:32 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/25 23:08:31 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/25 23:08:27 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 23:08:24 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/25 22:50:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/25 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO

========== Files - Modified Within 30 Days ==========

[2013/08/03 11:32:54 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/08/03 11:25:22 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2013/08/03 11:23:02 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 11:23:02 | 000,011,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 11:13:33 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/08/03 11:13:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/03 11:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/03 11:12:56 | 3166,015,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 22:18:40 | 000,288,465 | ---- | M] () -- C:\Users\Eddy\Desktop\Order princesstuti2013.htm
[2013/08/02 00:20:02 | 000,291,401 | ---- | M] () -- C:\Users\Eddy\Desktop\Order now and get in on all the action!.htm
[2013/08/01 22:05:42 | 000,000,102 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/01 22:02:06 | 000,666,633 | ---- | M] () -- C:\Users\Eddy\Desktop\adwcleaner.exe
[2013/08/01 17:13:26 | 000,127,302 | ---- | M] () -- C:\Users\Eddy\Documents\desil.jpg
[2013/08/01 17:11:22 | 000,123,405 | ---- | M] () -- C:\Users\Eddy\Documents\14.jpg
[2013/08/01 17:10:50 | 000,140,482 | ---- | M] () -- C:\Users\Eddy\Documents\1 (22).jpg
[2013/08/01 17:10:27 | 000,150,954 | ---- | M] () -- C:\Users\Eddy\Documents\_100726_2091.jpg
[2013/08/01 13:25:57 | 000,051,326 | ---- | M] () -- C:\Users\Eddy\Documents\cc_20130801_132530.reg
[2013/08/01 13:15:06 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/08/01 12:49:29 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/07/30 11:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddy\Desktop\OTL.exe
[2013/07/29 15:14:59 | 000,726,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/29 15:14:58 | 000,872,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/29 15:14:58 | 000,146,156 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/26 21:01:05 | 000,547,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/26 11:08:31 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/07/25 23:26:49 | 000,001,009 | ---- | M] () -- C:\Users\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/07/25 22:11:24 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/07/16 21:12:28 | 000,236,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys

========== Files Created - No Company Name ==========

[2013/08/03 11:25:22 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2013/08/02 22:18:23 | 000,288,465 | ---- | C] () -- C:\Users\Eddy\Desktop\Order princesstuti2013.htm
[2013/08/02 00:19:50 | 000,291,401 | ---- | C] () -- C:\Users\Eddy\Desktop\Order now and get in on all the action!.htm
[2013/08/01 22:04:24 | 000,000,102 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/01 22:01:46 | 000,666,633 | ---- | C] () -- C:\Users\Eddy\Desktop\adwcleaner.exe
[2013/08/01 17:13:19 | 000,127,302 | ---- | C] () -- C:\Users\Eddy\Documents\desil.jpg
[2013/08/01 17:11:14 | 000,123,405 | ---- | C] () -- C:\Users\Eddy\Documents\14.jpg
[2013/08/01 17:10:30 | 000,140,482 | ---- | C] () -- C:\Users\Eddy\Documents\1 (22).jpg
[2013/08/01 17:10:15 | 000,150,954 | ---- | C] () -- C:\Users\Eddy\Documents\_100726_2091.jpg
[2013/08/01 13:25:37 | 000,051,326 | ---- | C] () -- C:\Users\Eddy\Documents\cc_20130801_132530.reg
[2013/07/29 15:14:10 | 000,008,627 | ---- | C] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2013/07/25 22:43:53 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/07/25 22:43:53 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/07/02 20:51:28 | 001,186,345 | ---- | C] () -- C:\Users\Eddy\AppData\Local\census.cache
[2013/07/02 20:48:29 | 000,212,265 | ---- | C] () -- C:\Users\Eddy\AppData\Local\ars.cache
[2013/07/02 20:13:48 | 000,000,036 | ---- | C] () -- C:\Users\Eddy\AppData\Local\housecall.guid.cache
[2013/03/31 11:14:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/01/08 02:38:29 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2012/12/26 11:51:33 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEEinst.dll
[2012/12/26 11:51:32 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeecomx.dll
[2012/12/26 11:51:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeinpa.dll
[2012/12/26 11:51:29 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeiesc.dll
[2012/12/26 11:51:28 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsr.dll
[2012/12/26 11:51:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeejswr.dll
[2012/12/26 11:51:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeecur.dll
[2012/12/26 11:51:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeepmui.dll
[2012/12/26 11:51:25 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeeinsb.dll
[2012/12/26 11:51:24 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeeins.dll
[2012/12/26 11:51:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeecub.dll
[2012/12/26 11:51:23 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeecu.dll
[2012/12/26 11:51:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeusb1.dll
[2012/12/26 11:51:21 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeserv.dll
[2012/12/26 11:51:20 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeelmpm.dll
[2012/12/26 11:51:18 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeeih.exe
[2012/12/26 11:51:17 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeehbn3.dll
[2012/12/26 11:51:16 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecoms.exe
[2012/12/26 11:51:14 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomm.dll
[2012/12/26 11:51:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecomc.dll
[2012/12/26 11:51:12 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeecfg.exe
[2012/11/19 13:12:15 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/11/19 13:12:15 | 000,006,080 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/10/24 23:16:35 | 000,007,605 | ---- | C] () -- C:\Users\Eddy\AppData\Local\Resmon.ResmonCfg
[2012/08/10 00:30:26 | 000,000,514 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/06 18:53:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/05/30 22:48:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/05/22 09:12:22 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEEsmr.dll
[2012/05/22 09:12:21 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEEsm.dll
[2012/05/18 00:11:12 | 000,866,286 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/17 03:17:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/05/17 01:51:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012/05/16 22:09:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012/05/16 22:09:15 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012/05/16 22:09:15 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2012/05/16 22:09:14 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | -HS- | M] () -- C:\Windows\assembly\desktop.in0

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 01:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 00:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013/06/24 22:01:44 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is ACER
Volume Serial Number is 06E1-9EEC
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Eddy
05/17/2012 10:32 PM <JUNCTION> Application Data [C:\Users\Eddy\AppData\Roaming]
05/17/2012 10:32 PM <JUNCTION> Cookies [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Cookies]
05/17/2012 10:32 PM <JUNCTION> Local Settings [C:\Users\Eddy\AppData\Local]
05/17/2012 10:32 PM <JUNCTION> My Documents [C:\Users\Eddy\Documents]
05/17/2012 10:32 PM <JUNCTION> NetHood [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/17/2012 10:32 PM <JUNCTION> PrintHood [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/17/2012 10:32 PM <JUNCTION> Recent [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Recent]
05/17/2012 10:32 PM <JUNCTION> SendTo [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\SendTo]
05/17/2012 10:32 PM <JUNCTION> Start Menu [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Start Menu]
05/17/2012 10:32 PM <JUNCTION> Templates [C:\Users\Eddy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Eddy\AppData\Local
05/17/2012 10:32 PM <JUNCTION> Application Data [C:\Users\Eddy\AppData\Local]
05/17/2012 10:32 PM <JUNCTION> History [C:\Users\Eddy\AppData\Local\Microsoft\Windows\History]
05/17/2012 10:32 PM <JUNCTION> Temporary Internet Files [C:\Users\Eddy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Eddy\Documents
05/17/2012 10:32 PM <JUNCTION> My Music [C:\Users\Eddy\Music]
05/17/2012 10:32 PM <JUNCTION> My Pictures [C:\Users\Eddy\Pictures]
05/17/2012 10:32 PM <JUNCTION> My Videos [C:\Users\Eddy\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 80,866,091,008 bytes free

< End of report >
OTL Extras logfile created on: 8/3/2013 11:26:58 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eddy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 44.02% Memory free
7.86 Gb Paging File | 5.34 Gb Available in Paging File | 67.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 170.36 Gb Total Space | 75.30 Gb Free Space | 44.20% Space Free | Partition Type: NTFS

Computer Name: EDDY-PC | User Name: Eddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Classes\<extension>]
.html [@ = IceDragonHTML] -- C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe (COMODO Security Solutions)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0773A38B-3E2C-44EC-9ABD-A5D4746C2968}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B47B3CB-78A7-4FBD-A6C3-26609B6D099B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28385693-25D6-41F9-81A1-BAC9AAD02D2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28F47A28-CC5E-48A2-8107-78050E34B69A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A88AAD6-0C81-4DB9-A09A-01B91358EB89}" = rport=445 | protocol=6 | dir=out | app=system |
"{2FAFC210-F5A0-44D2-8402-EC15255538BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{321B109E-0EA8-41DD-B9F0-4CFA7CC578CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CE1D252-029D-4ACD-9B9C-CE53B109D198}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FB12304-6DBD-4EBF-B885-F2E0DD532956}" = lport=138 | protocol=17 | dir=in | app=system |
"{54BDD180-09B7-4D7D-8705-E96F70199354}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63EB5890-3A54-4AF0-9211-A76F641E1521}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64DA9048-3A57-4E6B-BF25-B775BC112473}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6895BF0F-0C80-41C5-9EFE-32C8F366535D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EF50E05-7060-48EE-83B4-7E2512625CE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{845B260A-A1D3-4226-BC7B-50F7136F56D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8466A564-73A8-4B6D-AAEF-681704D0FB65}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84DF884D-EA9C-4643-8AC3-3F5F3593CAC3}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D2432D2-C073-49D3-A245-D588A7D84345}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F97841D-CD64-48BD-98D2-7BBA36F7BC29}" = rport=137 | protocol=17 | dir=out | app=system |
"{AA17B656-DA99-4BC6-AEC3-0DC5ADA9313B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB3230FD-269D-4CD2-A661-165038E351BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6125C54-0BF2-46CF-8277-D37DD54262A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B7D75714-1443-4E18-9A0A-4DD658B4C69D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6E34913-2EC0-41B9-AE61-5B9476C850D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C9625F9E-EA6F-4B28-B6B6-4BC9522A1058}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D841E5ED-4293-4C42-A13F-DC82DA0ADF9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E01E6B53-9E85-40A6-B22E-43351089D96F}" = lport=445 | protocol=6 | dir=in | app=system |
"{E2AF57D2-950A-4ACA-8895-879AA1E4ABB1}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F7FE21-6D5C-4C37-A610-D2CA00D1919C}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{055D70B1-596C-4187-804E-F3F571A4FA5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0981312F-DEA6-49DB-95EF-2583511B3EA7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{0AD71E7F-2F71-4033-97E5-6E7D10A2228E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10390CFE-2784-4CDD-A189-E3BC3C063331}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{12E193E0-12EA-4AF1-B09F-F75688D7C0EC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{17FE5AF4-2705-4D8C-A6D0-1002092F2596}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{1F8D3848-952F-4C56-9F74-B794B7BA2C61}" = protocol=6 | dir=out | app=system |
"{256A3974-119A-493B-A62C-E5B4F42F619A}" = protocol=1 | dir=in | [email protected],-28543 |
"{2BDF2FBF-4A45-465A-A0EC-FC57A30792E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C9B87F0-2083-410B-9E61-F159D82E4413}" = protocol=1 | dir=out | [email protected],-28544 |
"{3392A767-32D5-41B2-8CAE-B1473B56CC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A27D2E7-FAD0-4FF3-A100-EE1EA1DAEA91}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{3B811D78-4C21-4518-8E3B-8DE4E0A3698F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C14BA5E-D9E3-4484-A5F3-B38B4CF1AB24}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C2208BF-3539-4F32-A283-DA55AE06CEE7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{447596CF-2649-4A2A-8D3F-990E107CFD95}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{45B0E269-BAFB-41C9-B7E0-861FFAFC688F}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{462F838A-01C2-4580-B898-8E5177A9CD5B}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{4684AC61-7211-4C75-A1B2-72FF92569B90}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{48DE7859-9972-4F22-BA44-9F97DC945A04}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{493FA41B-FE9E-4A3B-B0AF-19206F68AA50}" = protocol=17 | dir=in | app=c:\troopmaster software\tm4\troopmaster.exe |
"{4AB419F3-6DFB-4C9F-9B24-AB009097A0B6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{4C194E13-290F-4DF9-9380-BA4789F34515}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4E610191-8C53-4F09-ADAC-6C12D3760DDA}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{58B45CC4-DAB3-49A4-BBFA-4F070629A456}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A926682-1155-49DF-A09D-E6DE950B5043}" = protocol=17 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{60213829-12F7-4CCC-BC29-71F6E3AB020A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{60D017E5-5E0E-4B29-85E3-5196A5F8514E}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{61D08C50-F9B7-4816-8A85-DEF2A907D421}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{636D309E-58CE-494E-8CEB-19386BC9C9B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64B71181-6698-4168-A450-7775EFF50EB0}" = protocol=17 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{66B73F25-45DF-4B2D-96B2-F766DBDF6B53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66E78FE5-D277-4575-87D9-BB13CEA48D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{68EB63A0-82FD-419C-85A2-158F9DE7A1E2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{72BE17CB-41FD-495D-8B5F-0744F43E2A26}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{767D1DED-9E74-4591-97D4-9C96312DCC86}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{82702E27-C6E9-43DA-B273-AB737FB051B9}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{85996F60-4794-49FD-A262-63D5CB6E474D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{91C66697-6FA0-4954-9CA3-4DF1ABFD79D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{933B616B-BCF6-4299-B8E9-5966FFAFA64A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{936B2044-63E0-4820-84EE-5DAA2ACBFC6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93AA7ED7-EAB7-4FC4-BDE5-B62B26209601}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{9C5DEE50-9D83-4EF4-AB22-1CCA704222EE}" = protocol=6 | dir=in | app=c:\troopmaster software\tm4\troopmaster.exe |
"{9D983345-6C87-47A2-B5AE-2367C2C8BFDC}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A1404935-1D52-4666-BA43-777273AB444D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A2BB1213-1167-48B6-83B9-64FB6008FEB7}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{A302EDF5-CFBD-4126-8327-D4A8E48AAC92}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{A39FBA84-AB78-4310-B7A6-74E830A90AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{A39FD49B-AA50-4555-AB8C-E0A56627C82D}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A69112EC-1856-4567-97AC-408FB52E9C45}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AD8497F6-F3D5-4E24-AD08-DBF52ACFA6E7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B002FA3A-C40F-4B99-BE88-3ED0B434E332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7FC8DB6-FFA5-42B7-ABC5-7A5A748CC61C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B9C7B97A-5175-453E-AF86-14B087280BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BAC47039-B13C-4157-B139-C9D5DA4C423A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{BBAA5B1F-1E5A-4913-8BC1-EF0A70ACF23E}" = protocol=58 | dir=in | [email protected],-28545 |
"{BF81FB7E-F7A5-4E5C-8715-1115D535A742}" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{C2967A10-51E5-4399-AE8C-BC5F042B4DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C4AE2F90-60B6-4ECA-8106-C60CC725FDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C5F20644-5339-4E95-8B46-8A4160997543}" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda security toolbar\dtuser.exe |
"{C7D6F72A-95D4-428B-B3E9-77B0E1C0CB23}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark pro700 series\lxeefax.exe |
"{C7DE3202-833C-4061-806D-E125BF58B8D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD1F61EC-72DC-43B2-AF48-070ACB2DCB12}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{D16F3CB4-77F3-4F4B-A369-7091A649F78E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |
"{D261B395-6831-4B65-B6C5-BDB2610F84E9}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{D7AEB7E9-16EC-4283-8C8F-462778279201}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E10475FE-2B1B-49BC-A417-64F54B711D5B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E62BAD9F-703B-4B0E-B054-3BDBDD9907CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E73681C1-0590-48E2-9503-60DBCC6654B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E88D7ED0-28AD-4883-B848-6533974CBA6F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE3883F6-A7BC-44D2-9D75-1B670E68B96C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EF8EB8C1-C865-4F0F-B656-503558CD2946}" = protocol=6 | dir=in | app=c:\program files (x86)\pandasecuritytb\dtuser.exe |
"{FB90E89E-8403-4753-B47D-9AEE38BA8422}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{DEDAFFC0-F8C9-48D6-9E18-933E551DF43A}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"TCP Query User{E6311A27-F757-443E-A8FD-0A6EC1924DD0}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{55F476F8-FCA6-4132-B025-69F8AD7B107C}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{C3C38F2F-D1D4-4254-8368-A33A3CAFABB4}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{2BF53A9A-EC11-4429-B29D-19A9276092EF}" = HP LaserJet Toolbox
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A945B7E-4F69-4DDA-B14B-E4DE8446A010}" = MrvlUsgTracking64
"{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}" = COMODO System Utilities
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{CC81CD6C-C2B3-4EE5-A11B-5E9A9B5941DF}" = COMODO Cloud Scanner
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{F323676A-B911-4B57-827F-32D02DCD4971}" = HP Color LaserJet CP1210 Series Toolbox
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo for Android ( Version 3.1.0 )
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.16
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1" = Wondershare Application Center 1.0.0.58
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 4.0.1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5DF93B9-89DF-40AF-BD79-B172B27AC977}" = GeekBuddy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.47
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{F6F52B12-65B1-46BB-9EAE-07BEE2B7E7FD}_is1" = OA LodgeMaster Desktop 2.0
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FB9C1550-C380-11E0-6784-0B93E74E18BE}" = TroopMaster
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo IceDragon" = Comodo IceDragon
"COMODO livePCsupport" = COMODO livePCsupport
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2938952305-4017093605-1358745174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2013 10:08:37 PM | Computer Name = Eddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 10:36:00 AM | Computer Name = Eddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 3:27:39 PM | Computer Name = Eddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 3:40:15 PM | Computer Name = Eddy-PC | Source = VSS | ID = 8193
Description =

Error - 8/2/2013 5:34:35 PM | Computer Name = Eddy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 22.0.0.4917,
time stamp: 0x51c06ab5 Faulting module name: mozalloc.dll, version: 22.0.0.4917,
time stamp: 0x51c05025 Exception code: 0x80000003 Fault offset: 0x00001988 Faulting
process id: 0x990 Faulting application start time: 0x01ce8fbb2497aa55 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll Report Id: 53200b51-fbbb-11e2-b0e3-001f169ff0d1

Error - 8/2/2013 5:34:36 PM | Computer Name = Eddy-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 22.0.0.4917 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1710 Start
Time: 01ce8fbb0b351698 Termination Time: 437 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 3ee1b5e0-fbbb-11e2-b0e3-001f169ff0d1

Error - 8/2/2013 7:25:57 PM | Computer Name = Eddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2013 8:13:33 PM | Computer Name = Eddy-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 22.0.0.4917 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17c Start
Time: 01ce8fd84d653845 Termination Time: 166 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 8300a750-fbd1-11e2-92a0-001f169ff0d1

Error - 8/3/2013 11:14:21 AM | Computer Name = Eddy-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/3/2013 11:31:46 AM | Computer Name = Eddy-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 8/1/2013 9:46:24 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7034
Description = The COMODO LPS Launcher service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/1/2013 9:46:27 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7031
Description = The GeekBuddyRSP Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 8/1/2013 9:49:37 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 8/1/2013 10:08:41 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 8/2/2013 10:36:01 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 8/2/2013 10:37:32 AM | Computer Name = Eddy-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 8/2/2013 3:27:36 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 8/2/2013 7:25:57 PM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 8/3/2013 11:14:20 AM | Computer Name = Eddy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
CFRMD NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPOP3 NNSPROT NNSSMTP NNSSTRM NNSTLSC ssuhop

Error - 8/3/2013 11:25:38 AM | Computer Name = Eddy-PC | Source = bowser | ID = 8003
Description =


< End of report >

Farbar Service Scanner Version: 26-07-2013
Ran by Eddy (administrator) on 03-08-2013 at 12:03:43
Running from "C:\Users\Eddy\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by xppc, 03 August 2013 - 10:04 AM.

  • 0

#8
Teima
Posted 05 August 2013 - 02:32 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Step One

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"%systemroot%\system32\svchost.exe"=-
"%systemroot%\system32\spoolsv.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"c:\windows\system32\lxeecoms.exe"=-
"c:\windows\syswow64\muzapp.exe"=-

:Commands
[REBOOT]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.

Step Two

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Step Three

Adobe Flash Player Updates

You are currently using an outdated version of Adobe Flash Player. The latest version of Adobe Flash Player is 11.8.800.94

It's important that you update to the latest version of Adobe Flash Player as this will protect your computer from multiple security vulnerabilities which are present in later versions of Adobe Flash Player.

Please download the latest version from here.

Make sure you untick the box "Yes, install McAfee Security Scan Plus - optional" before downloading as this is regarded as foistware which we don't need.
  • 0

#9
xppc
Posted 05 August 2013 - 02:39 PM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
steps 2 and 3 done also..

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully.
c:\Program Files\Microsoft Security Client\msseces.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Panda Security URL Filtering deleted successfully.
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\%systemroot%\system32\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\%systemroot%\system32\spoolsv.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\c:\windows\system32\lxeecoms.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\c:\windows\syswow64\muzapp.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 08052013_162839

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
Teima
Posted 06 August 2013 - 06:40 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello xppc,

steps 2 and 3 done also..

Perfect and Perfect. How does your machine appear to be running at the moment? Are you facing any further issues? We're almost at the finish line. There's just a few further scans which need to be completed. :)

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outline in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advice you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to rectify this.

Step One

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:Files
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state on /c 

:Commands
[REBOOT]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.
Step Two

Malwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware. Once the program has loaded, select Perform Quick Scan, then click scan.
  • When the scan is complete, click OK, then show results to view the scan results.
  • If anything is found make sure that everything is checked, and then click remove selected.
  • Once the scan has completed, a log will open in Notepad and you may be prompted to restart.
  • Please note the log is automatically saved and can be viewed by clicking the logs tab within Malwarebytes.
  • Copy and paste the entire content of that report within your next response.
Step Three

ESET Online Scanner

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox. Before you commence it is important that you disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Remove found threats is Not checked
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Important: Please note that it's important to re-enable your Anti-Virus application after running the scan listed above.
  • 0

Advertisements

#11
xppc
Posted 07 August 2013 - 06:39 AM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
boot time is still slow (3-5 minutes), the desk top icons always refresh 3 times before total boot up is complete. the shutdown time is greatly different now, before i posted it was a 5-8 minutes process and now is is under a minute.

i did run the msfix program as requested

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Eddy\Desktop\cmd.bat deleted successfully.
C:\Users\Eddy\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Eddy\Desktop\cmd.bat deleted successfully.
C:\Users\Eddy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 08062013_222452

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Eddy :: EDDY-PC [administrator]

8/6/2013 10:36:56 PM
mbam-log-2013-08-06 (22-36-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244102
Time elapsed: 18 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

this was the only thin in the eset log file

C:\Users\Eddy\Downloads\FreeMp3WmaConverterSetup.exe Win32/Toolbar.SearchSuite application
  • 0

#12
Teima
Posted 08 August 2013 - 06:08 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello xppc,

Thanks for including those! I do see what's causing the boot issues and will address this should these next two scan results return as clean. I'm pleased to hear that the shutdown response times have been fixed. :)

Step One

Download aswMBR.exe (4.52MB) to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Step Two

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any <--- ROOKIT entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#13
xppc
Posted 09 August 2013 - 11:54 AM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-09 12:48:01
-----------------------------
12:48:01.985 OS Version: Windows x64 6.1.7601 Service Pack 1
12:48:01.985 Number of processors: 1 586 0x170A
12:48:01.987 ComputerName: EDDY-PC UserName: Eddy
12:48:03.436 Initialize success
12:49:56.522 AVAST engine defs: 13080901
12:53:47.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:53:47.437 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:53:47.557 Disk 0 MBR read successfully
12:53:47.557 Disk 0 MBR scan
12:53:47.704 Disk 0 Windows 7 default MBR code
12:53:47.740 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 12000 MB offset 2048
12:53:47.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 174450 MB offset 24578048
12:53:47.842 Disk 0 Partition - 00 05 Extended 118793 MB offset 381853694
12:53:47.885 Disk 0 Partition 3 00 83 Linux 114768 MB offset 381853696
12:53:47.925 Disk 0 Partition - 00 05 Extended 4025 MB offset 616898560
12:53:48.027 Disk 0 scanning C:\Windows\system32\drivers
12:54:13.648 Service scanning
12:55:16.970 Modules scanning
12:55:17.000 Disk 0 trace - called modules:
12:55:17.062 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
12:55:17.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005782410]
12:55:17.092 3 CLASSPNP.SYS[fffff88001acb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046dc050]
12:55:18.350 AVAST engine scan C:\Windows
12:55:30.517 AVAST engine scan C:\Windows\system32
13:06:36.308 AVAST engine scan C:\Windows\system32\drivers
13:07:08.304 AVAST engine scan C:\Users\Eddy
13:18:54.063 AVAST engine scan C:\ProgramData
13:26:11.341 Scan finished successfully
13:28:49.277 Disk 0 MBR has been saved successfully to "C:\Users\Eddy\Desktop\MBR.dat"
13:28:49.449 The log file has been saved successfully to "C:\Users\Eddy\Desktop\aswMBR.txt"

Attached File  gmer.txt   939.81KB   81 downloads
  • 0

#14
Teima
Posted 10 August 2013 - 06:39 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello Xppc. Please let me know how the boot issues are once the instructions below have been followed. :) This should rectify the issue.

Step One

Note - To install optional updates, you need to review and then select them from the list of updates that Windows finds for your computer. Optional updates are not installed automatically.

1. Open Windows Update by clicking the Start button of the Start button. In the search box, type Update, and then, in the list of results, click Windows Update.

2. In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

3. If you see a message telling you that important or optional updates are available, or telling you to review important or optional updates, click the message to view and select the important updates to install.

4. In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.

5. Click Install updates.

6. Read and accept the license terms, and then click Finish if the update requires it. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • 0

#15
xppc
Posted 10 August 2013 - 10:49 AM

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
Windows Malicious Software Removal Tool x64 - July 2013 (KB890830)

Update for Microsoft Security Essentials - 4.3.215.0 (KB2855265)

there are 5 more updates for windows 7 for x64 based system and security updates that fail to install (after multiple attempts and a couple reboots) due to "WindowsUpdate_80070003" "WindowsUpdate_dt000"

also the apple updater wants to update quick time and itunes.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP