Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD caused by viruses or malware [Solved]


  • This topic is locked This topic is locked

#1
xppc

xppc

    Member

  • Member
  • PipPipPip
  • 148 posts
this link is on the os forum
http://www.geekstogo...61#entry2322361

one moderator says some blue screen errors may have been caused by the comodo and or panda that i had installed on my mothers pc. another thinks it may be dues to malware issues also.

please review and get back to me then i can continue with the os forum to fix her pc

thanks
  • 0

Advertisements


#2
xppc

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
here is the otl file

OTL logfile created on: 8/14/2013 1:25:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bunny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 45.36% Memory free
4.16 Gb Paging File | 2.38 Gb Available in Paging File | 57.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Space | 357.19 Gb Free Space | 78.18% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.00 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: BUNNY-PC | User Name: Bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/14 13:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
PRC - [2013/08/09 12:58:56 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/05 14:44:33 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013/07/18 08:03:42 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/07/18 08:03:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/07/18 08:02:50 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/07/18 08:02:50 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2012/02/24 09:26:34 | 000,319,808 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\COMODO System Utilities\CSU_CLI.exe
PRC - [2012/02/24 09:26:28 | 000,261,952 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\COMODO System Utilities\CSUService.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/01 11:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/09 12:58:26 | 003,534,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/05 14:44:28 | 016,166,280 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/14 10:02:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4\System.Runtime.Remoting.ni.dll
MOD - [2013/07/14 10:02:42 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\632affb16da1970ae3d40574d7356977\System.EnterpriseServices.ni.dll
MOD - [2013/07/14 10:02:42 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\632affb16da1970ae3d40574d7356977\System.EnterpriseServices.Wrapper.dll
MOD - [2013/07/14 10:02:40 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b369565297de5b18e488962a43164f59\System.Transactions.ni.dll
MOD - [2013/07/14 10:01:50 | 000,262,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemStatus\1efb0da9dbc79760a72466f0310a6e21\SystemStatus.ni.dll
MOD - [2013/07/14 10:01:42 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\db573c76ddb3b19d9a1306c7263da98c\RemotingClient.ni.dll
MOD - [2013/07/14 10:01:30 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\e1b7c231b85523b57d0e50658aeb40cb\MessagingServer.ni.dll
MOD - [2013/07/14 10:01:28 | 000,054,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\4ca32b9865f74b6cc1a4f096a737a87a\MessagingMessages.ni.dll
MOD - [2013/07/14 10:01:26 | 000,017,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\c9ec83ea3865d8ef9f16063cec368d79\MessagingInterface.ni.dll
MOD - [2013/07/14 10:01:25 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\058d47d8c933b91f1c3ac2cfd445dd49\MessagingClients.ni.dll
MOD - [2013/07/14 10:01:22 | 000,087,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\InterfaceServices\514ea0fcd8efa224882fb8535f3627cc\InterfaceServices.ni.dll
MOD - [2013/07/14 10:01:20 | 001,842,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor\4746570a3410321fb9e3a7e6cbe84dc3\HPAdvisor.ni.exe
MOD - [2013/07/14 10:01:16 | 000,078,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor.Common.Wi#\53f6492f953bd58971549e7bd6e27ecf\HPAdvisor.Common.Windows.ni.dll
MOD - [2013/07/14 10:01:14 | 000,048,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Content\3497a0614df8a5973e9b6d6d72b89715\Content.ni.dll
MOD - [2013/07/14 10:01:09 | 000,058,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CeeWrtier\97ed93d6af2355b6384609ae34b94585\CeeWrtier.ni.dll
MOD - [2013/07/14 10:01:07 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BackWeb\b8a275fff5ddbbe6ee7f866bdd037ee1\BackWeb.ni.dll
MOD - [2013/07/14 10:01:00 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll
MOD - [2013/07/14 09:59:17 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll
MOD - [2013/07/14 09:58:41 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013/07/14 09:58:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013/07/14 09:58:11 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\40569a773af7fcc0d27e7557898a74b7\System.Data.ni.dll
MOD - [2013/07/14 09:57:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/14 09:57:53 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bab2502c8e4a46bd0bcf25a823f46873\PresentationFramework.ni.dll
MOD - [2013/07/14 09:57:34 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0351fcca879479a85f56ba3c22eca805\PresentationCore.ni.dll
MOD - [2013/07/14 09:57:20 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\2cea08523e7d42a72c7f7a9b79444ba4\WindowsBase.ni.dll
MOD - [2013/07/14 09:57:15 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013/07/14 09:56:35 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009/04/11 02:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2009/04/10 22:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 00:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/03/12 20:44:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll


========== Services (SafeList) ==========

SRV - [2013/08/09 12:58:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/05 14:44:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/07/18 08:03:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/07/18 08:02:57 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/07/18 08:02:50 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/24 09:26:28 | 000,261,952 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Comodo\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/08/08 14:27:06 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/07/18 08:03:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/07/18 08:03:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/07/08 16:59:45 | 000,583,448 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/06/18 11:15:58 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/06/18 11:15:57 | 000,043,216 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/06/18 11:15:55 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/03/06 16:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/30 19:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKLM\..\SearchScopes\{4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{76B34B95-A73F-4E23-873D-76B8129ABFF6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{F465010E-13BF-4A15-BE1B-5E5682102E8C}: "URL" = http://search.live.c...#38;FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{76B34B95-A73F-4E23-873D-76B8129ABFF6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{F465010E-13BF-4A15-BE1B-5E5682102E8C}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7BB821BF60-5C2D-41EB-92DC-3E4CCD3A22E4%7D:4.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "http://www.google.co...YX&ie=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/09 12:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/09 12:57:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/06 13:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Extensions
[2013/04/12 20:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions
[2013/04/12 20:01:15 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2013/04/12 17:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\staged
[2013/04/06 08:57:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\[email protected]
[2013/01/07 11:44:23 | 000,134,681 | ---- | M] () (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\[email protected]
[2013/04/06 08:57:28 | 000,002,308 | ---- | M] () -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\searchplugins\askcom.xml
[2013/08/09 12:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/09 12:59:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA4FA2A3-F289-43F3-8BAA-1C604E3FA7D4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/25 16:04:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/14 13:32:08 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/14 13:23:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
[2013/08/13 17:24:54 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\DriverCure
[2013/08/13 17:24:52 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\SpeedyPC Software
[2013/08/13 17:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/08/13 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\OnlineArmor
[2013/08/13 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2013/08/13 13:21:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/12 15:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2013/08/12 15:13:13 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2013/08/12 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2013/08/12 14:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/08/12 14:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/12 14:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/08/12 14:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/08/12 14:21:54 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\Avira
[2013/08/12 14:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/08/12 14:00:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/08/12 14:00:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/08/12 14:00:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/08/12 14:00:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/08/12 14:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/08/12 14:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/08/09 12:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\WinRAR
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/08/09 12:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/08/09 12:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/08/09 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/09 12:24:53 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Bunny\Desktop\MiniToolBox.exe
[2013/08/09 12:17:41 | 000,000,000 | ---D | C] -- C:\Users\Bunny\Desktop\Autoruns
[2013/08/08 14:27:06 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/08/08 14:27:05 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Local\eSupport.com
[2013/08/06 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\WinBatch
[2013/08/05 12:30:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/31 14:02:05 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Local\Comodo
[2013/07/31 14:01:41 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[1 C:\Users\Bunny\Documents\*.tmp files -> C:\Users\Bunny\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/14 13:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 13:34:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/14 13:29:24 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/08/14 13:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
[2013/08/14 13:10:32 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/14 13:10:26 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/14 13:09:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 13:09:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 13:09:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 13:09:27 | 2078,703,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/14 12:33:22 | 000,001,294 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN0B933GB005HW.job
[2013/08/12 14:56:38 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/08/12 14:01:10 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/12 13:09:21 | 000,355,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/11 12:51:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/09 14:17:52 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/09 14:17:52 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/09 12:55:58 | 001,517,376 | ---- | M] () -- C:\Users\Bunny\Desktop\wrar420.exe
[2013/08/09 12:32:51 | 001,110,476 | ---- | M] () -- C:\Users\Bunny\Desktop\7z920.exe
[2013/08/09 12:25:06 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Bunny\Desktop\MiniToolBox.exe
[2013/08/09 12:16:13 | 000,550,371 | ---- | M] () -- C:\Users\Bunny\Desktop\Autoruns.zip
[2013/08/08 15:09:52 | 000,000,326 | ---- | M] () -- C:\Users\Bunny\Desktop\HP Printer Diagnostic Tools.url
[2013/08/08 14:43:12 | 000,003,612 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/08/08 14:27:06 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/08/07 11:23:09 | 195,257,315 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/06 12:24:55 | 000,367,096 | ---- | M] () -- C:\Users\Bunny\Documents\Aug 5 2013 scan.pdf
[2013/08/05 14:44:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/05 14:44:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/01 09:42:40 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/07/31 15:11:42 | 000,005,993 | ---- | M] () -- C:\Users\Bunny\Documents\The Graduating Clas1.odt
[2013/07/31 14:02:16 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/31 08:50:23 | 000,006,000 | ---- | M] () -- C:\Users\Bunny\Documents\The Graduating Class.odt
[2013/07/29 14:28:35 | 000,005,826 | ---- | M] () -- C:\Users\Bunny\Documents\The Presiden2.odt
[2013/07/29 14:28:17 | 000,005,826 | ---- | M] () -- C:\Users\Bunny\Documents\The Presiden1.odt
[2013/07/29 14:19:35 | 000,005,862 | ---- | M] () -- C:\Users\Bunny\Documents\The President.odt
[2013/07/18 08:03:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/07/18 08:03:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Users\Bunny\Documents\*.tmp files -> C:\Users\Bunny\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/13 16:48:18 | 2078,703,616 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/12 15:13:13 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2013/08/12 15:13:11 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2013/08/12 14:56:38 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/08/12 14:01:10 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/09 12:55:39 | 001,517,376 | ---- | C] () -- C:\Users\Bunny\Desktop\wrar420.exe
[2013/08/09 12:32:43 | 001,110,476 | ---- | C] () -- C:\Users\Bunny\Desktop\7z920.exe
[2013/08/09 12:16:20 | 000,550,371 | ---- | C] () -- C:\Users\Bunny\Desktop\Autoruns.zip
[2013/08/08 15:09:52 | 000,000,326 | ---- | C] () -- C:\Users\Bunny\Desktop\HP Printer Diagnostic Tools.url
[2013/08/07 11:23:09 | 195,257,315 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/08/06 12:24:51 | 000,367,096 | ---- | C] () -- C:\Users\Bunny\Documents\Aug 5 2013 scan.pdf
[2013/07/31 15:11:26 | 000,005,993 | ---- | C] () -- C:\Users\Bunny\Documents\The Graduating Clas1.odt
[2013/07/31 14:02:16 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/31 08:50:19 | 000,006,000 | ---- | C] () -- C:\Users\Bunny\Documents\The Graduating Class.odt
[2013/07/29 14:28:31 | 000,005,826 | ---- | C] () -- C:\Users\Bunny\Documents\The Presiden2.odt
[2013/07/29 14:27:53 | 000,005,826 | ---- | C] () -- C:\Users\Bunny\Documents\The Presiden1.odt
[2013/07/29 14:19:15 | 000,005,862 | ---- | C] () -- C:\Users\Bunny\Documents\The President.odt
[2013/06/19 16:25:28 | 000,003,612 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/04/06 08:57:32 | 000,000,045 | ---- | C] () -- C:\Users\Bunny\jagex_cl_runescape_LIVE1.dat
[2013/04/06 08:49:48 | 000,000,046 | ---- | C] () -- C:\Users\Bunny\jagex_cl_loginapplet_LIVE.dat
[2013/04/06 08:47:04 | 000,000,044 | ---- | C] () -- C:\Users\Bunny\jagex_cl_runescape_LIVE.dat
[2013/04/06 08:47:04 | 000,000,001 | ---- | C] () -- C:\Users\Bunny\random.dat
[2012/12/01 21:38:19 | 000,000,102 | ---- | C] () -- C:\Users\Bunny\AppData\Roaming\wklnhst.dat
[2012/11/03 15:24:32 | 000,000,680 | ---- | C] () -- C:\Users\Bunny\AppData\Local\d3d9caps.dat
[2012/09/29 21:11:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/09/02 08:29:26 | 000,028,768 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2012/09/02 08:29:26 | 000,024,670 | ---- | C] () -- C:\Windows\System32\java.exe
[2012/08/17 14:21:22 | 000,003,584 | ---- | C] () -- C:\Users\Bunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 18:23:11 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/04/08 20:03:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/04/08 17:16:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/08 17:16:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/08 16:02:39 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/04/08 14:06:58 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/04/08 14:06:55 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2013/08/12 13:43:17 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3041152475-4148000325-232644240-1000\$I0C9O4F.n
[2013/08/12 13:43:17 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3041152475-4148000325-232644240-1000\$IN6UU28.n
[2013/08/12 13:43:17 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3041152475-4148000325-232644240-1000\$IY5CZCI.n
[2013/08/09 12:26:25 | 000,000,002 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3041152475-4148000325-232644240-1000\$R0C9O4F.n
[2013/08/12 13:15:31 | 000,367,194 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3041152475-4148000325-232644240-1000\$RN6UU28.n
[2013/08/12 13:09:50 | 000,000,002 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3041152475-4148000325-232644240-1000\$RY5CZCI.n
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 457 bytes -> C:\Users\Bunny\Documents\Step 4.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#3
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

While I'm analyzing the OTL log you have posted, could you please look on your desktop for a file called Extras.txt and post it's contents?
  • 0

#4
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
There are some signs of infection on your OTL log, so let's get rid of those and we will see if the BSOD's continue. Don't worry about posting the Extras.txt I asked for previously, a new one will be created in Step 2 of these instructions.

Step 1 - Run RogueKiller

  • Download RogueKiller and save it on your desktop.
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2 - OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run[/color]
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
[2013/08/13 17:24:54 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\DriverCure
[2013/08/13 17:24:52 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\SpeedyPC Software
[2013/08/13 17:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

:Commands
[emptytemp]

2. Please re-open OTL on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again:
  • Please check the box next to Scan All Users
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. RogueKiller Logs
2. OTL Fix Log
3. New OTL Log with Custom Scan
4. OTL Extras.txt
  • 0

#5
xppc

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Remove -- Date : 08/15/2013 11:49:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x8264CF95 -> HOOKED (Unknown @ 0x8DC4AFBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8265F132 -> HOOKED (Unknown @ 0x8DC4AFC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826AE2CF -> HOOKED (Unknown @ 0x8DC4AFC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x825DB027 -> HOOKED (Unknown @ 0x8DC4AFCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x82613EE9 -> HOOKED (Unknown @ 0x8DC4AFD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x8260C16B -> HOOKED (Unknown @ 0x8DC4AF5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DC4AFE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DC4AFEB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 38e6c304ef4817dd1ff2336844a8566c
[BSP] 4575be89abc48c66a052a1f9056ab39c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958220288 | Size: 9057 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_08152013_114954.txt >>
RKreport[0]_S_08152013_114934.txt


RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Scan -- Date : 08/15/2013 11:49:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x8264CF95 -> HOOKED (Unknown @ 0x8DC4AFBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8265F132 -> HOOKED (Unknown @ 0x8DC4AFC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826AE2CF -> HOOKED (Unknown @ 0x8DC4AFC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x825DB027 -> HOOKED (Unknown @ 0x8DC4AFCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x82613EE9 -> HOOKED (Unknown @ 0x8DC4AFD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x8260C16B -> HOOKED (Unknown @ 0x8DC4AF5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DC4AFE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DC4AFEB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 38e6c304ef4817dd1ff2336844a8566c
[BSP] 4575be89abc48c66a052a1f9056ab39c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958220288 | Size: 9057 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08152013_114934.txt >>




RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Scan -- Date : 08/15/2013 11:49:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x8264CF95 -> HOOKED (Unknown @ 0x8DC4AFBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8265F132 -> HOOKED (Unknown @ 0x8DC4AFC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826AE2CF -> HOOKED (Unknown @ 0x8DC4AFC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x825DB027 -> HOOKED (Unknown @ 0x8DC4AFCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x82613EE9 -> HOOKED (Unknown @ 0x8DC4AFD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x8260C16B -> HOOKED (Unknown @ 0x8DC4AF5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DC4AFE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DC4AFEB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 38e6c304ef4817dd1ff2336844a8566c
[BSP] 4575be89abc48c66a052a1f9056ab39c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958220288 | Size: 9057 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08152013_114934.txt >>



RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/15/2013 11:50:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 9 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 18 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_SC_08152013_115039.txt >>
RKreport[0]_D_08152013_114954.txt;RKreport[0]_S_08152013_114934.txt

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Bunny\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bunny
->Temp folder emptied: 452851070 bytes
->Temporary Internet Files folder emptied: 9227846 bytes
->Java cache emptied: 4159117 bytes
->FireFox cache emptied: 206868038 bytes
->Apple Safari cache emptied: 91047936 bytes
->Flash cache emptied: 5439 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166806541 bytes
RecycleBin emptied: 1083294153 bytes

Total Files Cleaned = 1,921.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08152013_115409

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 8/15/2013 12:18:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bunny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.97% Memory free
4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Space | 351.32 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.00 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: BUNNY-PC | User Name: Bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/14 13:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
PRC - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013/07/18 08:03:42 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/07/18 08:03:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/07/18 08:03:17 | 000,111,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2013/07/18 08:02:50 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/07/18 08:02:50 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2012/04/24 20:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/01 11:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 04:45:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:45:15 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 04:45:15 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 04:45:12 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/08/15 04:44:08 | 000,262,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemStatus\1c77e8eb60d059ebafaee4291a881e8f\SystemStatus.ni.dll
MOD - [2013/08/15 04:43:51 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\e5cb10a318cf99b791498ac87d55e6f6\MessagingServer.ni.dll
MOD - [2013/08/15 04:43:49 | 000,054,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\3a7a55472bd663b78f3e99826b2e433b\MessagingMessages.ni.dll
MOD - [2013/08/15 04:43:46 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\2fe48d7717105fd8e75f4a40e439d905\MessagingClients.ni.dll
MOD - [2013/08/15 04:43:44 | 000,087,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\InterfaceServices\ebca55adb3b8c582b4d74cadc2054c9a\InterfaceServices.ni.dll
MOD - [2013/08/15 04:43:41 | 001,842,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor\e6d41f1bdf6bb3f2c8e9fbca26afa10e\HPAdvisor.ni.exe
MOD - [2013/08/15 04:43:37 | 000,078,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor.Common.Wi#\a304f657d2ac338cc2b49a9154185b3e\HPAdvisor.Common.Windows.ni.dll
MOD - [2013/08/15 04:43:34 | 000,048,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Content\591a99271df5dafe80e4aa208341f3da\Content.ni.dll
MOD - [2013/08/15 04:43:32 | 000,058,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CeeWrtier\3d6cd6a2d7b553ea91ed4b7eb9fa61f8\CeeWrtier.ni.dll
MOD - [2013/08/15 04:43:30 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BackWeb\185748f428e46d7e1ec1bc89587a775b\BackWeb.ni.dll
MOD - [2013/08/15 04:43:22 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
MOD - [2013/08/15 04:41:22 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 04:40:42 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
MOD - [2013/08/15 04:40:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 04:39:43 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/15 04:39:22 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1907eca427f3b8a0b672d7582427bace\PresentationFramework.ni.dll
MOD - [2013/08/15 04:38:51 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a42ae90abfc074ec34aac50353324f66\PresentationCore.ni.dll
MOD - [2013/08/15 04:38:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e887556e2e663db3f545345d634e125b\WindowsBase.ni.dll
MOD - [2013/08/15 04:38:21 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/08/05 14:44:28 | 016,166,280 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/14 10:01:42 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\db573c76ddb3b19d9a1306c7263da98c\RemotingClient.ni.dll
MOD - [2013/07/14 10:01:26 | 000,017,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\c9ec83ea3865d8ef9f16063cec368d79\MessagingInterface.ni.dll
MOD - [2013/07/14 09:57:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/14 09:56:35 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/04/24 20:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 20:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\libxml2.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009/04/11 02:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2009/04/10 22:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 00:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/03/12 20:44:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll


========== Services (SafeList) ==========

SRV - [2013/08/09 12:58:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/05 14:44:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/07/18 08:03:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/07/18 08:02:57 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/07/18 08:02:50 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/24 09:26:28 | 000,261,952 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Comodo\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/08/08 14:27:06 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/07/18 08:03:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/07/18 08:03:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/07/08 16:59:45 | 000,583,448 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/06/18 11:15:58 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/06/18 11:15:57 | 000,043,216 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/06/18 11:15:55 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/03/06 16:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/30 19:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKLM\..\SearchScopes\{4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{76B34B95-A73F-4E23-873D-76B8129ABFF6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{F465010E-13BF-4A15-BE1B-5E5682102E8C}: "URL" = http://search.live.c...#38;FORM=HVDUS7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{76B34B95-A73F-4E23-873D-76B8129ABFF6}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{F465010E-13BF-4A15-BE1B-5E5682102E8C}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7BB821BF60-5C2D-41EB-92DC-3E4CCD3A22E4%7D:4.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "http://www.google.co...YX&ie=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/09 12:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/09 12:57:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/06 13:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Extensions
[2013/04/12 20:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions
[2013/04/12 20:01:15 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2013/04/12 17:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\staged
[2013/04/06 08:57:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\[email protected]
[2013/01/07 11:44:23 | 000,134,681 | ---- | M] () (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\[email protected]
[2013/04/06 08:57:28 | 000,002,308 | ---- | M] () -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\searchplugins\askcom.xml
[2013/08/09 12:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/09 12:59:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA4FA2A3-F289-43F3-8BAA-1C604E3FA7D4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/25 16:04:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 11:54:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/15 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Bunny\Desktop\RK_Quarantine
[2013/08/15 03:06:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 03:06:30 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 03:06:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 03:06:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 03:06:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 03:06:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 03:06:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 21:04:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 21:04:22 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 21:04:21 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2013/08/14 13:23:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
[2013/08/12 14:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/08/12 14:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/12 14:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/08/12 14:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/08/12 14:21:54 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\Avira
[2013/08/12 14:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/08/12 14:00:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/08/12 14:00:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/08/12 14:00:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/08/12 14:00:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/08/12 14:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/08/12 14:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/08/09 12:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\WinRAR
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/08/09 12:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/08/09 12:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/08/09 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/09 12:24:53 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Bunny\Desktop\MiniToolBox.exe
[2013/08/09 12:17:41 | 000,000,000 | ---D | C] -- C:\Users\Bunny\Desktop\Autoruns
[2013/08/08 14:27:06 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/08/08 14:27:05 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Local\eSupport.com
[2013/08/06 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\WinBatch
[2013/08/05 12:30:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/31 14:02:05 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Local\Comodo
[2013/07/31 14:01:41 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[1 C:\Users\Bunny\Documents\*.tmp files -> C:\Users\Bunny\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 12:15:25 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/08/15 12:09:22 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/15 12:07:09 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/15 12:06:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:06:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:06:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 12:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 12:05:30 | 2078,740,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 11:40:49 | 000,920,576 | ---- | M] () -- C:\Users\Bunny\Desktop\RogueKiller.exe
[2013/08/15 04:34:29 | 000,001,294 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN0B933GB005HW.job
[2013/08/15 03:13:06 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 03:13:06 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 13:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
[2013/08/12 14:56:38 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/08/12 14:01:10 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/12 13:09:21 | 000,355,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/11 12:51:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/09 12:55:58 | 001,517,376 | ---- | M] () -- C:\Users\Bunny\Desktop\wrar420.exe
[2013/08/09 12:32:51 | 001,110,476 | ---- | M] () -- C:\Users\Bunny\Desktop\7z920.exe
[2013/08/09 12:25:06 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Bunny\Desktop\MiniToolBox.exe
[2013/08/09 12:16:13 | 000,550,371 | ---- | M] () -- C:\Users\Bunny\Desktop\Autoruns.zip
[2013/08/08 15:09:52 | 000,000,326 | ---- | M] () -- C:\Users\Bunny\Desktop\HP Printer Diagnostic Tools.url
[2013/08/08 14:43:12 | 000,003,612 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/08/08 14:27:06 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/08/07 11:23:09 | 195,257,315 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/06 12:24:55 | 000,367,096 | ---- | M] () -- C:\Users\Bunny\Documents\Aug 5 2013 scan.pdf
[2013/08/05 14:44:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/05 14:44:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/01 09:42:40 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/07/31 15:11:42 | 000,005,993 | ---- | M] () -- C:\Users\Bunny\Documents\The Graduating Clas1.odt
[2013/07/31 14:02:16 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/31 08:50:23 | 000,006,000 | ---- | M] () -- C:\Users\Bunny\Documents\The Graduating Class.odt
[2013/07/29 14:28:35 | 000,005,826 | ---- | M] () -- C:\Users\Bunny\Documents\The Presiden2.odt
[2013/07/29 14:28:17 | 000,005,826 | ---- | M] () -- C:\Users\Bunny\Documents\The Presiden1.odt
[2013/07/29 14:19:35 | 000,005,862 | ---- | M] () -- C:\Users\Bunny\Documents\The President.odt
[2013/07/24 22:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/24 22:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/24 22:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/24 22:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/24 22:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/24 22:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/24 22:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/24 22:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/18 08:03:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/07/18 08:03:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/07/17 15:41:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Users\Bunny\Documents\*.tmp files -> C:\Users\Bunny\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/15 11:40:33 | 000,920,576 | ---- | C] () -- C:\Users\Bunny\Desktop\RogueKiller.exe
[2013/08/13 16:48:18 | 2078,740,480 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/12 14:56:38 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/08/12 14:01:10 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/09 12:55:39 | 001,517,376 | ---- | C] () -- C:\Users\Bunny\Desktop\wrar420.exe
[2013/08/09 12:32:43 | 001,110,476 | ---- | C] () -- C:\Users\Bunny\Desktop\7z920.exe
[2013/08/09 12:16:20 | 000,550,371 | ---- | C] () -- C:\Users\Bunny\Desktop\Autoruns.zip
[2013/08/08 15:09:52 | 000,000,326 | ---- | C] () -- C:\Users\Bunny\Desktop\HP Printer Diagnostic Tools.url
[2013/08/07 11:23:09 | 195,257,315 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/08/06 12:24:51 | 000,367,096 | ---- | C] () -- C:\Users\Bunny\Documents\Aug 5 2013 scan.pdf
[2013/07/31 15:11:26 | 000,005,993 | ---- | C] () -- C:\Users\Bunny\Documents\The Graduating Clas1.odt
[2013/07/31 14:02:16 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/31 08:50:19 | 000,006,000 | ---- | C] () -- C:\Users\Bunny\Documents\The Graduating Class.odt
[2013/07/29 14:28:31 | 000,005,826 | ---- | C] () -- C:\Users\Bunny\Documents\The Presiden2.odt
[2013/07/29 14:27:53 | 000,005,826 | ---- | C] () -- C:\Users\Bunny\Documents\The Presiden1.odt
[2013/07/29 14:19:15 | 000,005,862 | ---- | C] () -- C:\Users\Bunny\Documents\The President.odt
[2013/06/19 16:25:28 | 000,003,612 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/04/06 08:57:32 | 000,000,045 | ---- | C] () -- C:\Users\Bunny\jagex_cl_runescape_LIVE1.dat
[2013/04/06 08:49:48 | 000,000,046 | ---- | C] () -- C:\Users\Bunny\jagex_cl_loginapplet_LIVE.dat
[2013/04/06 08:47:04 | 000,000,044 | ---- | C] () -- C:\Users\Bunny\jagex_cl_runescape_LIVE.dat
[2013/04/06 08:47:04 | 000,000,001 | ---- | C] () -- C:\Users\Bunny\random.dat
[2012/12/01 21:38:19 | 000,000,102 | ---- | C] () -- C:\Users\Bunny\AppData\Roaming\wklnhst.dat
[2012/11/03 15:24:32 | 000,000,680 | ---- | C] () -- C:\Users\Bunny\AppData\Local\d3d9caps.dat
[2012/09/29 21:11:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/09/02 08:29:26 | 000,028,768 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2012/09/02 08:29:26 | 000,024,670 | ---- | C] () -- C:\Windows\System32\java.exe
[2012/08/17 14:21:22 | 000,003,584 | ---- | C] () -- C:\Users\Bunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 18:23:11 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/04/08 20:03:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/04/08 17:16:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/08 17:16:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/08 16:02:39 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/04/08 14:06:58 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/04/08 14:06:55 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2012/04/06 18:28:17 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2012/04/06 18:08:18 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2012/04/06 17:29:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/04/06 17:29:25 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012/04/06 17:29:24 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2012/04/06 18:30:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2012/04/06 18:30:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/04/06 17:29:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2012/04/08 15:44:39 | 000,001,688 | ---- | M] () MD5=C184B00931F4BB2B1DACF210A6810EC8 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/04/08 15:44:39 | 000,001,688 | ---- | M] () MD5=C184B00931F4BB2B1DACF210A6810EC8 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 00CB-633B
Directory of C:\
04/06/2012 11:43 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\ProgramData]
04/06/2012 11:43 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
04/06/2012 11:43 AM <JUNCTION> Documents [C:\Users\Public\Documents]
04/06/2012 11:43 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
04/06/2012 11:43 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
04/06/2012 11:43 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
04/06/2012 11:43 AM <SYMLINKD> All Users [C:\ProgramData]
04/06/2012 11:43 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\ProgramData]
04/06/2012 11:43 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
04/06/2012 11:43 AM <JUNCTION> Documents [C:\Users\Public\Documents]
04/06/2012 11:43 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
04/06/2012 11:43 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
04/06/2012 11:43 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bunny
04/06/2012 11:48 AM <JUNCTION> Application Data [C:\Users\Bunny\AppData\Roaming]
04/06/2012 11:48 AM <JUNCTION> Cookies [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Cookies]
04/06/2012 11:48 AM <JUNCTION> Local Settings [C:\Users\Bunny\AppData\Local]
04/06/2012 11:48 AM <JUNCTION> My Documents [C:\Users\Bunny\Documents]
04/06/2012 11:48 AM <JUNCTION> NetHood [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/06/2012 11:48 AM <JUNCTION> PrintHood [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/06/2012 11:48 AM <JUNCTION> Recent [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Recent]
04/06/2012 11:48 AM <JUNCTION> SendTo [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\SendTo]
04/06/2012 11:48 AM <JUNCTION> Start Menu [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Start Menu]
04/06/2012 11:48 AM <JUNCTION> Templates [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bunny\AppData\Local
04/06/2012 11:48 AM <JUNCTION> Application Data [C:\Users\Bunny\AppData\Local]
04/06/2012 11:48 AM <JUNCTION> History [C:\Users\Bunny\AppData\Local\Microsoft\Windows\History]
04/06/2012 11:48 AM <JUNCTION> Temporary Internet Files [C:\Users\Bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Bunny\Documents
04/06/2012 11:48 AM <JUNCTION> My Music [C:\Users\Bunny\Music]
04/06/2012 11:48 AM <JUNCTION> My Pictures [C:\Users\Bunny\Pictures]
04/06/2012 11:48 AM <JUNCTION> My Videos [C:\Users\Bunny\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
04/06/2012 11:43 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
04/06/2012 11:43 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
04/06/2012 11:43 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
04/06/2012 11:43 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/06/2012 11:43 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/06/2012 11:43 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
04/06/2012 11:43 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
04/06/2012 11:43 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
04/06/2012 11:43 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
04/06/2012 11:43 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
04/06/2012 11:43 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
04/06/2012 11:43 AM <JUNCTION> My Music [C:\Users\Default\Music]
04/06/2012 11:43 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
04/06/2012 11:43 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
04/06/2012 11:43 AM <JUNCTION> My Music [C:\Users\Public\Music]
04/06/2012 11:43 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
04/06/2012 11:43 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 375,646,212,096 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 457 bytes -> C:\Users\Bunny\Documents\Step 4.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
OTL Extras logfile created on: 8/15/2013 12:18:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bunny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.97% Memory free
4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Space | 351.32 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.00 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: BUNNY-PC | User Name: Bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F55F775-82DA-44BE-8B19-BD77FB967E5A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5041FC41-A99D-433A-B742-0E70F22DCB14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E1646ED-C217-4CAF-8CD4-A955DA0A0C36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEF48999-5633-4132-B6E9-9D03AB99F02B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FE03A9-7D68-454B-B9D7-18F43CE0B655}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{17843E27-FCDC-4027-90AD-11DFD00F8D9B}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\tvnserver.exe |
"{1E11E7AC-42FC-4EEC-89FE-4DBCC7FA1154}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{1E8A7684-410C-424D-9CA2-3FFC378F6CDF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{229B372C-AB8C-4857-A2BB-B5D2EC8530AB}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{30941088-36C1-411E-A586-62B3B9AF8A5C}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{385BAF4E-9517-4192-B6E0-C0823DF9F2F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3D8E0F79-4C02-41D5-AB09-27A20CD45DD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50A95A20-6030-4C01-90BB-8BB5AF0C9EE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C5D5A0E-595D-4843-BF2C-FBC5B84475AE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8659D548-7FD8-4070-B070-958DE5BB7F34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CE02C78-8F9E-4599-9B16-B5731E55C0EA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A56EA6F5-BDC0-4A80-9829-16C8A5D3B114}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{AD250CA9-341D-425D-8054-6F88C7C42705}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B0D2A186-55E8-4D35-987A-B138EAFADF94}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{B2510214-A377-4CE1-A994-FF5436349D32}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B346EC56-3275-4E9D-838D-9C4D8B063C75}" = protocol=6 | dir=in | app=c:\program files\pandasecuritytb\dtuser.exe |
"{B5724181-7B76-46F1-AFEF-8E4C44273C91}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{B622F6DD-9D55-4E8E-B1AC-4901B75A509A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{B909C03B-8E42-4AD8-BC2C-320399E4B2B2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BCF1D1CB-D897-48FF-9A5D-435A2B344E4E}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\tvnserver.exe |
"{D36B3F46-3B87-4906-82D7-000BACBDD99F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DF5B92F9-CE93-405E-8E9A-2021B0002CC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E426037A-CAF2-4FEE-BFDB-621E3B9332D8}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{F2402BB7-59A6-4631-B4A6-A6345342E16C}" = protocol=17 | dir=in | app=c:\program files\pandasecuritytb\dtuser.exe |
"{FBE2ABFD-EB7B-4ACF-8000-99B4B45C07F2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}" = HP Deskjet 1050 J410 series Product Improvement Study
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}" = COMODO System Utilities
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}" = HP Deskjet 1050 J410 series Basic Device Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Comodo Dragon" = Comodo Dragon
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2013 2:33:37 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1046

Error - 1/28/2013 2:33:38 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2013 2:33:38 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2044

Error - 1/28/2013 2:33:38 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044

Error - 1/28/2013 2:33:39 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2013 2:33:39 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058

Error - 1/28/2013 2:33:39 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058

Error - 1/28/2013 2:33:40 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2013 2:33:40 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4072

Error - 1/28/2013 2:33:40 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4072

[ System Events ]
Error - 8/14/2013 1:10:40 PM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/14/2013 2:18:47 PM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2013 3:25:51 AM | Computer Name = Bunny-PC | Source = DCOM | ID = 10005
Description =

Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/15/2013 4:36:29 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/15/2013 11:54:11 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 8/15/2013 12:07:10 PM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

just in case i missed this one (may be repeat)


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Bunny\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bunny
->Temp folder emptied: 452851070 bytes
->Temporary Internet Files folder emptied: 9227846 bytes
->Java cache emptied: 4159117 bytes
->FireFox cache emptied: 206868038 bytes
->Apple Safari cache emptied: 91047936 bytes
->Flash cache emptied: 5439 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166806541 bytes
RecycleBin emptied: 1083294153 bytes

Total Files Cleaned = 1,921.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08152013_115409

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by xppc, 15 August 2013 - 11:14 AM.

  • 0

#6
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
A few more scans to make sure everything is gone.

Step 1 - MalwareBytes Scan

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2 - ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

Step 3 - Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. MalwareBytes Log
2. ESET Online Scan Log
3. Security Check Log (checkup.txt)
4. How is your computer running?
  • 0

#7
xppc

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
here is what you requested..


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bunny :: BUNNY-PC [administrator]

Protection: Enabled

8/16/2013 12:16:13 PM
mbam-log-2013-08-16 (12-16-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211594
Time elapsed: 25 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c366d03a5efb014da26dab3cf09b1d90
# engine=14803
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-16 05:37:15
# local_time=2013-08-16 01:37:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 95 0 146402740 0 0
# compatibility_mode=3074 16777213 100 3 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 213282163 0 0
# scanned=39514
# found=1
# cleaned=0
# scan_time=2665
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c366d03a5efb014da26dab3cf09b1d90
# engine=14806
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-16 09:11:03
# local_time=2013-08-16 05:11:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 95 0 146415568 0 0
# compatibility_mode=3074 16777213 100 3 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 213294991 0 0
# scanned=180959
# found=3
# cleaned=3
# scan_time=12564
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=AEC8EAC0C2A684EB8CA0C55FAE59D11F0E19439F ft=1 fh=b0b28a38659a8ae9 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bunny\Downloads\imf-setup.exe"
sh=BB39535DBD330EBB29CBDDCECED8AF7D16C7BEA8 ft=1 fh=0cbb8805b110d241 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Bunny\Downloads\KeyFinderInstaller.exe"

C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting (after the next restart) - quarantined
C:\Users\Bunny\Downloads\imf-setup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Bunny\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantined

Results of screen317's Security Check version 0.99.72
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Toolbar Cleaner 1.0
Panda Cloud Cleaner
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 19.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


it has been on the the last 48 hours with driver verifier running.. there have been no blue screen issues or other problems that were obvious
  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Congratulations and Good Work, It looks like your log is clean. :thumbsup:

From a malware standpoint, your system appears to be clean now. There are some recommended updates that need to be preformed and then we will remove the tools we've used.

Anti-malware programs You have multiple anti-malware programs on your system. It's okay to have more than one as long as just one of them is a real-time scanner. Make sure only one of the following programs is running at a time. SpywareBlaster, Malwarebytes Anti-Malware, Panda Cloud Cleaner, and Windows Defender.

The following updates are recommend because malware writers tend to use the weaknesses in the older versions to infection your computer.

  • Java - WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java See this article and this article. I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
  • Adobe Reader - Please download the most recent version of Adobe Reader here. Be sure to uncheck the box beside "Yes, install McAfee Security Scan Plus - optional
  • Mozilla Firefox - Please download the most recent version of Mozilla Firefox here.

Now for some final "housekeeping" procedures.

Step 1 Clear Old Restore Points

Create a new, clean System Restore point:
  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:

  • Next click Start >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.

Step 2 OTL Cleanup
  • Open OTL
  • Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

~~~~~~~~~~~~~~~~~~~~Anti Malware Protection ~~~~~~~~~~~~~~~~~~~~


MalwareBytes Anti-Malware This is an excellent Anti-Malware product. It offers free malware scanning, free malware removal, and free updates. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

~~~~~~~~~~~~~~~~~~~~Free Antivirus Protection ~~~~~~~~~~~~~~~~~~~~

Always make sure you have an antivirus program! If for some reason in the future you'd like to switch programs here are some recomendations: Microsoft Security Essentials or Avast! Antivirus both are FREE to use. Please remember that you can only have one Antivirus installed at a time.

~~~~~~~~~~~~~~~~~~~~Free Firewall Programs ~~~~~~~~~~~~~~~~~~~~


If for some reason in the future you'd like to switch, Comodo Personal Firewall and Sunbelt Personal Firewall are two good options for a FREE firewall to help protect your computer from any unwanted intruders.

~~~~~~~~~~~~~~~~~~~~Staying Updated ~~~~~~~~~~~~~~~~~~~~


Keeping your PC updated is important to protect yourself against future infections. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit. To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click here to find out how.

File Hippo Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link.

~~~~~~~~~~~~~~~~~~~~Alternate Browsers ~~~~~~~~~~~~~~~~~~~~


Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge add-on list.

Firefox - My personal choice, easy to use and has a large number of excellent add-ons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful add-ons that are worth having installed.

Google Chrome - Is another browser that's easy to use and is worth trying if you want to test out new browsers.

I will have this topic left open for the next 2 days, please let me know if you have anymore blue screen issues and we will see what else we can do to help.

Happy surfing! :wave:
  • 0

#9
xppc

xppc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 148 posts
i was unable to do the instructions on disabling java on ie. it kept freezing up when i tried touse the tools option. the home page keeps saying it didnt load and needed to revcover but going to different sites works ok.
under the article in the link of how did i get a virus in the first place i installed avira (i think this is the only active one with malware, spyware blaster and panda cloud cleaner needing to be manuall promptered to scan, if this is not the case let me know.

adobe was current
firefox had to be downloaded from the website because the update from the browser failed

i did disable drive verifier this morning as asked in the other forum but my mom said there was a blue screen on this morning, she did nothing and it returned to her normal desktop. how can i find out what that blue screen was?

thanks
  • 0

#10
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

i was unable to do the instructions on disabling java on ie. it kept freezing up when i tried touse the tools option. the home page keeps saying it didnt load and needed to revcover but going to different sites works ok.

If you are unable to disable it in your browser it is okay, it's just what we recommend. If you opt to keep Java as long as you make sure it is updated.

under the article in the link of how did i get a virus in the first place i installed avira (i think this is the only active one with malware, spyware blaster and panda cloud cleaner needing to be manuall promptered to scan, if this is not the case let me know.

As long as the others have to be prompted to scan then they are not real-time scanners. For typical use just one antivirus program and regular scans from one malware scanner are sufficient. I have Avira and MalwareBytes on one computer here at home and Avast and MalwareBytes on another and both are fine. :)

i did disable drive verifier this morning as asked in the other forum but my mom said there was a blue screen on this morning, she did nothing and it returned to her normal desktop. how can i find out what that blue screen was?

Since you originally started in the OS forum I would recommend going back to that topic and allowing them to continue now that we know your system is malware free. The helpers in the OS forum work more with chasing down blue screen issues that are not malware related.

thanks

You're welcome!
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP