RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.adlice.com/forum/Website :
http://www.adlice.co...es/roguekiller/Blog :
http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Remove -- Date : 08/15/2013 11:49:54
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x8264CF95 -> HOOKED (Unknown @ 0x8DC4AFBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8265F132 -> HOOKED (Unknown @ 0x8DC4AFC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826AE2CF -> HOOKED (Unknown @ 0x8DC4AFC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x825DB027 -> HOOKED (Unknown @ 0x8DC4AFCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x82613EE9 -> HOOKED (Unknown @ 0x8DC4AFD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x8260C16B -> HOOKED (Unknown @ 0x8DC4AF5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DC4AFE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DC4AFEB)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 38e6c304ef4817dd1ff2336844a8566c
[BSP] 4575be89abc48c66a052a1f9056ab39c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958220288 | Size: 9057 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_D_08152013_114954.txt >>
RKreport[0]_S_08152013_114934.txt
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.adlice.com/forum/Website :
http://www.adlice.co...es/roguekiller/Blog :
http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Scan -- Date : 08/15/2013 11:49:34
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x8264CF95 -> HOOKED (Unknown @ 0x8DC4AFBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8265F132 -> HOOKED (Unknown @ 0x8DC4AFC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826AE2CF -> HOOKED (Unknown @ 0x8DC4AFC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x825DB027 -> HOOKED (Unknown @ 0x8DC4AFCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x82613EE9 -> HOOKED (Unknown @ 0x8DC4AFD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x8260C16B -> HOOKED (Unknown @ 0x8DC4AF5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DC4AFE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DC4AFEB)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 38e6c304ef4817dd1ff2336844a8566c
[BSP] 4575be89abc48c66a052a1f9056ab39c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958220288 | Size: 9057 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_08152013_114934.txt >>
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.adlice.com/forum/Website :
http://www.adlice.co...es/roguekiller/Blog :
http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Scan -- Date : 08/15/2013 11:49:34
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[75] : NtCreateSection @ 0x8264CF95 -> HOOKED (Unknown @ 0x8DC4AFBE)
[Address] SSDT[276] : NtRequestWaitReplyPort @ 0x8265F132 -> HOOKED (Unknown @ 0x8DC4AFC8)
[Address] SSDT[289] : NtSetContextThread @ 0x826AE2CF -> HOOKED (Unknown @ 0x8DC4AFC3)
[Address] SSDT[314] : NtSetSecurityObject @ 0x825DB027 -> HOOKED (Unknown @ 0x8DC4AFCD)
[Address] SSDT[332] : NtSystemDebugControl @ 0x82613EE9 -> HOOKED (Unknown @ 0x8DC4AFD2)
[Address] SSDT[334] : NtTerminateProcess @ 0x8260C16B -> HOOKED (Unknown @ 0x8DC4AF5F)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8DC4AFE6)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8DC4AFEB)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AADS-00S9B SCSI Disk Device +++++
--- User ---
[MBR] 38e6c304ef4817dd1ff2336844a8566c
[BSP] 4575be89abc48c66a052a1f9056ab39c : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467880 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 958220288 | Size: 9057 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_08152013_114934.txt >>
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.adlice.com/forum/Website :
http://www.adlice.co...es/roguekiller/Blog :
http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Bunny [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/15/2013 11:50:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 9 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 18 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[0]_SC_08152013_115039.txt >>
RKreport[0]_D_08152013_114954.txt;RKreport[0]_S_08152013_114934.txt
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Bunny\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bunny
->Temp folder emptied: 452851070 bytes
->Temporary Internet Files folder emptied: 9227846 bytes
->Java cache emptied: 4159117 bytes
->FireFox cache emptied: 206868038 bytes
->Apple Safari cache emptied: 91047936 bytes
->Flash cache emptied: 5439 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166806541 bytes
RecycleBin emptied: 1083294153 bytes
Total Files Cleaned = 1,921.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08152013_115409
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 8/15/2013 12:18:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bunny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.97% Memory free
4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Space | 351.32 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.00 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
Computer Name: BUNNY-PC | User Name: Bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/08/14 13:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
PRC - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013/07/18 08:03:42 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/07/18 08:03:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/07/18 08:03:17 | 000,111,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2013/07/18 08:02:50 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/07/18 08:02:50 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2012/04/24 20:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/01 11:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
========== Modules (No Company Name) ========== MOD - [2013/08/15 04:45:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:45:15 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 04:45:15 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/15 04:45:12 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/08/15 04:44:08 | 000,262,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemStatus\1c77e8eb60d059ebafaee4291a881e8f\SystemStatus.ni.dll
MOD - [2013/08/15 04:43:51 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\e5cb10a318cf99b791498ac87d55e6f6\MessagingServer.ni.dll
MOD - [2013/08/15 04:43:49 | 000,054,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\3a7a55472bd663b78f3e99826b2e433b\MessagingMessages.ni.dll
MOD - [2013/08/15 04:43:46 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\2fe48d7717105fd8e75f4a40e439d905\MessagingClients.ni.dll
MOD - [2013/08/15 04:43:44 | 000,087,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\InterfaceServices\ebca55adb3b8c582b4d74cadc2054c9a\InterfaceServices.ni.dll
MOD - [2013/08/15 04:43:41 | 001,842,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor\e6d41f1bdf6bb3f2c8e9fbca26afa10e\HPAdvisor.ni.exe
MOD - [2013/08/15 04:43:37 | 000,078,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor.Common.Wi#\a304f657d2ac338cc2b49a9154185b3e\HPAdvisor.Common.Windows.ni.dll
MOD - [2013/08/15 04:43:34 | 000,048,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Content\591a99271df5dafe80e4aa208341f3da\Content.ni.dll
MOD - [2013/08/15 04:43:32 | 000,058,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CeeWrtier\3d6cd6a2d7b553ea91ed4b7eb9fa61f8\CeeWrtier.ni.dll
MOD - [2013/08/15 04:43:30 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BackWeb\185748f428e46d7e1ec1bc89587a775b\BackWeb.ni.dll
MOD - [2013/08/15 04:43:22 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\b8e424ef545f262fd6cb9f35b97fc8b9\System.Configuration.ni.dll
MOD - [2013/08/15 04:41:22 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 04:40:42 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f575e4c534a93294c72fea670ca73492\System.Windows.Forms.ni.dll
MOD - [2013/08/15 04:40:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 04:39:43 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/15 04:39:22 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1907eca427f3b8a0b672d7582427bace\PresentationFramework.ni.dll
MOD - [2013/08/15 04:38:51 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a42ae90abfc074ec34aac50353324f66\PresentationCore.ni.dll
MOD - [2013/08/15 04:38:32 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\e887556e2e663db3f545345d634e125b\WindowsBase.ni.dll
MOD - [2013/08/15 04:38:21 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/08/05 14:44:28 | 016,166,280 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/14 10:01:42 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\db573c76ddb3b19d9a1306c7263da98c\RemotingClient.ni.dll
MOD - [2013/07/14 10:01:26 | 000,017,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\c9ec83ea3865d8ef9f16063cec368d79\MessagingInterface.ni.dll
MOD - [2013/07/14 09:57:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/14 09:56:35 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/04/24 20:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\zlib1.dll
MOD - [2012/04/24 20:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files\Safari\Apple Application Support\libxml2.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009/04/11 02:28:21 | 000,368,640 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
MOD - [2009/04/10 22:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/30 00:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/03/12 20:44:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
========== Services (SafeList) ========== SRV - [2013/08/09 12:58:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/05 14:44:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/01 07:20:22 | 002,095,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/07/18 08:03:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/07/18 08:02:57 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/07/18 08:02:50 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/24 09:26:28 | 000,261,952 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Comodo\COMODO System Utilities\CSUService.exe -- (CSUService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/08/08 14:27:06 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/07/18 08:03:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/07/18 08:03:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/07/08 16:59:45 | 000,583,448 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/06/18 11:15:58 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/06/18 11:15:57 | 000,043,216 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/06/18 11:15:55 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/03/06 16:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/30 19:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 22:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/19 09:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...lion&pf=desktopIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...lion&pf=desktopIE - HKLM\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKLM\..\SearchScopes\{4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}: "URL" =
http://search.yahoo....ing}&fr=hp-pvdtIE - HKLM\..\SearchScopes\{76B34B95-A73F-4E23-873D-76B8129ABFF6}: "URL" =
http://www.ask.com/w...}&l=dis&o=ushpdIE - HKLM\..\SearchScopes\{F465010E-13BF-4A15-BE1B-5E5682102E8C}: "URL" =
http://search.live.c...#38;FORM=HVDUS7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://my.yahoo.com/IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
http://www.google.co...q={searchTerms}IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{4F6E795B-86F5-4BE7-B949-BE28E5E81AB5}: "URL" =
http://search.yahoo....ing}&fr=hp-pvdtIE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{76B34B95-A73F-4E23-873D-76B8129ABFF6}: "URL" =
http://www.ask.com/w...}&l=dis&o=ushpdIE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..\SearchScopes\{F465010E-13BF-4A15-BE1B-5E5682102E8C}: "URL" =
http://search.live.c...#38;FORM=HVDUS7IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "
http://my.yahoo.com/"FF - prefs.js..extensions.enabledAddons: %7BB821BF60-5C2D-41EB-92DC-3E4CCD3A22E4%7D:4.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "
http://www.google.co...YX&ie=utf-8&q="FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/09 12:57:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/09 12:57:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/04/06 13:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Extensions
[2013/04/12 20:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions
[2013/04/12 20:01:15 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2013/04/12 17:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\staged
[2013/04/06 08:57:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\
[email protected][2013/01/07 11:44:23 | 000,134,681 | ---- | M] () (No name found) -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\extensions\
[email protected][2013/04/06 08:57:28 | 000,002,308 | ---- | M] () -- C:\Users\Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\9pmy9f6k.default\searchplugins\askcom.xml
[2013/08/09 12:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/09 12:59:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3041152475-4148000325-232644240-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA4FA2A3-F289-43F3-8BAA-1C604E3FA7D4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/25 16:04:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/08/15 11:54:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/15 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Bunny\Desktop\RK_Quarantine
[2013/08/15 03:06:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 03:06:30 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 03:06:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 03:06:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 03:06:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 03:06:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 03:06:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 21:04:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 21:04:22 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 21:04:21 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2013/08/14 13:23:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
[2013/08/12 14:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/08/12 14:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/12 14:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/08/12 14:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/08/12 14:21:54 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\Avira
[2013/08/12 14:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/08/12 14:00:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013/08/12 14:00:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/08/12 14:00:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/08/12 14:00:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/08/12 14:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/08/12 14:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013/08/09 12:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\WinRAR
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/08/09 12:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/08/09 12:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/08/09 12:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/08/09 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/08/09 12:24:53 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\Bunny\Desktop\MiniToolBox.exe
[2013/08/09 12:17:41 | 000,000,000 | ---D | C] -- C:\Users\Bunny\Desktop\Autoruns
[2013/08/08 14:27:06 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/08/08 14:27:05 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Local\eSupport.com
[2013/08/06 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Roaming\WinBatch
[2013/08/05 12:30:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/31 14:02:05 | 000,000,000 | ---D | C] -- C:\Users\Bunny\AppData\Local\Comodo
[2013/07/31 14:01:41 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[1 C:\Users\Bunny\Documents\*.tmp files -> C:\Users\Bunny\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/08/15 12:15:25 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/08/15 12:09:22 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/08/15 12:07:09 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/08/15 12:06:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:06:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:06:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 12:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 12:05:30 | 2078,740,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 11:40:49 | 000,920,576 | ---- | M] () -- C:\Users\Bunny\Desktop\RogueKiller.exe
[2013/08/15 04:34:29 | 000,001,294 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN0B933GB005HW.job
[2013/08/15 03:13:06 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 03:13:06 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 13:24:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bunny\Desktop\OTL(1).exe
[2013/08/12 14:56:38 | 000,000,878 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/08/12 14:01:10 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/12 13:09:21 | 000,355,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/11 12:51:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/09 12:55:58 | 001,517,376 | ---- | M] () -- C:\Users\Bunny\Desktop\wrar420.exe
[2013/08/09 12:32:51 | 001,110,476 | ---- | M] () -- C:\Users\Bunny\Desktop\7z920.exe
[2013/08/09 12:25:06 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\Bunny\Desktop\MiniToolBox.exe
[2013/08/09 12:16:13 | 000,550,371 | ---- | M] () -- C:\Users\Bunny\Desktop\Autoruns.zip
[2013/08/08 15:09:52 | 000,000,326 | ---- | M] () -- C:\Users\Bunny\Desktop\HP Printer Diagnostic Tools.url
[2013/08/08 14:43:12 | 000,003,612 | ---- | M] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/08/08 14:27:06 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013/08/07 11:23:09 | 195,257,315 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/06 12:24:55 | 000,367,096 | ---- | M] () -- C:\Users\Bunny\Documents\Aug 5 2013 scan.pdf
[2013/08/05 14:44:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/05 14:44:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/01 09:42:40 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/07/31 15:11:42 | 000,005,993 | ---- | M] () -- C:\Users\Bunny\Documents\The Graduating Clas1.odt
[2013/07/31 14:02:16 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/31 08:50:23 | 000,006,000 | ---- | M] () -- C:\Users\Bunny\Documents\The Graduating Class.odt
[2013/07/29 14:28:35 | 000,005,826 | ---- | M] () -- C:\Users\Bunny\Documents\The Presiden2.odt
[2013/07/29 14:28:17 | 000,005,826 | ---- | M] () -- C:\Users\Bunny\Documents\The Presiden1.odt
[2013/07/29 14:19:35 | 000,005,862 | ---- | M] () -- C:\Users\Bunny\Documents\The President.odt
[2013/07/24 22:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/24 22:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/24 22:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/24 22:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/24 22:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/24 22:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/24 22:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/24 22:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/18 08:03:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/07/18 08:03:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/07/17 15:41:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Users\Bunny\Documents\*.tmp files -> C:\Users\Bunny\Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/08/15 11:40:33 | 000,920,576 | ---- | C] () -- C:\Users\Bunny\Desktop\RogueKiller.exe
[2013/08/13 16:48:18 | 2078,740,480 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/12 14:56:38 | 000,000,878 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/08/12 14:01:10 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/08/09 12:55:39 | 001,517,376 | ---- | C] () -- C:\Users\Bunny\Desktop\wrar420.exe
[2013/08/09 12:32:43 | 001,110,476 | ---- | C] () -- C:\Users\Bunny\Desktop\7z920.exe
[2013/08/09 12:16:20 | 000,550,371 | ---- | C] () -- C:\Users\Bunny\Desktop\Autoruns.zip
[2013/08/08 15:09:52 | 000,000,326 | ---- | C] () -- C:\Users\Bunny\Desktop\HP Printer Diagnostic Tools.url
[2013/08/07 11:23:09 | 195,257,315 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/08/06 12:24:51 | 000,367,096 | ---- | C] () -- C:\Users\Bunny\Documents\Aug 5 2013 scan.pdf
[2013/07/31 15:11:26 | 000,005,993 | ---- | C] () -- C:\Users\Bunny\Documents\The Graduating Clas1.odt
[2013/07/31 14:02:16 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/07/31 08:50:19 | 000,006,000 | ---- | C] () -- C:\Users\Bunny\Documents\The Graduating Class.odt
[2013/07/29 14:28:31 | 000,005,826 | ---- | C] () -- C:\Users\Bunny\Documents\The Presiden2.odt
[2013/07/29 14:27:53 | 000,005,826 | ---- | C] () -- C:\Users\Bunny\Documents\The Presiden1.odt
[2013/07/29 14:19:15 | 000,005,862 | ---- | C] () -- C:\Users\Bunny\Documents\The President.odt
[2013/06/19 16:25:28 | 000,003,612 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat
[2013/04/06 08:57:32 | 000,000,045 | ---- | C] () -- C:\Users\Bunny\jagex_cl_runescape_LIVE1.dat
[2013/04/06 08:49:48 | 000,000,046 | ---- | C] () -- C:\Users\Bunny\jagex_cl_loginapplet_LIVE.dat
[2013/04/06 08:47:04 | 000,000,044 | ---- | C] () -- C:\Users\Bunny\jagex_cl_runescape_LIVE.dat
[2013/04/06 08:47:04 | 000,000,001 | ---- | C] () -- C:\Users\Bunny\random.dat
[2012/12/01 21:38:19 | 000,000,102 | ---- | C] () -- C:\Users\Bunny\AppData\Roaming\wklnhst.dat
[2012/11/03 15:24:32 | 000,000,680 | ---- | C] () -- C:\Users\Bunny\AppData\Local\d3d9caps.dat
[2012/09/29 21:11:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/09/02 08:29:26 | 000,028,768 | ---- | C] () -- C:\Windows\System32\javaw.exe
[2012/09/02 08:29:26 | 000,024,670 | ---- | C] () -- C:\Windows\System32\java.exe
[2012/08/17 14:21:22 | 000,003,584 | ---- | C] () -- C:\Users\Bunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 18:23:11 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/04/08 20:03:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/04/08 17:16:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/08 17:16:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/08 16:02:39 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/04/08 14:06:58 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/04/08 14:06:55 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ========== [2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Base Services ==========SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 03:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 03:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 02:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 03:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 02:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 03:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 02:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 03:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 02:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 02:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 03:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 03:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2008/01/19 03:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 03:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 03:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 02:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 02:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 03:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 02:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 03:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 02:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 02:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 02:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 02:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 02:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 03:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 02:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 02:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 02:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 02:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 02:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2012/04/06 18:28:17 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2012/04/06 18:08:18 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: EXPLORER.EXE >[2012/04/06 17:29:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/04/06 17:29:25 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012/04/06 17:29:24 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2012/04/06 18:30:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2012/04/06 18:30:46 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/04/06 17:29:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SERVICES >[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >[2013/05/10 03:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.EXE >[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >[2012/04/08 15:44:39 | 000,001,688 | ---- | M] () MD5=C184B00931F4BB2B1DACF210A6810EC8 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/04/08 15:44:39 | 000,001,688 | ---- | M] () MD5=C184B00931F4BB2B1DACF210A6810EC8 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SVCHOST.EXE >[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< dir C:\ /S /A:L /C > Volume in drive C is HP
Volume Serial Number is 00CB-633B
Directory of C:\
04/06/2012 11:43 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\ProgramData]
04/06/2012 11:43 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
04/06/2012 11:43 AM <JUNCTION> Documents [C:\Users\Public\Documents]
04/06/2012 11:43 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
04/06/2012 11:43 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
04/06/2012 11:43 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
04/06/2012 11:43 AM <SYMLINKD> All Users [C:\ProgramData]
04/06/2012 11:43 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\ProgramData]
04/06/2012 11:43 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
04/06/2012 11:43 AM <JUNCTION> Documents [C:\Users\Public\Documents]
04/06/2012 11:43 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
04/06/2012 11:43 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
04/06/2012 11:43 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bunny
04/06/2012 11:48 AM <JUNCTION> Application Data [C:\Users\Bunny\AppData\Roaming]
04/06/2012 11:48 AM <JUNCTION> Cookies [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Cookies]
04/06/2012 11:48 AM <JUNCTION> Local Settings [C:\Users\Bunny\AppData\Local]
04/06/2012 11:48 AM <JUNCTION> My Documents [C:\Users\Bunny\Documents]
04/06/2012 11:48 AM <JUNCTION> NetHood [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/06/2012 11:48 AM <JUNCTION> PrintHood [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/06/2012 11:48 AM <JUNCTION> Recent [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Recent]
04/06/2012 11:48 AM <JUNCTION> SendTo [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\SendTo]
04/06/2012 11:48 AM <JUNCTION> Start Menu [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Start Menu]
04/06/2012 11:48 AM <JUNCTION> Templates [C:\Users\Bunny\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Bunny\AppData\Local
04/06/2012 11:48 AM <JUNCTION> Application Data [C:\Users\Bunny\AppData\Local]
04/06/2012 11:48 AM <JUNCTION> History [C:\Users\Bunny\AppData\Local\Microsoft\Windows\History]
04/06/2012 11:48 AM <JUNCTION> Temporary Internet Files [C:\Users\Bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Bunny\Documents
04/06/2012 11:48 AM <JUNCTION> My Music [C:\Users\Bunny\Music]
04/06/2012 11:48 AM <JUNCTION> My Pictures [C:\Users\Bunny\Pictures]
04/06/2012 11:48 AM <JUNCTION> My Videos [C:\Users\Bunny\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
04/06/2012 11:43 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
04/06/2012 11:43 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
04/06/2012 11:43 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
04/06/2012 11:43 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/06/2012 11:43 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/06/2012 11:43 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
04/06/2012 11:43 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
04/06/2012 11:43 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
04/06/2012 11:43 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
04/06/2012 11:43 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
04/06/2012 11:43 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
04/06/2012 11:43 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
04/06/2012 11:43 AM <JUNCTION> My Music [C:\Users\Default\Music]
04/06/2012 11:43 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
04/06/2012 11:43 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
04/06/2012 11:43 AM <JUNCTION> My Music [C:\Users\Public\Music]
04/06/2012 11:43 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
04/06/2012 11:43 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 375,646,212,096 bytes free
========== Alternate Data Streams ========== @Alternate Data Stream - 457 bytes -> C:\Users\Bunny\Documents\Step 4.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 8/15/2013 12:18:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bunny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.97% Memory free
4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.92 Gb Total Space | 351.32 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 1.00 Gb Free Space | 11.26% Space Free | Partition Type: NTFS
Computer Name: BUNNY-PC | User Name: Bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F55F775-82DA-44BE-8B19-BD77FB967E5A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5041FC41-A99D-433A-B742-0E70F22DCB14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E1646ED-C217-4CAF-8CD4-A955DA0A0C36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FEF48999-5633-4132-B6E9-9D03AB99F02B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FE03A9-7D68-454B-B9D7-18F43CE0B655}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{17843E27-FCDC-4027-90AD-11DFD00F8D9B}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\tvnserver.exe |
"{1E11E7AC-42FC-4EEC-89FE-4DBCC7FA1154}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{1E8A7684-410C-424D-9CA2-3FFC378F6CDF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{229B372C-AB8C-4857-A2BB-B5D2EC8530AB}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{30941088-36C1-411E-A586-62B3B9AF8A5C}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{385BAF4E-9517-4192-B6E0-C0823DF9F2F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3D8E0F79-4C02-41D5-AB09-27A20CD45DD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50A95A20-6030-4C01-90BB-8BB5AF0C9EE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C5D5A0E-595D-4843-BF2C-FBC5B84475AE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8659D548-7FD8-4070-B070-958DE5BB7F34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CE02C78-8F9E-4599-9B16-B5731E55C0EA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A56EA6F5-BDC0-4A80-9829-16C8A5D3B114}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{AD250CA9-341D-425D-8054-6F88C7C42705}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B0D2A186-55E8-4D35-987A-B138EAFADF94}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{B2510214-A377-4CE1-A994-FF5436349D32}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B346EC56-3275-4E9D-838D-9C4D8B063C75}" = protocol=6 | dir=in | app=c:\program files\pandasecuritytb\dtuser.exe |
"{B5724181-7B76-46F1-AFEF-8E4C44273C91}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{B622F6DD-9D55-4E8E-B1AC-4901B75A509A}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{B909C03B-8E42-4AD8-BC2C-320399E4B2B2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BCF1D1CB-D897-48FF-9A5D-435A2B344E4E}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\tvnserver.exe |
"{D36B3F46-3B87-4906-82D7-000BACBDD99F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DF5B92F9-CE93-405E-8E9A-2021B0002CC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E426037A-CAF2-4FEE-BFDB-621E3B9332D8}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{F2402BB7-59A6-4631-B4A6-A6345342E16C}" = protocol=17 | dir=in | app=c:\program files\pandasecuritytb\dtuser.exe |
"{FBE2ABFD-EB7B-4ACF-8000-99B4B45C07F2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6BE73D27-5ADC-4AD9-B619-8F5188AFCF9F}" = HP Deskjet 1050 J410 series Product Improvement Study
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}" = COMODO System Utilities
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECB35FFA-B010-45C5-9AB5-665AC7E27EE2}" = HP Deskjet 1050 J410 series Basic Device Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Comodo Dragon" = Comodo Dragon
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3041152475-4148000325-232644240-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 1/28/2013 2:33:37 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1046
Error - 1/28/2013 2:33:38 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/28/2013 2:33:38 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2044
Error - 1/28/2013 2:33:38 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044
Error - 1/28/2013 2:33:39 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/28/2013 2:33:39 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058
Error - 1/28/2013 2:33:39 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058
Error - 1/28/2013 2:33:40 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/28/2013 2:33:40 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4072
Error - 1/28/2013 2:33:40 PM | Computer Name = Bunny-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4072
[ System Events ]
Error - 8/14/2013 1:10:40 PM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/14/2013 2:18:47 PM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/15/2013 3:25:51 AM | Computer Name = Bunny-PC | Source = DCOM | ID = 10005
Description =
Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 8/15/2013 3:25:52 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/15/2013 4:36:29 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 8/15/2013 11:54:11 AM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/15/2013 12:07:10 PM | Computer Name = Bunny-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
just in case i missed this one (may be repeat)
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Bunny\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Bunny\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bunny
->Temp folder emptied: 452851070 bytes
->Temporary Internet Files folder emptied: 9227846 bytes
->Java cache emptied: 4159117 bytes
->FireFox cache emptied: 206868038 bytes
->Apple Safari cache emptied: 91047936 bytes
->Flash cache emptied: 5439 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166806541 bytes
RecycleBin emptied: 1083294153 bytes
Total Files Cleaned = 1,921.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08152013_115409
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Edited by xppc, 15 August 2013 - 11:14 AM.