Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti~mal~ware Tool


  • This topic is locked This topic is locked
22 replies to this topic

#1 fred3

fred3

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 14 July 2015 - 06:44 PM

I'm trying to clean up a computer.  It's an AMD 32 with Windows XP.

I have read that the latest Malwarebytes won't run on such a platform.

Well, it doesn't.

But when it doesn't, the error reported says "Anti~mal~ware Tool" didn't run.

When I look in the registry, Malwarebytes had "Anti~mal~ware Tool" entered in a description field.

 

Then, when I try either HitManPro or RogueKiller, one of those is also reported as "Anti~mal~ware Tool".

 

The system is running Pando 2013 security.  I wonder if that's doing this?

 

I've searched the web but don't find anything about "Anti~mal~ware Tool"

Any notion how this is happening.  I know it's not normal.



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 16 July 2015 - 04:50 PM

Greetings fred3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this and we will take a look at things.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 16 July 2015 - 07:02 PM

Here they are!
Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Owner (administrator) on SUZANNE on 16-07-2015 16:48:58
Running from C:\My Documents\_Downloads\Farbar Recovery Scan Tool
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\TPSrv.exe
(Panda Security) C:\Program Files\Panda Security\Panda Internet Security 2013\WebProxy.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\PsCtrlS.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
(Panda Security, S.L.) C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
(Panda Security International) C:\Program Files\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe
(Panda Security S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\PsImSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\psksvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\AVENGINE.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
() C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\ApVxdWin.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\SrvLoad.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Internet Security 2013\PavBckPT.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_host.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_medium_customer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-11] (Hewlett-Packard Company)
HKLM\...\Run: [dlcjmon.exe] => C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe [430080 2005-08-12] (Dell)
HKLM\...\Run: [UpdateManager] => c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2003-08-19] (Sonic Solutions)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [565008 2008-08-14] ()
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam\Quickcam.exe [2407184 2008-08-14] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [APVXDWIN] => C:\Program Files\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE [1038192 2012-12-12] (Panda Security, S.L.)
HKLM\...\Run: [SCANINICIO] => C:\Program Files\Panda Security\Panda Internet Security 2013\Inicio.exe [70432 2012-11-08] (Panda Security, S.L.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-04-27] (Apple Inc.)
Winlogon\Notify\avldr: C:\WINDOWS\system32\avldr.dll [2010-03-24] (On-Access Anti-Malware Scanner Sync)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogon.dll [2015-03-11] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1207080 2006-06-20] (Microsoft Corporation)
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe [610888 2015-01-20] (Citrix Online, LLC)
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\GPhotos.scr [4558848 2014-01-06] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-10-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> {547EEAAC-3665-4e6c-B326-C622D698543A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=SOLTDF
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-14] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [2003-09-03] (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1096936597015
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\z1p3n7gq.default
FF Homepage: https://www.google.com/
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.10.835 -> C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll [2004-04-01] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1136 -> C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll [2004-04-01] (RealNetworks)
FF Plugin: @real.com/nprpjplug;version=6.0.11.847 -> C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll [2004-04-01] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1693500826-1594951521-4070585920-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2015-01-20] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S4 dlcj_device; C:\WINDOWS\system32\dlcjcoms.exe [491520 2005-07-12] ()
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-03-11] (Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2008-07-26] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2013\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 PSHost; C:\Program Files\Panda Security\Panda Internet Security 2013\Firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
R2 PSIMSVC; C:\Program Files\Panda Security\Panda Internet Security 2013\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files\Panda Security\Panda Internet Security 2013\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 TPSrv; C:\Program Files\Panda Security\Panda Internet Security 2013\TPSrv.exe [156960 2012-11-16] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2003-12-12] (Sensaura Ltd)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.)
R2 AmFSM; C:\WINDOWS\System32\DRIVERS\amm8651.sys [63240 2012-03-26] (Panda Security, S.L.)
R1 APPFLT; C:\WINDOWS\system32\Drivers\APPFLT.SYS [83528 2011-01-31] (Panda Security, S.L.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ComFiltr; C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [13880 2015-07-16] ()
R1 DSAFLT; C:\WINDOWS\system32\Drivers\DSAFLT.SYS [53256 2009-09-25] (Panda Security, S.L.)
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [41984 2003-11-12] (VIA Technologies, Inc. )
R1 FNETMON; C:\WINDOWS\system32\Drivers\fnetmon.SYS [22024 2009-09-25] (Panda Security, S.L.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-07-14] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
S3 iadusb; C:\WINDOWS\System32\DRIVERS\glauiad.sys [30371 2003-07-25] (GlobespanVirata Inc.) [File not signed]
S3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [681469 2004-02-10] (Intel Corporation) [File not signed]
R1 IDSFLT; C:\WINDOWS\system32\Drivers\IDSFLT.SYS [193864 2010-09-09] (Panda Security, S.L.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2008-07-26] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 mr7910; C:\WINDOWS\System32\DRIVERS\mr7910.sys [114560 2006-08-02] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NETFLTDI; C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [159112 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\WINDOWS\System32\DRIVERS\neti1644.sys [201032 2010-09-01] (Panda Security, S.L.)
R0 pavboot; C:\WINDOWS\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.)
R2 PavProc; C:\WINDOWS\system32\DRIVERS\PavProc.sys [164488 2012-05-08] (Panda Security, S.L.)
S3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2002-10-01] (Padus, Inc.) [File not signed]
S3 PID_PEPI; C:\WINDOWS\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ShldDrv; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [37448 2011-02-21] (Panda Security, S.L.)
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [432000 2004-01-02] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11520 2004-01-02] (Silicon Integrated Systems Corporation)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
R3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [172672 2004-12-07] (Copyright © VIA/S3 Graphics Co, Ltd.)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [104576 2006-04-10] (Microsoft Corporation)
R1 WNMFLT; C:\WINDOWS\system32\Drivers\WNMFLT.SYS [46856 2009-09-25] (Panda Security, S.L.)
R3 AvFlt; \SystemRoot\system32\drivers\av5flt.sys [X]
R3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ehdrv.sys [X]
S2 mrtRate; No ImagePath
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
R3 PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys [X]
R3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 16:37 - 2015-07-16 16:37 - 00003554 _____ C:\Documents and Settings\Owner\Desktop\2a0b_appcompat.txt
2015-07-16 16:05 - 2015-07-16 16:05 - 00024410 _____ C:\ComboFix.txt
2015-07-16 16:05 - 2015-07-16 16:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-07-16 16:05 - 2015-07-16 16:05 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-07-16 16:05 - 2015-07-16 16:05 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-07-16 15:16 - 2015-07-16 15:09 - 00000154 _____ C:\Documents and Settings\Owner\Desktop\bleeping_url.txt
2015-07-16 11:44 - 2015-07-16 11:44 - 00000113 _____ C:\Documents and Settings\Owner\Desktop\malwarebytesforumurl.txt
2015-07-16 09:01 - 2015-07-16 09:01 - 00000604 _____ C:\WINDOWS\setupapi.log
2015-07-16 08:25 - 2015-07-16 08:25 - 00000826 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-16 08:25 - 2015-07-16 08:25 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-16 08:25 - 2015-07-16 08:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-16 08:25 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-16 08:25 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-16 08:13 - 2015-07-16 08:13 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
2015-07-16 08:13 - 2015-07-16 08:13 - 00000000 ____D C:\Program Files\RogueKiller
2015-07-16 08:13 - 2015-07-16 08:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
2015-07-15 23:19 - 2015-07-15 23:20 - 00000000 ____D C:\Program Files\Defraggler
2015-07-15 23:19 - 2015-07-15 23:19 - 00001629 _____ C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2015-07-15 23:19 - 2015-07-15 23:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2015-07-15 16:47 - 2015-07-15 16:47 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\backups
2015-07-15 16:44 - 2013-04-18 14:36 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Owner\Desktop\HijackThis.exe
2015-07-15 14:03 - 2015-07-15 14:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
2015-07-15 14:03 - 2015-07-15 14:03 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Mozilla
2015-07-15 14:02 - 2015-07-15 14:02 - 00000779 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-15 14:02 - 2015-07-15 14:02 - 00000773 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-07-15 14:02 - 2015-07-15 14:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-15 14:02 - 2015-07-15 14:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-15 14:02 - 2015-07-15 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2015-07-15 13:41 - 2015-07-15 13:41 - 00302760 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-07-15 12:40 - 2015-07-16 16:49 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2015-07-15 12:40 - 2015-07-15 12:40 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-07-15 12:40 - 2015-07-15 12:40 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2015-07-15 12:40 - 2015-07-15 12:40 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2015-07-15 12:40 - 2015-07-15 12:40 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-07-15 12:40 - 2015-07-15 12:40 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2015-07-15 12:25 - 2011-06-25 23:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-07-15 12:25 - 2010-11-07 10:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-07-15 12:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-07-15 12:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-07-15 12:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-07-15 12:25 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-07-15 12:25 - 2000-08-30 17:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-07-15 12:25 - 2000-08-30 17:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-07-15 12:25 - 2000-08-30 17:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-07-15 12:21 - 2015-07-16 16:06 - 00000000 ____D C:\Qoobox
2015-07-15 12:21 - 2015-07-15 12:49 - 00000000 ____D C:\WINDOWS\erdnt
2015-07-15 12:20 - 2015-07-15 12:20 - 05632449 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\CeeEff.exe
2015-07-15 12:04 - 2015-07-15 16:33 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-15 12:03 - 2015-07-15 12:01 - 00008704 _____ C:\WINDOWS\system32\Drivers\pryeagqywlck.sys
2015-07-15 11:57 - 2015-07-15 11:57 - 00000000 ____D C:\Documents and Settings\Owner\Pavark
2015-07-15 10:01 - 2015-07-15 10:01 - 00000000 ____D C:\SUPERDelete
2015-07-15 09:58 - 2015-07-15 09:58 - 00001727 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-07-15 09:58 - 2015-07-15 09:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-07-14 23:24 - 2015-07-16 16:09 - 00028428 _____ C:\Documents and Settings\Owner\Desktop\CheckResults.txt
2015-07-14 23:07 - 2015-07-14 23:07 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Owner\Desktop\mbam-check-2.1.1.1001.exe
2015-07-14 23:04 - 2015-07-16 16:49 - 00000000 ____D C:\FRST
2015-07-14 19:26 - 2015-07-14 19:26 - 00000000 ____D C:\Program Files\ESET
2015-07-14 19:19 - 2015-07-16 15:52 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-14 19:19 - 2015-07-16 15:52 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-07-14 19:19 - 2015-07-16 15:30 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-14 19:19 - 2015-07-14 19:19 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2015-07-14 13:19 - 2015-07-14 13:19 - 00035992 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-07-14 11:49 - 2015-07-14 22:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-07-14 08:47 - 2008-04-13 16:12 - 00116224 ____C (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2015-07-14 08:47 - 2008-04-13 16:12 - 00018944 ____C () C:\WINDOWS\system32\dllcache\xrxscnui.dll
2015-07-14 08:46 - 2008-04-13 16:12 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll
2015-07-14 08:46 - 2008-04-13 10:36 - 00008832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys
2015-07-14 08:45 - 2008-04-13 16:12 - 00082944 ____C (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe
2015-07-14 08:45 - 2008-04-13 10:45 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2015-07-14 08:44 - 2008-04-13 10:40 - 00149376 ____C (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys
2015-07-14 08:44 - 2008-04-13 10:40 - 00007552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys
2015-07-14 08:43 - 2008-04-13 10:45 - 00011520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys
2015-07-14 08:43 - 2008-04-13 10:40 - 00043904 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys
2015-07-14 08:43 - 2008-04-13 10:36 - 00016000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys
2015-07-14 08:43 - 2008-04-13 10:36 - 00006912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys
2015-07-14 08:42 - 2008-04-13 16:12 - 00159232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll
2015-07-14 08:42 - 2008-04-13 16:12 - 00029696 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll
2015-07-14 08:42 - 2008-04-13 16:12 - 00027648 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll
2015-07-14 08:42 - 2008-04-13 16:10 - 00259328 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll
2015-07-14 08:42 - 2008-04-13 16:10 - 00211584 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll
2015-07-14 08:42 - 2008-04-13 10:44 - 00028032 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys
2015-07-14 08:42 - 2008-04-13 10:41 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys
2015-07-14 08:42 - 2008-04-13 10:40 - 00079104 ____C (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys
2015-07-14 08:42 - 2008-04-13 10:40 - 00008832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys
2015-07-14 08:42 - 2008-04-13 10:40 - 00006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys
2015-07-14 08:41 - 2008-04-13 10:54 - 00028672 ____C (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys
2015-07-14 08:41 - 2008-04-13 10:44 - 00027904 ____C (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys
2015-07-14 08:40 - 2008-04-13 10:54 - 00022016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys
2015-07-14 08:40 - 2008-04-13 10:46 - 00049024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys
2015-07-14 08:39 - 2008-04-13 16:11 - 00253952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll
2015-07-14 08:39 - 2008-04-13 16:11 - 00048640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll
2015-07-14 08:39 - 2008-04-13 10:41 - 00026112 ____C (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys
2015-07-14 08:39 - 2008-04-13 10:40 - 00034688 ____C (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2015-07-14 08:39 - 2008-04-13 10:40 - 00007040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys
2015-07-14 08:38 - 2008-04-13 16:12 - 00151552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe
2015-07-14 08:38 - 2008-04-13 16:11 - 00028160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll
2015-07-14 08:38 - 2008-04-13 10:54 - 00088192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys
2015-07-14 08:37 - 2008-04-13 16:11 - 00702845 ____C (Intel® Corporation) C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2015-07-14 08:37 - 2008-04-13 10:41 - 00018560 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\i2omp.sys
2015-07-14 08:37 - 2008-04-13 10:41 - 00008576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\i2omgmt.sys
2015-07-14 08:35 - 2008-04-13 10:36 - 00020352 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys
2015-07-14 08:34 - 2008-04-13 10:45 - 00059136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2015-07-14 08:34 - 2008-04-13 10:45 - 00010624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys
2015-07-14 08:34 - 2008-04-13 10:40 - 00028288 ____C (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys
2015-07-14 08:32 - 2008-04-13 16:12 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2015-07-14 08:32 - 2008-04-13 10:40 - 00008320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys
2015-07-14 08:32 - 2008-04-13 10:39 - 00206976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys
2015-07-14 08:31 - 2008-04-13 16:11 - 00249856 ____C (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll
2015-07-14 08:31 - 2008-04-13 10:36 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys
2015-07-14 08:30 - 2008-04-13 16:11 - 00121856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll
2015-07-14 08:30 - 2008-04-13 10:40 - 00008192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys
2015-07-14 08:30 - 2008-04-13 10:36 - 00013952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys
2015-07-14 08:29 - 2008-04-13 10:46 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2015-07-14 08:29 - 2008-04-13 10:46 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2015-07-14 08:29 - 2008-04-13 10:36 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2015-07-14 08:27 - 2008-04-13 10:46 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2015-07-14 08:27 - 2008-04-13 10:40 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2015-07-14 08:25 - 2008-04-13 16:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-07-14 08:25 - 2008-04-13 16:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-07-14 08:25 - 2008-04-13 10:39 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-07-14 08:25 - 2008-04-13 10:39 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 16:39 - 2014-02-07 17:34 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-07-16 16:39 - 2014-02-07 17:34 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-07-16 16:25 - 2015-01-03 20:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-16 16:06 - 2004-03-31 23:02 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-07-16 16:04 - 2014-01-11 12:18 - 01286513 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-16 16:03 - 2013-08-25 21:20 - 00000088 _____ C:\WINDOWS\system32\Drivers\etc\NetAdapt.cfg.bck
2015-07-16 16:03 - 2013-08-25 21:20 - 00000088 _____ C:\WINDOWS\system32\Drivers\etc\NetAdapt.cfg
2015-07-16 16:02 - 2010-01-30 16:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 15:57 - 2013-08-26 09:33 - 00000092 _____ C:\WINDOWS\system32\Drivers\etc\NetLoc.wlt.bck
2015-07-16 15:57 - 2013-08-26 09:33 - 00000092 _____ C:\WINDOWS\system32\Drivers\etc\NetLoc.wlt
2015-07-16 15:57 - 2013-08-26 09:33 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\WnmFlt.cfg.bck
2015-07-16 15:57 - 2013-08-26 09:33 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\WnmFlt.cfg
2015-07-16 15:57 - 2013-08-26 09:33 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.cfg.bck
2015-07-16 15:57 - 2013-08-26 09:33 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.cfg
2015-07-16 15:57 - 2013-08-25 21:20 - 00000252 _____ C:\WINDOWS\system32\Drivers\etc\IdsFlt.cfg.bck
2015-07-16 15:57 - 2013-08-25 21:20 - 00000252 _____ C:\WINDOWS\system32\Drivers\etc\IdsFlt.cfg
2015-07-16 15:57 - 2013-08-25 21:18 - 00000068 _____ C:\WINDOWS\system32\Drivers\etc\NetFlt.cfg.bck
2015-07-16 15:57 - 2013-08-25 21:18 - 00000068 _____ C:\WINDOWS\system32\Drivers\etc\NetFlt.cfg
2015-07-16 15:57 - 2013-08-25 21:16 - 00303044 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.rls.bck
2015-07-16 15:57 - 2013-08-25 21:16 - 00303044 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.rls
2015-07-16 15:57 - 2013-08-25 21:16 - 00001132 _____ C:\WINDOWS\system32\Drivers\APPFLTR.CFG.bck
2015-07-16 15:57 - 2013-08-25 21:16 - 00001132 _____ C:\WINDOWS\system32\Drivers\APPFLTR.CFG
2015-07-16 15:56 - 2013-07-22 11:39 - 00013880 _____ C:\WINDOWS\system32\Drivers\COMFiltr.sys
2015-07-16 15:55 - 2013-08-25 21:20 - 00000060 _____ C:\WINDOWS\system32\Drivers\etc\NetAR.wlt.bck
2015-07-16 15:55 - 2013-08-25 21:20 - 00000060 _____ C:\WINDOWS\system32\Drivers\etc\NetAR.wlt
2015-07-16 15:55 - 2007-02-15 10:41 - 00214596 _____ C:\dlcj.log
2015-07-16 15:55 - 2007-02-11 23:30 - 00531861 _____ C:\dlcjscan.log
2015-07-16 15:53 - 2004-07-05 14:25 - 00000189 _____ C:\WINDOWS\system\hpsysdrv.DAT
2015-07-16 15:53 - 2004-03-31 21:49 - 00000227 _____ C:\WINDOWS\system.ini
2015-07-16 15:52 - 2014-03-19 07:36 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-16 15:52 - 2010-01-30 16:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 15:52 - 2004-03-31 23:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-16 15:51 - 2004-03-31 23:02 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-07-16 15:26 - 2013-08-25 21:16 - 00338656 _____ C:\WINDOWS\system32\Drivers\APPFCONT.DAT.bck
2015-07-16 15:26 - 2013-08-25 21:16 - 00338656 _____ C:\WINDOWS\system32\Drivers\APPFCONT.DAT
2015-07-16 15:13 - 2004-03-31 21:50 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-15 16:33 - 2004-03-31 23:02 - 00000000 ____D C:\Documents and Settings\Owner
2015-07-15 12:41 - 2004-03-31 14:53 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2015-07-15 12:41 - 2004-03-31 14:53 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2015-07-15 12:41 - 2004-03-31 14:52 - 50593792 _____ C:\WINDOWS\system32\config\software.bak
2015-07-15 12:41 - 2004-03-31 14:52 - 10223616 _____ C:\WINDOWS\system32\config\system.bak
2015-07-15 12:41 - 2004-03-31 14:52 - 01048576 _____ C:\WINDOWS\system32\config\default.bak
2015-07-15 12:39 - 2004-03-31 14:51 - 00000000 ____D C:\WINDOWS\Help
2015-07-15 12:38 - 2007-02-16 20:45 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2015-07-15 12:17 - 2004-04-01 01:50 - 00001263 _____ C:\WINDOWS\QUICKEN.INI
2015-07-15 11:16 - 2010-12-12 14:51 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-07-15 09:59 - 2010-04-05 15:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-15 09:59 - 2010-04-05 15:46 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2015-07-15 09:26 - 2015-01-03 20:15 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-15 09:26 - 2015-01-03 20:15 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-14 23:25 - 2008-04-25 19:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-07-14 23:18 - 2013-07-28 11:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 21:54 - 2004-04-01 00:28 - 00000000 ____D C:\Program Files\Java
2015-07-14 21:50 - 2010-04-05 11:38 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-07-14 14:11 - 2013-09-08 12:27 - 00000000 ____D C:\Documents and Settings\Administrator
2015-07-14 14:11 - 2004-03-31 23:02 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-14 13:18 - 2014-01-11 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-07-14 09:31 - 2014-01-03 19:47 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Calling Card
2015-07-14 09:31 - 2013-07-22 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Tech Support Rescue Connect
2015-07-13 12:33 - 2015-01-03 18:47 - 00000924 _____ C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
2015-07-13 12:33 - 2015-01-03 18:47 - 00000000 ____D C:\Program Files\VS Revo Group
2015-07-09 12:20 - 2014-03-19 07:36 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-07-03 08:49 - 2005-05-10 22:33 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-29 19:50 - 2004-10-29 19:50 - 00000260 _____ C:\WINDOWS\Tasks\Disk Cleanup.job
2015-06-20 12:59 - 2012-04-20 16:49 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

==================== Files in the root of some directories =======

2013-07-07 00:46 - 2013-07-07 00:46 - 4249600 _____ () C:\Program Files\GUT1E2.tmp
2008-04-14 14:31 - 2008-04-14 14:31 - 0002508 _____ () C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2008-04-19 11:52 - 2008-04-19 11:52 - 0024586 _____ () C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
2005-06-03 20:30 - 2007-07-23 06:33 - 0005632 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2004-04-01 14:31 - 2004-04-01 14:31 - 0000128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Owner at 2015-07-16 16:52:32
Running from C:\My Documents\_Downloads\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1693500826-1594951521-4070585920-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1693500826-1594951521-4070585920-1008 - Limited - Enabled)
Guest (S-1-5-21-1693500826-1594951521-4070585920-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1693500826-1594951521-4070585920-1007 - Limited - Disabled)
Owner (S-1-5-21-1693500826-1594951521-4070585920-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1693500826-1594951521-4070585920-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-1693500826-1594951521-4070585920-1006 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Internet Security 2013 (Enabled - Up to date) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2013 (Disabled) {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
4500_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Advanced Tech Support Rescue Connect (HKLM\...\{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}) (Version: 7.0.454 - LogMeIn, Inc.)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AiO_Scan (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AIOMinimal (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AirPort (HKLM\...\{74487955-B85B-4040-A3B6-9EAC0A8AD198}) (Version: 5.5.1.17 - Apple Inc.)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Camera Suite 1.3 (HKLM\...\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Camera Support Core Library (Version: 7.0.1.17 - Canon) Hidden
Camera Window (Version: 4.6.1 - Canon) Hidden
CameraDrivers (Version: 3.1.0 - Hewlett-Packard) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}) (Version: 7.0.1.17 - Canon)
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}) (Version: 4.6.1 - Canon)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}) (Version: 1.1.1.41 - Canon)
Canon PhotoRecord (HKLM\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}) (Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}) (Version: 1.0 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}) (Version: 3.1.13 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.06.00032 - CISRA)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CCScore (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Citrix Online Launcher (HKLM\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
Copy (Version: 5.35.0.065 - Hewlett-Packard) Hidden
CreativeProjects (Version: 5.35.0.059 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dell Photo AIO Printer 964 (HKLM\...\Dell Photo AIO Printer 964) (Version: - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESSCDBK (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (Version: 5.02.0000.0103 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESShelp (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 5.02.0000.0004 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpaht (Version: 5.01.0000.0004 - EASTMAN KODAK Company) Hidden
ESSvpot (Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Customer 2.3.0.818 (HKLM\...\GoToAssist Express Customer) (Version: 2.3.0.818 - Citrix Online)
GoToAssist Expert 2.2.0.758 (HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\...\GoToAssist Remote Support Expert) (Version: 2.2.0.758 - Citrix Online)
GoToAssist Unattended Customer 2.2.0.758 (HKLM\...\{8986461A-C5B9-4E8B-827A-FA68F3411758}) (Version: 2.2.0.758 - Citrix Online)
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HLPIndex (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet Preloaded Printer Drivers (HKLM\...\{F419D20A-7719-4639-8E30-C073A040D878}) (Version: 8.3.3.0 - Hewlett-Packard Company)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Image Zone 3.5 (HKLM\...\HP Photo & Imaging) (Version: 3.5 - HP)
HP Image Zone Plus 3.5 (HKLM\...\{C6C44651-7C66-4b11-92E8-17565D3D22DD}) (Version: 3.5 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Instant Support (HKLM\...\HP Instant Support) (Version: - )
HP Officejet J4500 Series (HKLM\...\{CD0773D5-C18E-495c-B39B-21A96415EDD5}) (Version: 1.0 - HP)
HP Organize (HKLM\...\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}) (Version: - )
HP Photo & Imaging 3.5 - HP Devices (HKLM\...\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}) (Version: 3.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP PSC & OfficeJet 3.5 (HKLM\...\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
hpg2436 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg3970 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg4600 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg5530 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg8200 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
HPIZ350 (Version: 35.1.2 - Hewlett-Packard) Hidden
hpmdtab (Version: 2.0.479.1607 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (Version: 3.5.0.21 - Hewlett-Packard) Hidden
IntelliMover Data Transfer Demo (HKLM\...\{14589F05-C658-4594-9429-D437BA688686}) (Version: - )
InterVideo WinDVD 4 (HKLM\...\{98E8A2EF-4EAE-43B8-A172-74842B764777}) (Version: 4.0-B11.412 - InterVideo Inc.)
InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.269 - InterVideo Inc.)
iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.)
J4500 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.21 - Jasc Software, Inc.)
Jasc Paint Shop Pro Studio, Dell Editon (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
KBD (HKLM\...\KBD) (Version: - )
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
KSU (Version: 632.62.0003.0003 - EASTMAN KODAK Company) Hidden
Logitech QuickCam (HKLM\...\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}) (Version: 11.80.1065 - Logitech Inc.)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Memories Disc Creator 2.0 (HKLM\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.479.1607 - Memories Disc Creator 2.0)
MGI PhotoSuite SE (HKLM\...\MGI_PHOTOSUITE_SE_V10) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft ActiveSync 4.0 (HKLM\...\{B208806F-A231-4FA0-AB3F-5C1B8979223E}) (Version: 4.2.4875.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version: - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0808 - Microsoft Corporation)
MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft Mail PassView (HKLM\...\NirSoft Mail PassView) (Version: - )
Notifier (Version: 5.01.0000.0001 - EASTMAN KODAK Company) Hidden
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OpenOffice.org 2.0 (HKLM\...\{24C242C0-28C0-43C8-A0A1-FE181F3B3319}) (Version: 2.0.9011 - OpenOffice.org)
OTtBPSDK (Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Overland (Version: 2.1.4 - Hewlett-Packard) Hidden
Panda Internet Security 2013 (HKLM\...\{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}) (Version: 18.01.98 - Panda Security)
Panda Internet Security 2013 (Version: 18.01.98 - Panda Security) Hidden
Password Depot 6 - Panda Secure Vault Edition (HKLM\...\{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1) (Version: 6.1.5 - AceBIT GmbH)
PCDADDIN (Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
PCDHELP (Version: 5.02.0000.0001 - Eastman Kodak Company) Hidden
Photo Viewer (HKLM\...\{67183F00-3DDC-497B-A090-4E2B79EAF1CD}) (Version: 1.00.0000 - Photo Viewer)
PhotoGallery (Version: 5.35.0.059 - Hewlett-Packard) Hidden
PhotoStitch (Version: 3.1.13 - Canon) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Print to Fax (HKLM\...\{5BF2B19D-9C79-492A-8969-F059F06A627F}) (Version: 1.00 - BVRP Software)
PrintScreen (Version: 5.35.0.035 - Hewlett-Packard) Hidden
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
PS2 (HKLM\...\PS2) (Version: - )
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version: - )
Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
Quicken 2004 (HKLM\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Quicken 2004 (Version: 13.00.0000 - Intuit) Hidden
Quicken Converter (HKLM\...\{07A5D43B-85F0-4E3E-B7BD-6DE9B7135A1B}) (Version: 24.0.0.276 - Intuit, Inc.)
QuickProjects (Version: 5.35.0.047 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{08094E03-AFE4-4853-9D31-6D0743DF5328}) (Version: 7.1.6.200 - Apple Computer, Inc.)
RAW Image Task 1.0 (Version: 1.0 - Canon) Hidden
Readme (Version: 40.0.105.000 - Hewlett-Packard) Hidden
RealOne Player (HKLM\...\RealPlayer 6.0) (Version: - )
RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.7.0 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
S3 S3Display (HKLM\...\VTDisplay) (Version: - )
S3 S3Gamma2 (HKLM\...\VTGamma2) (Version: - )
S3 S3Info2 (HKLM\...\VTInfo2) (Version: - )
S3 S3Overlay (HKLM\...\VTOverlay) (Version: - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (Version: 10.1.0.0 - Hewlett-Packard) Hidden
SFR (Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
SKIN0001 (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
SkinsHP1 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
SkinsHP2 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
SKINXSDK (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Toolkit View(HP) (HKLM\...\HPTOOLKIT) (Version: - )
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 3.5.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Updates from HP (HKLM\...\BackWeb-137903 Uninstaller) (Version: - )
VIA Rhine-Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - )
VIA/S3G Display Driver (HKLM\...\S3) (Version: - )
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
VPRINTOL (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0) (HKLM\...\693218053459EBF14C6505EA1172F17672B50DD1) (Version: 08/08/2006 1.4.0.0 - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WIRELESS (Version: 5.02.0000.0001 - EASTMAN KODAK Company) Hidden
Zoom ADSL Modem (HKLM\...\{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}) (Version: - )
Zoom ADSL Modem Status (HKLM\...\Zoom ADSL Modem Status) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\localserver32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)

==================== Restore Points =========================

18-04-2015 12:19:11 System Checkpoint
19-04-2015 12:48:53 System Checkpoint
20-04-2015 12:58:49 System Checkpoint
21-04-2015 13:41:50 System Checkpoint
27-04-2015 12:30:13 System Checkpoint
28-04-2015 17:29:27 System Checkpoint
29-04-2015 18:33:45 System Checkpoint
30-04-2015 18:46:47 System Checkpoint
02-05-2015 11:34:52 System Checkpoint
03-05-2015 12:08:12 System Checkpoint
04-05-2015 12:20:30 System Checkpoint
05-05-2015 12:23:30 System Checkpoint
07-05-2015 10:45:29 System Checkpoint
08-05-2015 14:46:36 System Checkpoint
09-05-2015 14:49:54 System Checkpoint
10-05-2015 15:06:14 System Checkpoint
11-05-2015 16:56:28 System Checkpoint
12-05-2015 17:47:25 System Checkpoint
12-05-2015 20:04:24 Software Distribution Service 3.0
14-05-2015 12:14:17 System Checkpoint
16-05-2015 17:55:39 System Checkpoint
17-05-2015 19:17:15 System Checkpoint
18-05-2015 19:59:19 System Checkpoint
21-05-2015 10:08:53 System Checkpoint
22-05-2015 10:32:49 System Checkpoint
23-05-2015 20:57:51 System Checkpoint
25-05-2015 17:46:48 System Checkpoint
27-05-2015 11:21:15 System Checkpoint
28-05-2015 13:29:57 System Checkpoint
05-06-2015 14:08:02 System Checkpoint
06-06-2015 14:52:19 System Checkpoint
07-06-2015 18:00:34 System Checkpoint
10-06-2015 10:14:01 System Checkpoint
10-06-2015 20:04:30 Software Distribution Service 3.0
11-06-2015 21:04:22 System Checkpoint
14-06-2015 18:36:28 System Checkpoint
15-06-2015 19:13:04 System Checkpoint
16-06-2015 19:30:50 System Checkpoint
17-06-2015 19:55:51 System Checkpoint
19-06-2015 11:15:55 System Checkpoint
20-06-2015 11:58:22 System Checkpoint
23-06-2015 19:43:51 System Checkpoint
25-06-2015 13:15:19 System Checkpoint
27-06-2015 15:41:12 System Checkpoint
29-06-2015 11:15:27 System Checkpoint
30-06-2015 11:55:29 System Checkpoint
01-07-2015 13:48:51 System Checkpoint
02-07-2015 14:45:16 System Checkpoint
03-07-2015 17:42:22 System Checkpoint
05-07-2015 19:29:11 System Checkpoint
07-07-2015 09:05:35 System Checkpoint
13-07-2015 11:34:15 System Checkpoint
14-07-2015 12:19:11 System Checkpoint
14-07-2015 22:57:14 Software Distribution Service 3.0
15-07-2015 13:34:25 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.1.8.1057
15-07-2015 13:40:06 Revo Uninstaller's restore point - RogueKiller version 10
16-07-2015 14:57:16 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-03-31 21:49 - 2015-07-16 15:53 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Disk Cleanup.job => C:\WINDOWS\system32\cleanmgr.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2005-07-12 14:34 - 2005-07-12 14:34 - 00491520 _____ () C:\WINDOWS\system32\dlcjlmpm.DLL
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-07-26 09:24 - 2008-07-26 09:24 - 00068120 _____ () C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
2013-07-22 11:30 - 2007-02-14 13:55 - 00165424 _____ () C:\Program Files\Panda Security\Panda Internet Security 2013\MiniCrypto.dll
2013-07-22 11:30 - 2004-05-19 11:33 - 00507904 _____ () C:\Program Files\Panda Security\Panda Internet Security 2013\libxml2.dll
2013-07-22 11:30 - 2007-02-14 13:55 - 00099888 _____ () C:\Program Files\Panda Security\Panda Internet Security 2013\APIcr.dll
2008-08-14 18:11 - 2008-08-14 18:11 - 00565008 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
2008-08-14 18:11 - 2008-08-14 18:11 - 00345872 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
2008-08-14 18:12 - 2008-08-14 18:12 - 00167184 _____ () C:\Program Files\Logitech\QuickCam\EFVal.dll
2008-08-14 18:13 - 2008-08-14 18:13 - 00138000 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
2008-08-14 18:13 - 2008-08-14 18:13 - 00165136 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
2008-08-14 18:13 - 2008-08-14 18:13 - 00149264 _____ () C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
2008-08-14 18:15 - 2008-08-14 18:15 - 02407184 _____ () C:\Program Files\Logitech\QuickCam\Quickcam.exe
2008-08-14 18:22 - 2008-08-14 18:22 - 00112912 _____ () C:\Program Files\Logitech\QuickCam\LAppRes.dll
2006-06-20 23:34 - 2006-06-20 23:34 - 00017704 _____ () C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
2003-10-15 11:03 - 2003-10-15 11:03 - 00163840 _____ () c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-19\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com
IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com
IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com
IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com
IE restricted site: HKU\S-1-5-19\...\1gb.ru -> people.1gb.ru
IE restricted site: HKU\S-1-5-19\...\1sexparty.com -> www.1sexparty.com
IE restricted site: HKU\S-1-5-19\...\1stpagehere.com -> www.1stpagehere.com
IE restricted site: HKU\S-1-5-19\...\1stsearchportal.com -> www.1stsearchportal.com
IE restricted site: HKU\S-1-5-19\...\2020search.com -> www.2020search.com
IE restricted site: HKU\S-1-5-19\...\20x2p.com -> 20x2p.com
IE restricted site: HKU\S-1-5-19\...\24-7searching-and-more.com -> www.24-7searching-and-more.com
IE restricted site: HKU\S-1-5-19\...\24teen.com -> www.24teen.com
IE restricted site: HKU\S-1-5-19\...\2ndpower.com -> 2ndpower.com
IE restricted site: HKU\S-1-5-19\...\36site.com -> www.36site.com

There are 1254 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk => C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk => C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk => C:\WINDOWS\pss\IMStart.lnkStartup
MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe
MSCONFIG\startupreg: AirPort Base Station Agent => "C:\Program Files\AirPort\APAgent.exe"
MSCONFIG\startupreg: AlcxMonitor => ALCXMNTR.EXE
MSCONFIG\startupreg: BackupNotify => c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PS2 => C:\WINDOWS\system32\ps2.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Recguard => C:\WINDOWS\SMINST\RECGUARD.EXE
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: VTTimer => VTTimer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe] => Disabled:Kodak Software Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe] => Enabled:EasyShare
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\rapimgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\wcescomm.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Panda Security\Panda Internet Security 2013\ApVxdWin.exe] => Enabled:Panda permanent protection
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\AirPort\APAgent.exe] => Enabled:AirPort
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [3587:TCP] => Enabled:Windows Peer-to-Peer Grouping
DomainProfile\GloballyOpenPorts: [3540:UDP] => Enabled:Peer Name Resolution Protocol (PNRP)
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [3587:TCP] => Enabled:Windows Peer-to-Peer Grouping
StandardProfile\GloballyOpenPorts: [3540:UDP] => Enabled:Peer Name Resolution Protocol (PNRP)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [990:TCP] => Enabled:Active Sync In #1 990
StandardProfile\GloballyOpenPorts: [999:TCP] => Enabled:Active Sync In #2 999
StandardProfile\GloballyOpenPorts: [5678:TCP] => Enabled:Active Sync In #3 5678
StandardProfile\GloballyOpenPorts: [5679:TCP] => Enabled:Active Sync Out 5679
StandardProfile\GloballyOpenPorts: [26675:TCP] => :169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
StandardProfile\GloballyOpenPorts: [5900:TCP] => Enabled:vnc5900
StandardProfile\GloballyOpenPorts: [5800:TCP] => Enabled:vnc5800
StandardProfile\GloballyOpenPorts: [5353:UDP] => Enabled:Bonjour

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 04:35:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application procdump.exe, version 7.0.1.0, faulting module procdump.exe, version 7.0.1.0, fault address 0x0000c1ee.
Processing media-specific event for [procdump.exe!ws!]

Error: (07/16/2015 04:31:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application procdump.exe, version 7.0.1.0, faulting module procdump.exe, version 7.0.1.0, fault address 0x0000c1ee.
Processing media-specific event for [procdump.exe!ws!]

Error: (07/16/2015 04:08:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 10.9.1.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [roguekiller.exe!ws!]

Error: (07/16/2015 04:08:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 10.9.1.0, faulting module roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
Processing media-specific event for [roguekiller.exe!ws!]

Error: (07/16/2015 03:52:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (07/16/2015 02:27:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (07/16/2015 12:31:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application procdump.exe, version 7.0.1.0, faulting module procdump.exe, version 7.0.1.0, fault address 0x0000c17c.
Processing media-specific event for [procdump.exe!ws!]

Error: (07/16/2015 12:26:23 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 79381032.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/16/2015 12:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application roguekiller.exe, version 10.9.1.0, faulting module roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
Processing media-specific event for [roguekiller.exe!ws!]

Error: (07/16/2015 12:14:03 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 641336646.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.


System errors:
=============
Error: (07/16/2015 03:55:41 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:31 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:26 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:21 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:16 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:11 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:05 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:55:00 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:54:54 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}

Error: (07/16/2015 03:54:49 PM) (Source: DCOM) (EventID: 10005) (User: SUZANNE)
Description: DCOM got error "%%1058" attempting to start the service dlcj_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441065}


Microsoft Office:
=========================
Error: (10/02/2009 09:57:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/02/2009 09:56:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/02/2009 09:56:33 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 07:51:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 07:50:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 07:50:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 07:50:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 10:42:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 10:42:54 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/03/2009 10:42:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Athlon™ XP 3200+
Percentage of memory in use: 52%
Total physical RAM: 959.48 MB
Available physical RAM: 460.03 MB
Total Virtual: 3753.66 MB
Available Virtual: 2972.36 MB

==================== Drives ================================

Drive c: (suzanne) (Fixed) (Total:181.51 GB) (Free:143.97 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:4.79 GB) (Free:0.59 GB) FAT32 ==>[drive with boot components (Windows XP)]
Drive k: () (Fixed) (Total:14.9 GB) (Free:8.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 6F8C6F8C)
Partition 1: (Not Active) - (Size=4.8 GB) - (Type=0B)
Partition 2: (Active) - (Size=181.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: C8936A6F)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End of log ============================

Attached Files


Edited by Oh My!, 16 July 2015 - 09:11 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 16 July 2015 - 09:29 PM

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
R3 AvFlt; \SystemRoot\system32\drivers\av5flt.sys [X]
R3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ehdrv.sys [X]
S2 mrtRate; No ImagePath
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
R3 PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys [X]
R3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X]
U3 TlntSvr; No ImagePath
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]
2015-07-15 12:03 - 2015-07-15 12:01 - 00008704 _____ C:\WINDOWS\system32\Drivers\pryeagqywlck.sys
2013-07-07 00:46 - 2013-07-07 00:46 - 4249600 _____ () C:\Program Files\GUT1E2.tmp
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Test your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 16 July 2015 - 11:52 PM

I uninstalled fully both app's Malwarebytes and RogueKiller using Revo Uninstaller.

Then rebooted and installated them again.

Neither works.  Just as before.

The log is attached.

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Owner at 2015-07-16 20:25:25 Run:2
Running from C:\My Documents\_Downloads\Farbar Recovery Scan Tool
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
R3 AvFlt; \SystemRoot\system32\drivers\av5flt.sys [X]
R3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\ehdrv.sys [X]
S2 mrtRate; No ImagePath
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
R3 PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys [X]
R3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X]
U3 TlntSvr; No ImagePath
U3 mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys [X]
2015-07-15 12:03 - 2015-07-15 12:01 - 00008704 _____ C:\WINDOWS\system32\Drivers\pryeagqywlck.sys
2013-07-07 00:46 - 2013-07-07 00:46 - 4249600 _____ () C:\Program Files\GUT1E2.tmp
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No Filepath
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => value removed successfully.
HKCR\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} => key not found.
HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found.
AvFlt => Unable to stop service.
AvFlt => Service removed successfully.
catchme => Service stopped successfully.
catchme => Service removed successfully.
eapihdrv => Service removed successfully.
mrtRate => Service removed successfully.
PalmUSBD => Service removed successfully.
PavSRK.sys => Unable to stop service.
PavSRK.sys => Service removed successfully.
PavTPK.sys => Unable to stop service.
PavTPK.sys => Service removed successfully.
TlntSvr => Service removed successfully.
mbr => Service removed successfully.
C:\WINDOWS\system32\Drivers\pryeagqywlck.sys => moved successfully.
C:\Program Files\GUT1E2.tmp => moved successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{C84CD8A9-B62D-4B0F-A57F-959A30D6C584}" => key removed successfully.
"HKU\S-1-5-21-1693500826-1594951521-4070585920-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}" => key removed successfully.

The system needed a reboot.

==== End of Fixlog 20:25:42 ====



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 17 July 2015 - 07:44 AM

Please run these. In addition I would like to look at your Combofix log.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • OTL logs (2)
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 17 July 2015 - 11:44 AM



OK Gary,  Here you are!  Thanks!!
I did encounter one problem on this system so I've attached a couple of files.
 
# AdwCleaner v4.208 - Logfile created 17/07/2015 at 08:15:52
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - SUZANNE
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SmartPCFix
Folder Deleted : C:\Documents and Settings\Owner\Application Data\HPAppData
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : HKU\.DEFAULT\Software\IGearSettings
Key Deleted : HKU\.DEFAULT\Software\ParetoLogic
Key Deleted : HKU\.DEFAULT\Software\SpeedMaxPC
Key Deleted : HKU\.DEFAULT\Software\speedypc software
***** [ Web browsers ] *****
-\\ Internet Explorer v7.0.6000.21376
-\\ Mozilla Firefox v39.0 (x86 en-US)
*************************
AdwCleaner[R0].txt - [8306 bytes] - [11/01/2014 12:27:09]
AdwCleaner[R1].txt - [8297 bytes] - [11/01/2014 12:29:30]
AdwCleaner[R2].txt - [816 bytes] - [11/01/2014 12:46:08]
AdwCleaner[R3].txt - [1465 bytes] - [17/07/2015 08:12:53]
AdwCleaner[S0].txt - [7932 bytes] - [11/01/2014 12:32:28]
AdwCleaner[S1].txt - [876 bytes] - [11/01/2014 12:53:14]
AdwCleaner[S2].txt - [1404 bytes] - [17/07/2015 08:15:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1463  bytes] ##########
*********************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 07/17/2015 at  8:22:50.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Tasks
 
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
 
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
 
~~~ Files
 
~~~ Informational
C:\WINDOWS\system32\tasklist.exe doesn't exist [Process check skipped . Windows XP Home Edition?]
 
~~~ Folders
Successfully deleted: [Folder] C:\Program Files\update~1
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/17/2015 at  8:44:11.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
********************************
OTL logfile created on: 7/17/2015 8:59:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.48 Mb Total Physical Memory | 485.07 Mb Available Physical Memory | 50.55% Memory free
3.67 Gb Paging File | 2.98 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): c:\pagefile.sys 2878.2 2878.2 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.51 Gb Total Space | 143.70 Gb Free Space | 79.17% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.59 Gb Free Space | 12.23% Space Free | Partition Type: FAT32
Drive K: | 14.90 Gb Total Space | 8.16 Gb Free Space | 54.75% Space Free | Partition Type: FAT32
 
Computer Name: SUZANNE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/07/17 07:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2015/03/11 13:47:54 | 000,610,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe
PRC - [2015/03/11 13:47:54 | 000,610,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe
PRC - [2015/03/11 13:47:54 | 000,610,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe
PRC - [2015/03/11 13:47:54 | 000,610,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_host.exe
PRC - [2015/03/11 13:47:54 | 000,610,888 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe
PRC - [2015/01/20 19:38:42 | 000,610,888 | ---- | M] (Citrix Online, LLC) -- C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
PRC - [2015/01/20 19:38:42 | 000,610,888 | ---- | M] (Citrix Online, LLC) -- C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe
PRC - [2015/01/20 19:38:42 | 000,610,888 | ---- | M] (Citrix Online, LLC) -- C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
PRC - [2014/07/22 16:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/12/12 11:42:18 | 001,038,192 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\ApVxdWin.exe
PRC - [2012/11/19 18:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\PsCtrlS.exe
PRC - [2012/11/16 13:52:52 | 000,156,960 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\TPSrv.exe
PRC - [2012/09/21 08:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
PRC - [2012/04/04 18:00:28 | 000,108,032 | ---- | M] (Panda Security) -- C:\Program Files\Panda Security\Panda Internet Security 2013\WebProxy.exe
PRC - [2011/10/18 13:43:48 | 000,112,128 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\PavBckPT.exe
PRC - [2011/10/18 13:43:48 | 000,091,648 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\SrvLoad.exe
PRC - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/13 12:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
PRC - [2011/03/07 15:27:06 | 000,225,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\AVENGINE.EXE
PRC - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\psksvc.exe
PRC - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe
PRC - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2013\PsImSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/08/14 18:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/08/14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/08/14 18:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/08/14 18:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless4001.dll
MOD - [2008/08/14 18:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\LogiCordless.dll
MOD - [2008/08/14 18:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/08/14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
MOD - [2008/08/14 18:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\DevMngr.dll
MOD - [2008/07/26 09:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll
MOD - [2007/02/14 13:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2013\MiniCrypto.dll
MOD - [2007/02/14 13:55:12 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2013\APIcr.dll
MOD - [2006/06/20 23:34:28 | 000,017,704 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2005/07/12 14:34:22 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcjlmpm.dll
MOD - [2004/05/19 11:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2013\LIBXML2.DLL
MOD - [2003/10/15 11:03:26 | 000,163,840 | ---- | M] () -- c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2015/07/15 09:27:11 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/06/30 19:30:36 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/03/11 13:47:54 | 000,610,888 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2014/07/22 16:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/11/19 18:11:38 | 000,177,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2012/11/16 13:52:52 | 000,156,960 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\TPSrv.exe -- (TPSrv)
SRV - [2012/09/21 08:25:02 | 000,202,016 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/13 12:44:10 | 000,313,664 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\pavsrvx86.exe -- (PAVSRV)
SRV - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\psksvc.exe -- (PskSvcRetail)
SRV - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\FIREWALL\PSHost.exe -- (PSHost)
SRV - [2008/07/26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2013\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/04/13 17:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv)
SRV - [2005/07/12 14:33:02 | 000,491,520 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\dlcjcoms.exe -- (dlcj_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\av5flt.sys -- (AvFlt)
DRV - [2015/07/17 08:23:00 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2015/07/14 13:19:43 | 000,035,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2015/06/18 08:41:46 | 000,121,560 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2015/06/18 08:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/12 19:05:01 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/05/08 10:31:52 | 000,164,488 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2012/03/26 18:57:18 | 000,063,240 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/21 13:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011/01/31 16:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/09/09 16:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2010/09/01 11:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1644.sys -- (NETIMFLT01060044)
DRV - [2010/06/22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/09/25 14:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 14:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 14:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 14:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/08/02 11:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/01/02 21:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 20:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/25 14:58:36 | 000,030,371 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (iadusb)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2001/06/04 14:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\..\SearchScopes\{206796F5-0A8D-458F-9D90-B7A9E679EFFA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2015/07/15 14:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2015/07/15 14:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/07/15 14:02:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015/07/16 15:53:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2013\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003..\Run: [GoToAssist Remote Support Expert] C:\Program Files\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe (Citrix Online, LLC)
O4 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1096936597015 (MSSecurityAdvisor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1375036143609 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 11.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 11.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogon.dll (Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/31 23:00:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/07/17 08:11:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2015/07/17 08:11:14 | 005,634,275 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\CeeEff2.exe
[2015/07/17 08:11:14 | 001,798,288 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2015/07/16 21:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RogueKiller
[2015/07/16 21:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2015/07/16 20:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/07/16 20:41:07 | 000,121,560 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2015/07/16 20:41:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2015/07/16 20:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/07/16 20:35:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2015/07/16 17:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2015/07/16 17:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2015/07/15 23:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2015/07/15 23:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2015/07/15 16:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\backups
[2015/07/15 16:44:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2015/07/15 16:33:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2015/07/15 14:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2015/07/15 14:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2015/07/15 14:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2015/07/15 14:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2015/07/15 14:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/07/15 13:41:53 | 000,302,760 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2015/07/15 12:25:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2015/07/15 12:25:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2015/07/15 12:25:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2015/07/15 12:25:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2015/07/15 12:21:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/07/15 12:21:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2015/07/15 12:20:44 | 005,632,449 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\CeeEff.exe
[2015/07/15 12:04:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2015/07/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Pavark
[2015/07/15 10:01:06 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2015/07/15 09:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2015/07/14 23:07:09 | 001,682,416 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\mbam-check-2.1.1.1001.exe
[2015/07/14 23:04:02 | 000,000,000 | ---D | C] -- C:\FRST
[2015/07/14 19:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2015/07/14 11:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oracle
[2015/07/14 08:47:17 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2015/07/14 08:46:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2015/07/14 08:46:22 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2015/07/14 08:45:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2015/07/14 08:45:03 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2015/07/14 08:44:49 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2015/07/14 08:44:05 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2015/07/14 08:43:52 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2015/07/14 08:43:51 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2015/07/14 08:43:16 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2015/07/14 08:43:10 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2015/07/14 08:42:58 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2015/07/14 08:42:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2015/07/14 08:42:48 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2015/07/14 08:42:24 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2015/07/14 08:42:20 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2015/07/14 08:42:13 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2015/07/14 08:42:12 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2015/07/14 08:42:01 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2015/07/14 08:42:01 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2015/07/14 08:42:00 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2015/07/14 08:41:59 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2015/07/14 08:41:15 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2015/07/14 08:40:37 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2015/07/14 08:40:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2015/07/14 08:39:52 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2015/07/14 08:39:33 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2015/07/14 08:39:19 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2015/07/14 08:39:08 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2015/07/14 08:39:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2015/07/14 08:38:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2015/07/14 08:38:36 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2015/07/14 08:38:36 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2015/07/14 08:37:41 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2015/07/14 08:37:39 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2015/07/14 08:37:37 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2015/07/14 08:35:02 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2015/07/14 08:34:46 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2015/07/14 08:34:31 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2015/07/14 08:34:30 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2015/07/14 08:32:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2015/07/14 08:32:29 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2015/07/14 08:32:18 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2015/07/14 08:31:19 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2015/07/14 08:31:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2015/07/14 08:30:53 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2015/07/14 08:30:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2015/07/14 08:30:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2015/07/14 08:29:23 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2015/07/14 08:29:15 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2015/07/14 08:29:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2015/07/14 08:27:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2015/07/14 08:27:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2015/07/14 08:25:16 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2015/07/14 08:25:07 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2015/07/13 12:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/07/17 09:02:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/17 08:39:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2015/07/17 08:25:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/07/17 08:23:18 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2015/07/17 08:23:18 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2015/07/17 08:23:18 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2015/07/17 08:23:18 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2015/07/17 08:23:18 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2015/07/17 08:23:18 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2015/07/17 08:23:18 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2015/07/17 08:23:18 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2015/07/17 08:23:18 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2015/07/17 08:23:18 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2015/07/17 08:23:18 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2015/07/17 08:23:18 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2015/07/17 08:23:17 | 000,303,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2015/07/17 08:23:17 | 000,303,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2015/07/17 08:23:00 | 000,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2015/07/17 08:19:53 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2015/07/17 08:19:53 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2015/07/17 08:19:53 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2015/07/17 08:19:53 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2015/07/17 08:17:51 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2015/07/17 08:17:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/17 08:17:33 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/07/17 08:17:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/07/17 08:12:26 | 000,340,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2015/07/17 08:12:26 | 000,340,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2015/07/17 07:49:10 | 005,634,275 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\CeeEff2.exe
[2015/07/17 07:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2015/07/17 07:46:18 | 002,248,704 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
[2015/07/17 07:45:46 | 001,798,288 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2015/07/16 21:43:14 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
[2015/07/16 20:41:43 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/07/16 16:39:03 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2015/07/16 15:53:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2015/07/16 15:13:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/07/15 23:19:39 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2015/07/15 14:02:57 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2015/07/15 14:02:53 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2015/07/15 13:41:39 | 000,302,760 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2015/07/15 12:20:44 | 005,632,449 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\CeeEff.exe
[2015/07/15 12:17:53 | 000,001,263 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2015/07/15 11:16:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2015/07/15 09:58:43 | 000,001,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2015/07/15 09:26:35 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015/07/15 09:26:35 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015/07/14 23:07:13 | 001,682,416 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Owner\Desktop\mbam-check-2.1.1.1001.exe
[2015/07/14 21:50:56 | 000,146,432 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2015/07/14 13:19:43 | 000,035,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2015/07/14 13:17:04 | 000,022,272 | ---- | M] () -- C:\My Documents\cc_20150714_131702.reg
[2015/07/13 12:33:56 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2015/07/09 12:20:01 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2015/06/29 19:50:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2015/06/20 12:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015/06/18 08:41:46 | 000,121,560 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2015/06/18 08:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2015/06/18 08:38:54 | 000,001,258 | ---- | M] () -- C:\My Documents\master.conf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/07/17 08:11:13 | 002,248,704 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
[2015/07/16 21:43:14 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RogueKiller.lnk
[2015/07/16 20:41:43 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2015/07/15 23:19:39 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2015/07/15 14:02:57 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2015/07/15 14:02:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2015/07/15 14:02:53 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2015/07/15 12:25:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015/07/15 12:25:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015/07/15 12:25:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015/07/15 12:25:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015/07/15 12:25:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2015/07/15 10:15:26 | 000,001,258 | ---- | C] () -- C:\My Documents\master.conf
[2015/07/15 09:58:42 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2015/07/14 13:19:43 | 000,035,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2015/07/14 13:17:03 | 000,022,272 | ---- | C] () -- C:\My Documents\cc_20150714_131702.reg
[2015/07/14 08:47:14 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2013/09/19 20:21:41 | 000,064,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/08/25 21:16:08 | 000,340,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2013/08/25 21:16:08 | 000,340,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2013/07/22 11:39:33 | 000,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2013/07/22 11:31:54 | 000,000,262 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2009/02/09 21:08:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Ÿ9Ÿ9
[2009/01/30 20:30:57 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Owner\Q3.DIR
[2008/04/19 11:52:07 | 000,024,586 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2008/04/19 11:48:50 | 000,006,863 | ---- | C] () -- C:\Documents and Settings\Owner\OE_WAB
[2008/04/14 14:31:34 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/01/03 17:54:17 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/06/26 14:11:19 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/06/03 20:30:20 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/06 20:53:10 | 000,188,456 | ---- | C] () -- C:\Documents and Settings\Owner\~
[2004/04/01 14:31:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/03/31 23:18:20 | 000,014,909 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt
[2004/03/31 23:18:20 | 000,014,851 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
 
========== ZeroAccess Check ==========
 
[2004/04/01 00:20:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
*****************************
OTL Extras logfile created on: 7/17/2015 8:59:21 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.48 Mb Total Physical Memory | 485.07 Mb Available Physical Memory | 50.55% Memory free
3.67 Gb Paging File | 2.98 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): c:\pagefile.sys 2878.2 2878.2 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.51 Gb Total Space | 143.70 Gb Free Space | 79.17% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.59 Gb Free Space | 12.23% Space Free | Partition Type: FAT32
Drive K: | 14.90 Gb Total Space | 8.16 Gb Free Space | 54.75% Space Free | Partition Type: FAT32
 
Computer Name: SUZANNE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"990:TCP" = 990:TCP:*:Enabled:Active Sync In #1 990
"999:TCP" = 999:TCP:*:Enabled:Active Sync In #2 999
"5678:TCP" = 5678:TCP:*:Enabled:Active Sync In #3 5678
"5679:TCP" = 5679:TCP:*:Enabled:Active Sync Out 5679
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Panda Security\Panda Internet Security 2013\ApVxdWin.exe" = C:\Program Files\Panda Security\Panda Internet Security 2013\ApVxdWin.exe:*:Enabled:Panda permanent protection -- (Panda Security, S.L.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AirPort\APAgent.exe" = C:\Program Files\AirPort\APAgent.exe:*:Enabled:AirPort -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox) -- (Mozilla Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{07A5D43B-85F0-4E3E-B7BD-6DE9B7135A1B}" = Quicken Converter
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{24C242C0-28C0-43C8-A0A1-FE181F3B3319}" = OpenOffice.org 2.0
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{26A24AE4-039D-4CA4-87B4-2F83218051F0}" = Java 8 Update 51
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}" = Zoom ADSL Modem
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}" = Photo Viewer
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74487955-B85B-4040-A3B6-9EAC0A8AD198}" = AirPort
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2013
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8986461A-C5B9-4E8B-827A-FA68F3411758}" = GoToAssist Unattended Customer 2.2.0.758
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6 - Panda Secure Vault Edition
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFB80939-4486-49D8-A04E-2B05C0F2DE39}" = Citrix Online Launcher
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Camera Support Core Library
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BE0008BB-37C1-4199-974D-C6FB9E19C0C9}" = Panda Internet Security 2013
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}" = Advanced Tech Support Rescue Connect
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Camera Window
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"693218053459EBF14C6505EA1172F17672B50DD1" = Windows Driver Package - (mr7910) Image  (08/08/2006 1.4.0.0)
"8B3D7924-ED89-486B-8322-E8594065D5CB_is1" = RogueKiller version 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BackWeb-137903 Uninstaller" = Updates from HP
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist Express Customer" = GoToAssist Customer 2.3.0.818
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HPTOOLKIT" = Toolkit View(HP)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B9B9863A-32FD-4133-ADB7-46244ED77694}" = Canon Camera Support Core Library
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{F37942A8-B21B-4C5A-A1D2-B676BF55EAE0}" = Canon Camera Window for ZoomBrowser EX
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057
"MGI_PHOTOSUITE_SE_V10" = MGI PhotoSuite SE
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 39.0 (x86 en-US)" = Mozilla Firefox 39.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NirSoft Mail PassView" = NirSoft Mail PassView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"Revo Uninstaller" = Revo Uninstaller 1.95
"S3" = VIA/S3G Display Driver
"Shop for HP Supplies" = Shop for HP Supplies
"STANDARDR" = Microsoft Office Standard 2007
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoom ADSL Modem Status" = Zoom ADSL Modem Status
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1693500826-1594951521-4070585920-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToAssist Remote Support Expert" = GoToAssist Expert 2.2.0.758
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/16/2015 7:35:29 PM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application procdump.exe, version 7.0.1.0, faulting module
 procdump.exe, version 7.0.1.0, fault address 0x0000c1ee.
 
Error - 7/16/2015 8:20:55 PM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 10.9.1.0, faulting module
 roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
 
Error - 7/16/2015 11:27:58 PM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application mbamservice.exe, version 3.2.13.0, faulting module
 Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
 
Error - 7/16/2015 11:28:11 PM | Computer Name = SUZANNE | Source = Application Error | ID = 1004
Description = Faulting application mbamservice.exe, version 3.2.13.0, faulting module
 Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
 
Error - 7/16/2015 11:33:22 PM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 10.9.1.0, faulting module
 roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
 
Error - 7/16/2015 11:33:22 PM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 10.9.1.0, faulting module
 roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
 
Error - 7/17/2015 12:43:25 AM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 10.9.1.0, faulting module
 roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
 
Error - 7/17/2015 1:12:48 AM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application roguekiller.exe, version 10.9.1.0, faulting module
 roguekiller.exe, version 10.9.1.0, fault address 0x0020c290.
 
Error - 7/17/2015 11:17:29 AM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application mbamservice.exe, version 3.2.13.0, faulting module
 Qt5Core.dll, version 5.4.1.0, fault address 0x00026f16.
 
Error - 7/17/2015 11:23:28 AM | Computer Name = SUZANNE | Source = Application Error | ID = 1000
Description = Faulting application createrestorepoint.exe, version 1.0.0.0, faulting
 module createrestorepoint.exe, version 1.0.0.0, fault address 0x00001094.
 
[ OSession Events ]
Error - 7/3/2009 1:42:45 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/3/2009 1:42:54 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/3/2009 1:42:59 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/3/2009 10:50:39 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/3/2009 10:50:50 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/3/2009 10:50:59 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/3/2009 10:51:09 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/2/2009 12:56:33 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/2/2009 12:56:55 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10/2/2009 12:57:04 PM | Computer Name = SUZANNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 7/17/2015 11:19:21 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:19:24 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 7/17/2015 11:19:27 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:19:27 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7022
Description = The MBAMService service hung on starting.
 
Error - 7/17/2015 11:19:39 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:19:44 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:19:50 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:19:55 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:20:00 AM | Computer Name = SUZANNE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service dlcj_device
 with arguments ""  in order to run the server:  {323CE21C-A448-40AA-BA74-7FCF1E441065}
 
Error - 7/17/2015 11:20:19 AM | Computer Name = SUZANNE | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly.  It has done this
 1 time(s).
 
[ TuneUp Events ]
Error - 5/4/2013 7:04:04 AM | Computer Name = SUZANNE | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
 
 
< End of report >
*************************
ComboFix 15-07-12.01 - Owner 07/16/2015  15:36:51.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.959.497 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\CeeEff.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Panda Internet Security 2013 *Enabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2013 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
FILE ::
"c:\windows\TEMP\logishrd\LVPrcInj01.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-16 to 2015-07-16  )))))))))))))))))))))))))))))))
.
.
2015-07-16 15:25 . 2015-06-18 15:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-16 15:25 . 2015-06-18 15:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-16 15:25 . 2015-07-16 15:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-16 15:13 . 2015-07-16 15:13 -------- d-----w- c:\program files\RogueKiller
2015-07-16 06:19 . 2015-07-16 06:20 -------- d-----w- c:\program files\Defraggler
2015-07-15 21:03 . 2015-07-15 21:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2015-07-15 21:02 . 2015-07-15 21:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-07-15 20:41 . 2015-07-15 20:41 302760 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2015-07-15 19:03 . 2015-07-15 19:01 8704 ----a-w- c:\windows\system32\drivers\pryeagqywlck.sys
2015-07-15 18:57 . 2015-07-15 18:57 -------- d-----w- c:\documents and settings\Owner\Pavark
2015-07-15 17:01 . 2015-07-15 17:01 -------- d-----w- C:\SUPERDelete
2015-07-15 06:04 . 2015-07-16 18:58 -------- d-----w- C:\FRST
2015-07-15 02:26 . 2015-07-15 02:26 -------- d-----w- c:\program files\ESET
2015-07-14 20:19 . 2015-07-14 20:19 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-07-14 18:49 . 2015-07-15 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle
2015-07-14 15:35 . 2008-04-13 17:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2015-07-14 15:34 . 2008-04-13 17:40 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2015-07-14 15:34 . 2008-04-13 17:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2015-07-14 15:34 . 2008-04-13 17:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2015-07-14 15:32 . 2008-04-13 17:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2015-07-14 15:32 . 2008-04-13 17:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2015-07-14 15:31 . 2008-04-13 23:11 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2015-07-14 15:31 . 2008-04-13 17:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2015-07-14 15:30 . 2008-04-13 17:36 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2015-07-14 15:30 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2015-07-14 15:30 . 2008-04-13 23:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2015-07-14 15:29 . 2008-04-13 17:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2015-07-14 15:29 . 2008-04-13 17:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2015-07-14 15:29 . 2008-04-13 17:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2015-07-14 15:27 . 2008-04-13 17:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2015-07-14 15:27 . 2008-04-13 17:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2015-07-14 15:25 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-07-14 15:25 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2015-07-14 15:25 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2015-06-17 08:01 . 2015-06-17 08:01 1202856 ----a-w- c:\windows\system32\FM20.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 22:56 . 2013-07-22 18:39 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2015-07-15 16:26 . 2015-01-04 03:15 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 16:26 . 2015-01-04 03:15 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 04:50 . 2010-04-05 18:38 146432 ----a-w- c:\windows\system32\javacpl.cpl
2015-05-02 02:05 . 2015-05-02 02:05 1409 ----a-w- c:\windows\QTFont.for
2013-07-07 07:46 . 2013-07-07 07:46 4249600 ----a-w- c:\program files\GUT1E2.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"GoToAssist Remote Support Expert"="c:\program files\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe" [2015-01-21 610888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-07-06 6715160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-15 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-15 2407184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE" [2012-12-12 1038192]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2013\Inicio.exe" [2012-11-08 70432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 19:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2015-03-11 20:48 610888 ----a-w- c:\program files\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=c:\windows\pss\IMStart.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 19:01 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2009-11-11 23:17 771360 ----a-w- c:\program files\AirPort\APAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 21:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 09:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57 81920 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 17:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-14 04:43 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-04-01 08:41 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2004-10-22 19:53 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Panda Security\\Panda Internet Security 2013\\ApVxdWin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"990:TCP"= 990:TCP:Active Sync In #1 990
"999:TCP"= 999:TCP:Active Sync In #2 999
"5678:TCP"= 5678:TCP:Active Sync In #3 5678
"5679:TCP"= 5679:TCP:Active Sync Out 5679
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"5353:UDP"= 5353:UDP:Bonjour
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [7/22/2013 11:31 AM 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [8/25/2013 9:15 PM 83528]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/19/2013 8:16 PM 37664]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [8/25/2013 9:15 PM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [8/25/2013 9:15 PM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [8/25/2013 9:15 PM 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [8/25/2013 9:15 PM 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [7/22/2013 11:17 AM 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [8/25/2013 9:15 PM 46856]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 4:47 PM 142648]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [7/22/2013 11:27 AM 63240]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 6:33 PM 249648]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [3/11/2015 1:50 PM 610888]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [7/22/2013 11:17 AM 164488]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2013\psksvc.exe [7/22/2013 11:31 AM 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [7/22/2013 11:39 AM 13880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/16/2015 8:25 AM 23256]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [7/22/2013 11:28 AM 201032]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [7/16/2015 8:25 AM 1133880]
S2 mrtRate;mrtRate; [x]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 8:31 PM 195336]
S3 eapihdrv;eapihdrv;\??\c:\docume~1\Owner\LOCALS~1\Temp\ehdrv.sys --> c:\docume~1\Owner\LOCALS~1\Temp\ehdrv.sys [?]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [7/14/2015 1:19 PM 35992]
S3 iadusb;Zoom USB Network Adapter;c:\windows\system32\drivers\glauiad.sys [10/28/2005 2:47 PM 30371]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [7/16/2015 8:25 AM 121560]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [8/24/2012 8:43 AM 18432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ    p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-04 16:27]
.
2015-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2015-06-30 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-04-29 00:12]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:16]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 20:16]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-08 00:34]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-02-08 00:34]
.
2015-07-16 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2015-07-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z1p3n7gq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-16 15:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1693500826-1594951521-4070585920-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\avldr.dll
c:\program files\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(7192)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Internet Security 2013\pavoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Internet Security 2013\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA INTERNET SECURITY 2013\WebProxy.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Panda Security\Panda Internet Security 2013\PsCtrls.exe
c:\program files\Panda Security\Panda Internet Security 2013\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Internet Security 2013\Firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Internet Security 2013\PsImSvc.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Panda Security\Panda Internet Security 2013\pavsrvx86.exe
c:\program files\Panda Security\Panda Internet Security 2013\AVENGINE.EXE
c:\program files\Citrix\GoToAssist Remote Support Customer\818\g2ax_comm_customer.exe
c:\program files\Citrix\GoToAssist Remote Support Customer\818\g2ax_system_customer.exe
c:\program files\Citrix\GoToAssist Remote Support Customer\818\g2ax_user_customer.exe
c:\program files\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Panda Security\Panda Internet Security 2013\SRVLOAD.EXE
c:\program files\Panda Security\Panda Internet Security 2013\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2015-07-16  16:05:50 - machine was rebooted
ComboFix-quarantined-files.txt  2015-07-16 23:05
ComboFix2.txt  2015-07-15 19:52
.
Pre-Run: 154,513,186,816 bytes free
Post-Run: 154,539,114,496 bytes free
.
- - End Of File - - B1EFBAEA327F87D66A89CEAD5177F1EA
BAD0263FBE81B49F5F07B32DC9D198B3

Attached Files


Edited by Oh My!, 17 July 2015 - 12:53 PM.


#8 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 17 July 2015 - 12:14 PM

Double post from the compromised machine.....  The last one lacks the attachments but looks the same otherwise it appears.  I recommend you use the first one with the attachments.  It should be complete, etc.  I don't know how the last one happened.  Maybe delete the last post or tell me how to do that?


Edited by fred3, 17 July 2015 - 12:17 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 17 July 2015 - 12:56 PM

Greetings,

Do you know what this is?

C:\Documents and Settings\Owner\99

Please do this.

===================================================

Windows Repair (All in One)

--------------------
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the tweaking.com_windows_riepair_aio_setup icon
  • Continually click Next, then Finish
  • If you are running in Safe Mode click OK on the Warning screen
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 4 and click Do It under System File Check

p22012122.jpg.gif

  • Go to the Repairs tab and click Open Repairs

p22012124.jpg.gif

  • Leave the default check marks and click Start Repairs

p22012126.jpg.gif

  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file location

For 64 bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
For 32 bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste (or attach if necessary) the contents of the log in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recoginze the folder?
  • Windows All in One report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 17 July 2015 - 09:44 PM

I don't know what that file is.  It appears to be empty.  I see it as Y(umlaut)9Y(umlaut)9.

 

There are many logs:

 

_Windows_Repair_Log.txt

 

Tweaking.com - Windows Repair v3.2.5
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: SUZANNE
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Owner
Current Profile SID: S-1-5-21-1693500826-1594951521-4070585920-1003
Current Profile Classes: S-1-5-21-1693500826-1594951521-4070585920-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Owner\Local Settings\Application Data
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 05:50:02

Process Count: 64
Commit Total: 858.77 MB
Commit Limit: 3.67 GB
Commit Peak: 1,007.80 MB
Handle Count: 25772
Kernel Total: 78.89 MB
Kernel Paged: 52.40 MB
Kernel Non Paged: 26.50 MB
System Cache: 488.33 MB
Thread Count: 783
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 959.48 MB
Memory Used: 583.52 MB(60.8155%)
Memory Avail.: 375.97 MB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 959.48 MB
Memory Used: 417.54 MB(43.517%)
Memory Avail.: 541.95 MB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (7/17/2015 2:06:27 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 153
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (7/17/2015 2:06:35 PM)

   Running Repair Under Current User Account
   Done (7/17/2015 2:06:58 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (7/17/2015 2:06:58 PM)

   Running Repair Under System Account
   Done (7/17/2015 2:12:14 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (7/17/2015 2:12:14 PM)

   Running Repair Under System Account
   Done (7/17/2015 2:14:59 PM)

03 - Reset Service Permissions
   Start (7/17/2015 2:14:59 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:16:00 PM)

04 - Register System Files
   Start (7/17/2015 2:16:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:25:54 PM)

05 - Repair WMI
   Start (7/17/2015 2:25:54 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Panda Internet Security 2013 Exported.

   Exporting 3rd Party Firewall Info...
   Panda Personal Firewall 2013 Exported.

   Running Repair Under Current User Account
   Done (7/17/2015 2:30:45 PM)

06 - Repair Windows Firewall
   Start (7/17/2015 2:30:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:31:04 PM)

07 - Repair Internet Explorer
   Start (7/17/2015 2:31:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:36:21 PM)

08 - Repair MDAC/MS Jet
   Start (7/17/2015 2:36:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:37:00 PM)

09 - Repair Hosts File
   Start (7/17/2015 2:37:00 PM)
   Running Repair Under System Account
   Done (7/17/2015 2:37:03 PM)

10 - Remove Policies Set By Infections
   Start (7/17/2015 2:37:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:37:13 PM)

12 - Repair Icons
   Start (7/17/2015 2:37:13 PM)
   Running Repair Under Current User Account
   Done (7/17/2015 2:37:15 PM)

13 - Repair Network
   Start (7/17/2015 2:37:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:37:39 PM)

15 - Repair Proxy Settings
   Start (7/17/2015 2:37:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:37:42 PM)

17 - Repair Windows Updates
   Start (7/17/2015 2:37:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (7/17/2015 2:39:16 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (7/17/2015 2:39:16 PM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (7/17/2015 2:39:16 PM)

19 - Repair Volume Shadow Copy Service
   Start (7/17/2015 2:39:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:04 PM)

21 - Repair MSI (Windows Installer)
   Start (7/17/2015 2:40:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:29 PM)

23.01 - Repair bat Association
   Start (7/17/2015 2:40:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:32 PM)

23.02 - Repair cmd Association
   Start (7/17/2015 2:40:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:36 PM)

23.03 - Repair com Association
   Start (7/17/2015 2:40:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:39 PM)

23.04 - Repair Directory Association
   Start (7/17/2015 2:40:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:42 PM)

23.05 - Repair Drive Association
   Start (7/17/2015 2:40:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:46 PM)

23.06 - Repair exe Association
   Start (7/17/2015 2:40:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:49 PM)

23.07 - Repair Folder Association
   Start (7/17/2015 2:40:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:52 PM)

23.08 - Repair inf Association
   Start (7/17/2015 2:40:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:55 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (7/17/2015 2:40:56 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:40:59 PM)

23.10 - Repair msc Association
   Start (7/17/2015 2:40:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:41:02 PM)

23.11 - Repair reg Association
   Start (7/17/2015 2:41:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:41:05 PM)

23.12 - Repair scr Association
   Start (7/17/2015 2:41:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:41:09 PM)

24 - Repair Windows Safe Mode
   Start (7/17/2015 2:41:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:41:12 PM)

25 - Repair Print Spooler
   Start (7/17/2015 2:41:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:41:29 PM)

26 - Restore Important Windows Services
   Start (7/17/2015 2:41:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:41:45 PM)

27 - Set Windows Services To Default Startup
   Start (7/17/2015 2:41:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:42:07 PM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1

31 - Repair Windows 'New' Submenu
   Start (7/17/2015 2:42:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/17/2015 2:42:10 PM)

33 - Repair Performance Counters
   Start (7/17/2015 2:42:10 PM)
   Running Repair Under Current User Account
   Done (7/17/2015 2:42:12 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (7/17/2015 2:42:12 PM)
   Total Repair Time: 00:35:48

...YOU MUST RESTART YOUR SYSTEM...

 

ip_reset.txt

 

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15B491F3-BBD4-4761-AFEF-EE6377DB735E}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15B491F3-BBD4-4761-AFEF-EE6377DB735E}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}\TcpWindowSize
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91025FA0-C222-41B8-8923-C062AF061AC3}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91025FA0-C222-41B8-8923-C062AF061AC3}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D8434333-11C0-42A8-BBFE-59B42647FB5E}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D8434333-11C0-42A8-BBFE-59B42647FB5E}\TcpWindowSize
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\AddressType
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\DisableDynamicUpdate
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
added   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset   Linkage\Bind for ms_server.  bad value was:
            REG_MULTI_SZ =
                \Device\NetbiosSmb
                \Device\NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Route for ms_server.  bad value was:
            REG_MULTI_SZ =
                "NetbiosSmb"
                "NetBT" "Tcpip" "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "NetBT" "Tcpip" "{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}"
                "NetBT" "Tcpip" "{14883A1B-3888-40D2-A540-BA004C9F588E}"
                "NetBT" "Tcpip" "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "NetBT" "Tcpip" "{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}"
                "NetBT" "Tcpip" "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "NetBT" "Tcpip" "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "NetBT" "Tcpip" "{91025FA0-C222-41B8-8923-C062AF061AC3}"
                "NetBT" "Tcpip" "NdisWanIp"

reset   Linkage\Export for ms_server.  bad value was:
            REG_MULTI_SZ =
                \Device\LanmanServer_NetbiosSmb
                \Device\LanmanServer_NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\LanmanServer_NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\LanmanServer_NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\LanmanServer_NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\LanmanServer_NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\LanmanServer_NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\LanmanServer_NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\LanmanServer_NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\LanmanServer_NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\LanmanServer_NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Bind for ms_netbios.  bad value was:
            REG_MULTI_SZ =
                \Device\NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Route for ms_netbios.  bad value was:
            REG_MULTI_SZ =
                "NetBT" "Tcpip" "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "NetBT" "Tcpip" "{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}"
                "NetBT" "Tcpip" "{14883A1B-3888-40D2-A540-BA004C9F588E}"
                "NetBT" "Tcpip" "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "NetBT" "Tcpip" "{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}"
                "NetBT" "Tcpip" "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "NetBT" "Tcpip" "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "NetBT" "Tcpip" "{91025FA0-C222-41B8-8923-C062AF061AC3}"
                "NetBT" "Tcpip" "NdisWanIp"

reset   Linkage\Export for ms_netbios.  bad value was:
            REG_MULTI_SZ =
                \Device\NetBIOS_NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\NetBIOS_NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\NetBIOS_NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\NetBIOS_NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\NetBIOS_NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\NetBIOS_NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\NetBIOS_NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\NetBIOS_NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\NetBIOS_NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\NetBIOS_NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Bind for ms_msclient.  bad value was:
            REG_MULTI_SZ =
                \Device\NetbiosSmb
                \Device\NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Route for ms_msclient.  bad value was:
            REG_MULTI_SZ =
                "NetbiosSmb"
                "NetBT" "Tcpip" "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "NetBT" "Tcpip" "{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}"
                "NetBT" "Tcpip" "{14883A1B-3888-40D2-A540-BA004C9F588E}"
                "NetBT" "Tcpip" "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "NetBT" "Tcpip" "{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}"
                "NetBT" "Tcpip" "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "NetBT" "Tcpip" "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "NetBT" "Tcpip" "{91025FA0-C222-41B8-8923-C062AF061AC3}"
                "NetBT" "Tcpip" "NdisWanIp"

reset   Linkage\Export for ms_msclient.  bad value was:
            REG_MULTI_SZ =
                \Device\LanmanWorkstation_NetbiosSmb
                \Device\LanmanWorkstation_NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\LanmanWorkstation_NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\LanmanWorkstation_NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\LanmanWorkstation_NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\LanmanWorkstation_NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\LanmanWorkstation_NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\LanmanWorkstation_NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\LanmanWorkstation_NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\LanmanWorkstation_NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\LanmanWorkstation_NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Bind for ms_netbt.  bad value was:
            REG_MULTI_SZ =
                \Device\Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Route for ms_netbt.  bad value was:
            REG_MULTI_SZ =
                "Tcpip" "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "Tcpip" "{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}"
                "Tcpip" "{14883A1B-3888-40D2-A540-BA004C9F588E}"
                "Tcpip" "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "Tcpip" "{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}"
                "Tcpip" "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "Tcpip" "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "Tcpip" "{91025FA0-C222-41B8-8923-C062AF061AC3}"
                "Tcpip" "NdisWanIp"

reset   Linkage\Export for ms_netbt.  bad value was:
            REG_MULTI_SZ =
                \Device\NetBT_Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\NetBT_Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\NetBT_Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\NetBT_Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\NetBT_Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\NetBT_Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\NetBT_Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\NetBT_Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\NetBT_Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\NetBT_Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Bind for ms_tcpip.  bad value was:
            REG_MULTI_SZ =
                \Device\{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\NdisWanIp

reset   Linkage\Route for ms_tcpip.  bad value was:
            REG_MULTI_SZ =
                "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}"
                "{14883A1B-3888-40D2-A540-BA004C9F588E}"
                "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}"
                "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "{91025FA0-C222-41B8-8923-C062AF061AC3}"
                "NdisWanIp"

reset   Linkage\Export for ms_tcpip.  bad value was:
            REG_MULTI_SZ =
                \Device\Tcpip_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\Tcpip_{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}
                \Device\Tcpip_{14883A1B-3888-40D2-A540-BA004C9F588E}
                \Device\Tcpip_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\Tcpip_{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}
                \Device\Tcpip_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\Tcpip_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\Tcpip_{91025FA0-C222-41B8-8923-C062AF061AC3}
                \Device\Tcpip_{15B491F3-BBD4-4761-AFEF-EE6377DB735E}
                \Device\Tcpip_{D8434333-11C0-42A8-BBFE-59B42647FB5E}

reset   Linkage\Bind for ms_ndisuio.  bad value was:
            REG_MULTI_SZ =
                \Device\{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\{91025FA0-C222-41B8-8923-C062AF061AC3}

reset   Linkage\Route for ms_ndisuio.  bad value was:
            REG_MULTI_SZ =
                "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "{91025FA0-C222-41B8-8923-C062AF061AC3}"

reset   Linkage\Export for ms_ndisuio.  bad value was:
            REG_MULTI_SZ =
                \Device\Ndisuio_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\Ndisuio_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\Ndisuio_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\Ndisuio_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\Ndisuio_{91025FA0-C222-41B8-8923-C062AF061AC3}

reset   Linkage\Bind for ms_pppoe.  bad value was:
            REG_MULTI_SZ =
                \Device\{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\{91025FA0-C222-41B8-8923-C062AF061AC3}

reset   Linkage\Route for ms_pppoe.  bad value was:
            REG_MULTI_SZ =
                "{F392E486-3F8F-4487-87B9-30B7E3AB7823}"
                "{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}"
                "{8A209DE2-793A-4092-BB5C-371E6B85BB52}"
                "{48F97B01-B84F-4B3C-BC00-6B013FBED82F}"
                "{91025FA0-C222-41B8-8923-C062AF061AC3}"

reset   Linkage\Export for ms_pppoe.  bad value was:
            REG_MULTI_SZ =
                \Device\RasPppoe_{F392E486-3F8F-4487-87B9-30B7E3AB7823}
                \Device\RasPppoe_{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}
                \Device\RasPppoe_{8A209DE2-793A-4092-BB5C-371E6B85BB52}
                \Device\RasPppoe_{48F97B01-B84F-4B3C-BC00-6B013FBED82F}
                \Device\RasPppoe_{91025FA0-C222-41B8-8923-C062AF061AC3}

reset   Linkage\Bind for ms_ndiswan.  bad value was:
            REG_MULTI_SZ =
                \Device\{4827C021-6D05-4949-BCE8-A62481EBF702}
                \Device\{5817B104-7031-4710-AD27-D0ECA9C418C6}
                \Device\{3F3E47BD-5234-4C75-849A-0D617301A41B}
                \Device\{1F8F64FF-F53D-43EB-BD4E-64D1C9324879}
                \Device\{FAEE74B6-421A-43ED-B2CE-9C5487B4BCCC}

reset   Linkage\Route for ms_ndiswan.  bad value was:
            REG_MULTI_SZ =
                "{4827C021-6D05-4949-BCE8-A62481EBF702}"
                "{5817B104-7031-4710-AD27-D0ECA9C418C6}"
                "{3F3E47BD-5234-4C75-849A-0D617301A41B}"
                "{1F8F64FF-F53D-43EB-BD4E-64D1C9324879}"
                "{FAEE74B6-421A-43ED-B2CE-9C5487B4BCCC}"

reset   Linkage\Export for ms_ndiswan.  bad value was:
            REG_MULTI_SZ =
                \Device\NdisWan_{4827C021-6D05-4949-BCE8-A62481EBF702}
                \Device\NdisWan_{5817B104-7031-4710-AD27-D0ECA9C418C6}
                \Device\NdisWan_{3F3E47BD-5234-4C75-849A-0D617301A41B}
                \Device\NdisWan_{1F8F64FF-F53D-43EB-BD4E-64D1C9324879}
                \Device\NdisWan_{FAEE74B6-421A-43ED-B2CE-9C5487B4BCCC}

reset   Linkage\UpperBind for USB\VID_0915&PID_0005\5&11AF57CC&0&2.  bad value was:
            REG_MULTI_SZ =
                NETIMFLT01060044

reset   Linkage\UpperBind for USB\VID_0915&PID_0005\5&11AF57CC&0&1.  bad value was:
            REG_MULTI_SZ =
                NETIMFLT01060044

reset   Linkage\UpperBind for USB\VID_05AC&PID_12A0&MI_02\2.  bad value was:
            REG_MULTI_SZ =
                NETIMFLT01060044

reset   Linkage\UpperBind for SW\{48926476-2CAE-4DED-A86E-73DDEBED6779}\NDISIP.  bad value was:
            REG_MULTI_SZ =
                Ndisuio
                RasPppoe
                Tcpip

reset   Linkage\RootDevice for ROOT\NETIMFLTMP01060044\0004.  bad value was:
            REG_MULTI_SZ =
                {3A29327A-A20D-4EBE-896D-5FB271EB743A}
                {F392E486-3F8F-4487-87B9-30B7E3AB7823}

reset   Linkage\UpperBind for ROOT\NETIMFLTMP01060044\0004.  bad value was:
            REG_MULTI_SZ =
                PSched

reset   Linkage\RootDevice for ROOT\NETIMFLTMP01060044\0003.  bad value was:
            REG_MULTI_SZ =
                {B2478A3C-5690-4E5C-ACDA-FF7CD0F26772}
                NdisWanIp

reset   Linkage\UpperBind for ROOT\NETIMFLTMP01060044\0003.  bad value was:
            REG_MULTI_SZ =
                PSched

reset   Linkage\RootDevice for ROOT\NETIMFLTMP01060044\0002.  bad value was:
            REG_MULTI_SZ =
                {C6CF4251-2A83-4588-A2E2-2EA15ABB7536}
                {91025FA0-C222-41B8-8923-C062AF061AC3}

reset   Linkage\UpperBind for ROOT\NETIMFLTMP01060044\0002.  bad value was:
            REG_MULTI_SZ =
                PSched

reset   Linkage\RootDevice for ROOT\NETIMFLTMP01060044\0001.  bad value was:
            REG_MULTI_SZ =
                {404128AF-975C-44C0-A33C-77DE753FAED3}
                {48F97B01-B84F-4B3C-BC00-6B013FBED82F}

reset   Linkage\UpperBind for ROOT\NETIMFLTMP01060044\0001.  bad value was:
            REG_MULTI_SZ =
                PSched

reset   Linkage\RootDevice for ROOT\NETIMFLTMP01060044\0000.  bad value was:
            REG_MULTI_SZ =
                {3905D3C5-A7E5-4B41-9012-DA337756477A}
                {8A209DE2-793A-4092-BB5C-371E6B85BB52}

reset   Linkage\UpperBind for ROOT\NETIMFLTMP01060044\0000.  bad value was:
            REG_MULTI_SZ =
                PSched

reset   Linkage\RootDevice for ROOT\MS_PSCHEDMP\0004.  bad value was:
            REG_MULTI_SZ =
                {C26B78EE-A45C-45F8-B046-1520CF009B6A}
                {3A29327A-A20D-4EBE-896D-5FB271EB743A}
                {F392E486-3F8F-4487-87B9-30B7E3AB7823}

reset   Linkage\UpperBind for ROOT\MS_PSCHEDMP\0004.  bad value was:
            REG_MULTI_SZ =
                Ndisuio
                RasPppoe
                Tcpip

reset   Linkage\RootDevice for ROOT\MS_PSCHEDMP\0003.  bad value was:
            REG_MULTI_SZ =
                {FF2C7284-97C1-46E9-B2AF-C28F7EE1C3B5}
                {404128AF-975C-44C0-A33C-77DE753FAED3}
                {48F97B01-B84F-4B3C-BC00-6B013FBED82F}

reset   Linkage\UpperBind for ROOT\MS_PSCHEDMP\0003.  bad value was:
            REG_MULTI_SZ =
                Ndisuio
                RasPppoe
                Tcpip

reset   Linkage\RootDevice for ROOT\MS_PSCHEDMP\0002.  bad value was:
            REG_MULTI_SZ =
                {09E9B734-A0C4-4BEB-ADED-AE5D2EE0D2F3}
                {C6CF4251-2A83-4588-A2E2-2EA15ABB7536}
                {91025FA0-C222-41B8-8923-C062AF061AC3}

reset   Linkage\UpperBind for ROOT\MS_PSCHEDMP\0002.  bad value was:
            REG_MULTI_SZ =
                Ndisuio
                RasPppoe
                Tcpip

reset   Linkage\RootDevice for ROOT\MS_PSCHEDMP\0001.  bad value was:
            REG_MULTI_SZ =
                {C84D7579-4F2D-4404-8C17-B17568D9A23D}
                {B2478A3C-5690-4E5C-ACDA-FF7CD0F26772}
                NdisWanIp

reset   Linkage\UpperBind for ROOT\MS_PSCHEDMP\0001.  bad value was:
            REG_MULTI_SZ =
                Tcpip

reset   Linkage\RootDevice for ROOT\MS_PSCHEDMP\0000.  bad value was:
            REG_MULTI_SZ =
                {439B3F0E-AEBE-406E-9FF0-7C272D9EA2A6}
                {3905D3C5-A7E5-4B41-9012-DA337756477A}
                {8A209DE2-793A-4092-BB5C-371E6B85BB52}

reset   Linkage\UpperBind for ROOT\MS_PSCHEDMP\0000.  bad value was:
            REG_MULTI_SZ =
                Ndisuio
                RasPppoe
                Tcpip

reset   Linkage\UpperBind for ROOT\MS_NDISWANIP\0000.  bad value was:
            REG_MULTI_SZ =
                NETIMFLT01060044

reset   Linkage\UpperBind for PCI\VEN_1106&DEV_3065&SUBSYS_80FF1043&REV_78\3&61AAA01&1&90.  bad value was:
            REG_MULTI_SZ =
                NETIMFLT01060044

<completed>

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14883A1B-3888-40D2-A540-BA004C9F588E}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15B491F3-BBD4-4761-AFEF-EE6377DB735E}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15B491F3-BBD4-4761-AFEF-EE6377DB735E}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48F97B01-B84F-4B3C-BC00-6B013FBED82F}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A209DE2-793A-4092-BB5C-371E6B85BB52}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B82F34B-8A6E-4F68-A9AD-139B4572CECA}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91025FA0-C222-41B8-8923-C062AF061AC3}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91025FA0-C222-41B8-8923-C062AF061AC3}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D8434333-11C0-42A8-BBFE-59B42647FB5E}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D8434333-11C0-42A8-BBFE-59B42647FB5E}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE4E546F-F4B1-4BAB-A926-F777ECC85DF2}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\Mtu
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\TcpWindowSize
reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA9D9FA8-1D97-4E0A-B47D-F11F3E46BF8C}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\RawIpAllowedProtocols
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\TcpAllowedPorts
            old REG_MULTI_SZ =
                0

reset   SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F392E486-3F8F-4487-87B9-30B7E3AB7823}\UdpAllowedPorts
            old REG_MULTI_SZ =
                0

<completed>

 

 

repair_icons.txt

 

The system cannot find the file specified.
The system cannot find the file specified.
 

Repair_MSI_Windows_Installer.txt

 

[SC] ChangeServiceConfig SUCCESS
The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Installer service is starting.
The Windows Installer service was started successfully.

[SC] ChangeServiceConfig SUCCESS
The Windows Installer service is stopping.
The Windows Installer service was stopped successfully.

The Windows Installer service is starting.
The Windows Installer service was started successfully.

 

Repair_Network.txt

 

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

Ok.

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

Windows IP Configuration

 

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes..

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

Ok.

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

Windows IP Configuration

 

Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes..

 

 

Repair_Performance_Counters.txt

 

 

LODCTR
    Updates Performance Monitor counter names and explain text for an extensible counter

Usage:
    LODCTR [\\computername] filename
        computername is the name of the remote computer.
            Local machine is used if computername is not specified.
        filename is the name of the initialization file that contains
            the counter name definitions and explain text for an extensible
            counter DLL.

    LODCTR /S:<FileName>
        save current perf registry strings and info to <FileName>

    LODCTR /R:<FileName>
        restore perf registry strings and info using <FileName>

Note: any arguments with spaces in the names must be enclosed within
Double Quotation marks.

 

Repair_Print_Spooler.txt

 

Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00002.SHD
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00002.SPL
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00003.SHD
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00003.SPL
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00004.SHD
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00004.SPL
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00005.SHD
Deleted file - C:\WINDOWS\System32\spool\PRINTERS\00005.SPL
The system cannot find the file specified.
The system cannot find the file specified.
 

 

Repair_Volume_Shadow_Copy_Service.txt

 

The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The MS Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

The Volume Shadow Copy service is stopping.
The Volume Shadow Copy service was stopped successfully.

The MS Software Shadow Copy Provider service is stopping.
The MS Software Shadow Copy Provider service was stopped successfully.

 

Repair_Windows_Firewall.txt

 

The Windows Firewall/Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS

The Windows Firewall/Internet Connection Sharing (ICS) service was stopped successfully.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS

 

 

Repair_Windows_Updates.txt

 

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

The following services are dependent on the CryptSvc service.
Stopping the CryptSvc service will also stop these services.

   Panda TPSrv
   Panda Software Controller

The Panda TPSrv service is stopping........
The Panda TPSrv service was stopped successfully.

The Panda Software Controller service is stopping...
The Panda Software Controller service was stopped successfully.

The CryptSvc service is stopping..
The CryptSvc service was stopped successfully.

The BITS service is stopping.
The BITS service was stopped successfully.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the path specified.
Deleted file - C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Deleted file - C:\WINDOWS\SoftwareDistribution\AuthCabs\authcab.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\AuthCabs\muauth.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\authcab.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\muauth.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00F76.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res1.log
Deleted file - C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0bc0aa99a52724e997b08dc0a371d19610404f10
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\14d19c27b28cc3990260d7191f6e0ff6c7483623
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\163863c984a28e9a171adac45fbd1433e0062bee
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\23dfc14f0111de6f575bf00b12a68d68da89b4f9
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\283f4a55bc4f8fbe47bd8100ea8997da5e21c3f4
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\2b0060f9ecdc002499107a899898f1b28241bb29
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\33d8a4b8183134ca79120bb436c18ddab713e713
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\34d822e0c61e0d8067f37ec0ed66a15343e1a58f
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\3dc173f8c7d24153dd41411e822b91ff9e4d7d82
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\3fd8807775936e6681e414dda78243be350045b2
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\412f6fa1cdb720d4db0e6c93ccac03b83419c052
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\45d52fcc0a3c37c790f6c709319a758e75a5033b
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\4824d880aa77b1f0dc9ab894e2b1fc1d00f17a3c
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\4d003035353728b380d1068db8a589b8979c81c3
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\51580f990ab40ad14432d69f84c72d43dca6de17
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5333d4f3be10ce6e7e784a5e11f3023dd1443de6
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\74edd5e5937a02cb26c69c6fe8affbdf6e18ebe8
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\76c29eb92f5fd8b7e6b046ebd1a3efbece3d75df
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\78f4a8980f89edffffc1fb2ab609dba42b8d3411
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\7ea3ad506de9b0704d968534ae8040b683399e4c
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\805debda274cf4192b47507c4e5439863e5d3d5a
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\808c1e22ea669ae931db841995f3ba211e00cd14
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\8135e105072bb9abd2b4b070fc377f70c6f7639d
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\856014978fc0740972290ec736c3693340da6686
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\85605e276a7d714b23cce78face8f915f1b7242c
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\89320fbdfd6611db44607b50d9d60959884e8b4b
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\94abe7d9a36e38e87eeb49d81699059df1879a87
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\9b98c9895b9c672b38047cbcc3ecf9843bbabeaf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\a79bcfc22f1d4c15ae4840c3d535bd203a0a7506
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\a8212227b7bca99eedb089726f698206118d477f
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\a927a40c6e1dec880b35ef0f5915efebccce5e66
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\aca515f4dad805478c0efdee43c74e0f42ea517e
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\aed8959adbbb790aadece89f40c87b25924c23a0
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\b763712ee43f0fd0430236022685ae9e6e5707bb
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\b86ded5d8c14a2fd381f2193dcd5954de8a0748e
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\c3248eb572cb5f82e63ce9c6d73cfbf39b1052ae
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\d23798d37d39cf20a8bf87fc35f661554aedc27e
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\d2859781f800c15b9310953c320a4a94321927c4
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\d48f584aee8983b332323bd4d2dbeceee9ec2790
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\e18dba529025b63370963b5771251fd8b1cbe963
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\e489483e5001f95da04e1ebf3c664173baef3e26
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\e4e342744edc5be01dc675bfa9ddb682488ba682
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\ec2ef02fab14de77ab451803f0e8411d58676d58
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\spmsg.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\spuninst.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\_downloadprogress_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\_file_to_execute_.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\_unpacked_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\_useselfcontained_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\custsat.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpnetdg.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpnetdg.xsl
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpsp3res.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\branches.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\eula.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\KB914440.CAT
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\spcustom.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.ver
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\updatebr.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update_SP2QFE.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\updspapi.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\144c08892595e4fc93a96403c954b1ef\word-x-none.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\spmsg.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\spuninst.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\susdl.rq0
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\WindowsXP-KB904942-v2-x86-ENU.psm
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\_downloadprogress_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\_unpacked_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\_usedelta_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2gdr\wdigest.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2qfe\wdigest.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\branches.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\eula.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\KB904942.cat
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\spcustom.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.url
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.ver
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\updatebr.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update_SP2GDR.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update_SP2QFE.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\updspapi.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\spmsg.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\spuninst.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\_downloadprogress_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\_file_to_execute_.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\_unpacked_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\_useselfcontained_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\sp1qfe\bitsinst.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\branches.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\eula.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\KB883357.CAT
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\spcustom.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\update.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\update.ver
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\updatebr.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\5ea54eecb8f22acf9bd02bc36e049bf3\update\update_SP1QFE.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6855a07c4836bee3e4548313bb6c95e1\outlfltr-x-none.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\69a6c5bd78995deb262aa27137e184e1\powerpoint-x-none.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\legitcheckcontrol.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\spmsg.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\spuninst.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\wgalogon.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\wgatray.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\_downloadprogress_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\_file_to_execute_.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\_unpacked_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\_useselfcontained_.state
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\update.exe
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\update.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\update.ver
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\updspapi.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\6c4788c9549d437e76e1773a7639582a\update\wganotify.cat
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\9c27e8eca9ac84a0369b9010f5852645\update\updspapi.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\abfc8215eb61e7a807f064a421a042a4\fm20-x-none.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\dccd2d0f7e81f1b55296d89e0c76228f\xlconv-x-none.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\e1b10f51c2d651f30d0413ab33fa4e07\excel-x-none.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\Download\f31c33e0e31e80b41c54eea7469bb568\sp3gdr\ieframe.dll
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{015E0990-DF55-4DF6-BA20-0662F5D8AB69}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{068678A9-C9FA-471F-85E8-76E16C934C29}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{0BF3C0F6-31C9-4678-8205-FDE02D4AA15C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{0C6429B9-6396-4796-9E16-98E76E6AE162}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1008EAA0-C943-44F3-8292-75BF0E8FA6FA}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{104D2568-5151-4AFE-A3A5-3DE695759AB9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{114525F5-2604-46EE-A020-94FDC311A6EC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{120912BF-EAD8-4428-A6E8-73162F9860B6}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{120FA74D-B40C-4235-9101-C84247FB1EA2}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{15D0FEC2-2F7D-41F1-87C3-EF69682D00DC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{18786554-6462-48FF-A925-581B47BA91B9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1A6D8552-064E-44C1-AE57-EF8681E1E64E}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1A8DF453-BD52-4BBE-ABE1-DBDA099F23E7}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1B918B36-56A5-4FE7-98B2-D20FE15D6B99}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1BCCAA3C-E7FD-496E-B94E-ED1A04A68F7D}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1C61955C-DE48-40FC-BBFF-61D6FAFE74A8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1D97D397-2161-4A65-A6CA-A9A90CD313D3}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{1F86FC81-7EC5-41AB-A805-44DB263F164A}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{25D1DF98-E232-4D89-B4B7-754FD4A62A5B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{27D354BE-EAB5-4DE4-A826-C0EF33F38870}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{28DAF157-C9D8-42C5-AEB5-840B5495F0C4}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{29FE9655-5D40-448D-9756-AE4E18FBCBFA}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{2C847853-3B1D-4B21-B447-7445F3F8DCC5}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{2DAB8F31-E789-414A-B161-BBD8CBBF4EF8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{2F33A83C-3EA1-4250-B72F-2222C523FD4B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{2F55B553-8421-4D96-B773-592D10000AD4}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{2F7755B3-96D2-4678-A165-F6F1E2EEF737}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{2FE41BB2-DB48-46E5-8368-5FFC827FF5CF}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3340A053-7C8B-4DA6-B44F-50848CAC74B1}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{33F1B83B-2505-4403-8F2F-EBC3854EA81B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{351E78EA-564A-4C72-8BF7-624E47A41671}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{38529342-5BF3-4411-B85A-C134A9C9629F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{38D5A050-1F49-4A2A-9459-479E88B62053}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{393533D4-A367-4B38-9485-96ADEA27853C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3A3CBE53-462B-4BAD-AD72-D9786026BA66}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3BF8B9A5-A578-4DD3-9649-0E1319D77682}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3DA7339F-8DEB-4DC3-9BD4-27C9C5132C72}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3DCD9F03-BEAE-4C14-8C0F-A04765DA2FFC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3E4DECB5-65C0-48C9-82A4-3475851F239C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3F920CAA-2399-4BB4-AD26-67DD75248ECC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3FDCCE7A-F897-4D2E-837C-A1F9D30AAEF9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{3FF4F7EF-58AA-4760-89AA-CFAC2613FA0D}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{40FD1CDC-5A8B-46FD-BDC2-3EA71DA48257}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{4169B62E-B100-4843-99F3-7146504DC0D4}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{48A7A051-67C5-495A-B779-AA6EAE223E5E}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{48C14E10-E42C-4BBC-BDA2-84041DBCD9A1}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{4B674DA2-A906-48C8-A801-7F2046375E8E}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{4C205708-738B-4CFC-88BD-23F7A19092C2}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{4FC88674-C6CA-4183-9874-AF4291F46BF7}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{503B9757-FF51-40B8-92EA-5140EB69B3EA}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{50A40433-9A3F-4973-BC6B-C9CC1D9B52AA}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{520EB4C7-4F65-4B7D-8686-39D343105932}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{550EE13F-C96F-4F8A-80AA-43F20D06764C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{5540E9BA-2893-4241-8667-5C18D3F4876F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{554B90AC-C888-4EAD-A882-7D776597B56D}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{56913AA0-ED28-4D50-9C07-A8C2DF8310A5}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{586FB4A6-1B28-4B64-9E87-10322CE06D94}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{5AB43A2D-EC09-4D31-910E-649C61103EB4}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{5AF6562C-D05C-4879-98F6-0288AEFD3F85}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{5DE4294F-9744-460B-A379-C6675F3595CD}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{5E56C75C-FF3C-412E-B6B6-3944A9B65A04}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{5EA52606-E914-49A9-922F-7376F2DF8F02}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{6DB83E39-EC9F-485C-9714-D4F8C6E03AB4}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{6EFF0244-CE60-40CD-A654-B9F196B3C309}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{73443109-EAF5-4847-8A25-AF59C62292A9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{764DC6F6-1715-42AF-84C2-AC2ED8D58AD1}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{785947C6-540A-49BD-88DF-3FC955AC6AD9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{7A9F7D8C-2D73-4835-AF73-BBE965418991}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{7B399D5A-8E41-45BA-B3A8-044D729AF86F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{7C3FF7B2-FF15-43C4-95FA-77538FCA99AE}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{7C6F32D6-68F8-4061-A0AE-CE9BEFD8F2F6}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{7D920E2F-ABFB-4953-B544-EC3ACFD7CC2E}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{80E79010-2307-4336-BE4C-376EC94287A7}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{82900BDF-51A4-4811-A324-45C94A1E7E08}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{883FE062-B2EB-4700-BEDD-CCF3BEADAC13}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{8C9055E5-9B16-44A1-BB14-3DCB1F936486}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{8D85ADBC-42A0-473C-A3B9-A8111FE71E68}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{8EA345E9-BD2D-4440-AF5B-E1D2956C4B76}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{8ECA01E3-F5E7-4393-BD50-CCD4CB3C6155}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{91FA0D15-6EC8-42C8-AFC2-BB7959490EF8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9234AAC7-8096-4552-A31A-B99CDA25D672}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{93B909C9-420F-4C22-B35B-754985BE7D2F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{951C4219-EA87-475E-B2F1-474E0648EC9E}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{95AADF27-6319-462D-A09E-23E5F4A16833}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{95BB068F-61DB-4ED1-A7FA-C35260792E86}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{96D25C51-95B7-4389-B685-EC6632CBFCD3}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9883B7EE-63D8-4068-B5C3-AB6550C472ED}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{99823370-22FA-446B-B586-C04FB0AC9CC9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9B28A400-6561-4940-A81E-9ADB31B12C5F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9CDF77AE-1821-4F69-B7F6-3507DB953DA3}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9DB3822C-998B-4DCC-8F43-D207CE07C896}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9DE4ECE7-A1DD-45F2-ABAE-D0C90EA7FDFC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{9FE3209A-5976-4ADF-B99E-8E5729D226C2}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A037F807-E3B9-4787-9B65-8209CCA8330F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A2B062A4-1F32-47C2-8297-8D323012CE0B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A3F2E267-2A63-49DE-BC1C-249792F06C83}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A4643409-8285-4C01-9983-899F71187264}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A67E8068-26EF-4438-91B4-1D4524E26019}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A788FB29-FD98-4627-88E0-82BE5E369F67}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A8197F78-3551-49A5-93CE-782A3A23D996}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A8D42BC0-C345-4D5A-95E9-3F5443DEEDFC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A910F1E5-7577-4768-8698-96B698C3D0A4}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A91AFE04-DE8D-4771-92EF-304D672AD40D}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{A9D26FCB-D5F0-406F-BAED-29BF3A124DEE}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{AC610289-0D15-4CAB-AAFB-F9AE99DA665D}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B10E6EF9-80C8-4D2A-A09D-180FA5528E19}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B52E3E2E-1F86-49AF-8283-E0611891D20B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B5D9C8EF-60CA-45D2-AE77-74AA7B36BF39}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B6E32904-05EA-4D13-9DA0-C1F34404582C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B718A8B6-25B9-4AB7-8ED4-55BC2E48C5CC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B7583183-8BF8-49C4-A4F6-6F2257E1F72A}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B7666D3D-CD72-45AD-8B67-1B9A0B827A2C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{B84364FB-7BA2-4F4C-ACBF-8759E1D8B512}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{BB55A9B8-BF94-4D3A-9B4A-A9F5B4AA180D}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{BCC70CDC-2DE4-45EA-86A4-A2BED8571A5C}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{BD4BE9A6-876E-4D0E-BADB-91B5A1F25067}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{BE268F83-5AB7-4070-9FC6-E2AAEB3C63E3}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{C1E51131-4A24-482C-90E9-98AD0E1DB060}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{C5B0228B-DCB2-4B7D-A16C-AB0EEFE762F8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{C5BC592E-AE5C-4696-9E77-51D90A9DE637}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{C66CB92B-A8E8-4DF3-93CC-8A0E9188145B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{C94E4AEF-1B67-4BC7-81C0-4BE6CF5458EB}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{CC269959-BEE8-4335-8083-12C429DBCB36}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{CC6BC258-6AED-4F5A-B99D-6BBF02F73661}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{CE93145E-A969-4AE8-942C-F6B081801CCC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{CFF5876F-9B53-4A8E-A377-13CC0C9CB21B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{D1D684CC-4E8E-41B6-9703-5D0DCADBAC94}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{D2CAA87B-F25C-4D88-B306-309C306BD1B2}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{D30EEA29-DC8B-45F4-AFAE-9173F2EC0B2F}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{D339AADF-B2BB-4D5C-A959-4E39897F9826}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{D8BDD5B1-D11C-45C3-8A01-348323D599B8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{D8CE55F0-CA69-4135-8E98-EEE544BE967B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{DA29C625-5576-4D15-BAE6-94E5CB77E863}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{DA65116E-0225-4152-8DB4-A2296BBFC163}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{DCD6A66C-90D9-4F20-94D9-3F658A1E089B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{DF47D398-ED76-4529-ABFB-35B4294BAED5}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E0CAC271-2585-49FF-A2BA-F57D24AA5370}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E12BF801-7C2F-4256-AFA6-B5295E03DD34}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E20CC5AB-7996-439D-9FDF-391BCD1CF894}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E2511C60-0AEE-428B-8043-16D8D9D49D60}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E28A467B-1287-45B4-9F1B-BFFF046B9964}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E41332A7-FF52-4062-AF08-27931F6428E8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E41F111E-1E53-4D0C-AFA2-D167E779EFB6}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E4B9D551-8D66-40E0-8DF4-79CE5AFBF9DC}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E58BD3E6-E917-499B-9826-39BD659D95A8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E5A52742-50F3-4AD6-A4B2-10CD7566A1E2}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{E8DFA607-7180-477F-BE75-E6A3DEB5E796}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{EDF5FFE7-A06E-495E-9552-B7A414C0EA78}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{EF6C9F0A-27E9-451A-8868-11C37A16A368}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{F0038C15-BFB5-4208-8CCB-6824B84B595A}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{F019BC7E-6D1B-4EAC-A4A7-BC23BF6A3316}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{F223FE81-06DF-41D2-B84A-BC094053EE5B}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{F25BB861-CB83-40BD-B7BB-41D8C9F36577}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{F422E4DD-8CD7-4936-A317-312F62F05E74}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{F61D1C10-02F7-433F-942A-E456FB0A16A9}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\EventCache\{FB5FE12C-09D2-4C36-A2C1-EE5EB24853E8}.bin
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cat
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident-inner.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\muident.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\muident.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cat
Deleted file - C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cat
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wuident-inner.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wuident.txt
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.cat
Deleted file - C:\WINDOWS\SoftwareDistribution\WebSetup\wusetup.inf
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv3muredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\v6-legacy-muredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.xml
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv3wuredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
Deleted file - C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.xml
Deleted file - C:\WINDOWS\system32\catroot2\dberr.txt
Deleted file - C:\WINDOWS\system32\catroot2\edb.chk
C:\WINDOWS\system32\catroot2\edb.log
The process cannot access the file because it is being used by another process.
Deleted file - C:\WINDOWS\system32\catroot2\edb007D6.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007D7.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007D8.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007D9.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007DA.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007DB.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007DC.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007DD.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007DE.log
Deleted file - C:\WINDOWS\system32\catroot2\edb007DF.log
C:\WINDOWS\system32\catroot2\edbtmp.log
The process cannot access the file because it is being used by another process.
Deleted file - C:\WINDOWS\system32\catroot2\res1.log
Deleted file - C:\WINDOWS\system32\catroot2\res2.log
C:\WINDOWS\system32\catroot2\tmp.edb
The process cannot access the file because it is being used by another process.
Deleted file - C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Deleted file - C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp
Deleted file - C:\WINDOWS\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Deleted file - C:\WINDOWS\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp
C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process.
Path not found - C:\WINDOWS\system32\config\txr
The system cannot find the file specified.
Path not found - C:\WINDOWS\system32\SMI\Store\Machine
Path not found - C:\WINDOWS\system32\SMI\Store\Machine
Path not found - C:\WINDOWS\system32\SMI\Store\Machine
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

The CryptSvc service is stopping.
The CryptSvc service was stopped successfully.

The BITS service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The system cannot find the file specified.
The system cannot find the file specified.
Could Not Find C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr*.dat
The system cannot find the path specified.
Path not found - C:\WINDOWS\SoftwareDistribution
The system cannot find the file specified.
The system cannot find the file specified.
Deleted file - C:\WINDOWS\system32\catroot2\dberr.txt
C:\WINDOWS\system32\catroot2\edb.log
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edbtmp.log
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\tmp.edb
The process cannot access the file because it is being used by another process.
Deleted file - C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp
C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process.
Path not found - C:\WINDOWS\system32\config\txr
The system cannot find the file specified.
Path not found - C:\WINDOWS\system32\SMI\Store\Machine
Path not found - C:\WINDOWS\system32\SMI\Store\Machine
Path not found - C:\WINDOWS\system32\SMI\Store\Machine
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
[SC] SetServiceObjectSecurity SUCCESS
[SC] SetServiceObjectSecurity SUCCESS

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS
[SC] ChangeServiceConfig SUCCESS

 

Repair_WMI.txt

 

The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

   Security Center
   Windows Firewall/Internet Connection Sharing (ICS)

The Security Center service is stopping.
The Security Center service was stopped successfully.

The Windows Firewall/Internet Connection Sharing (ICS) service was stopped successfully.

The Windows Management Instrumentation service is stopping.....
The Windows Management Instrumentation service was stopped successfully.

The system cannot find the path specified.
The system cannot find the path specified.
Deleted file - C:\WINDOWS\System32\Wbem\Repository\$WinMgmt.CFG
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\INDEX.BTR
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\INDEX.MAP
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\MAPPING.VER
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\MAPPING1.MAP
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\MAPPING2.MAP
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\OBJECTS.DATA
Deleted file - C:\WINDOWS\System32\Wbem\Repository\FS\OBJECTS.MAP
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\2BF05BA4FA8FAF5F82619A7A23F0B025.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7E27EAAD25AA36FEADFF502991DFC5C1.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\808DA771D27710539621CD5ADC7606AC.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\B0F7571D09CBE0AE81CB8FC91B04A321.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof
Deleted file - C:\WINDOWS\System32\Wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\av.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\fw.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\program files\common files\microsoft shared\msinfo\msioff10.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\program files\common files\microsoft shared\msinfo\oinfop12.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\$ntservicepackuninstall$\cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\$ntservicepackuninstall$\cimwin32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v1.1.4322\aspnet.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v2.0.50727\adonetdiag.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v2.0.50727\aspnet.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v2.0.50727\clr.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v3.0\windows communication foundation\servicemodel.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\microsoft.net\framework\v3.5\mof\servicemodel35.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\licwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\msdtctr.mof
c:\windows\servicepackfiles\i386\msdtctr.mof (5): error SYNTAX 0X8004400a: Unexpected token at file scope

Compiler returned error 0x8004400aMicrosoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\napprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\napschem.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\tscfgwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\wmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\wscenter.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\cimwin32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\licwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\servicepackfiles\i386\tscfgwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\msdtc\trace\msdtctr.mof
c:\windows\system32\msdtc\trace\msdtctr.mof (5): error SYNTAX 0X8004400a: Unexpected token at file scope

Compiler returned error 0x8004400aMicrosoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cimwin32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\dgnet.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\dsprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\evntrprv.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fconprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fevprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\hnetcfg.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ieinfo5.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\krnlprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\licwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\msi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\napclientprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\napclientschema.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ncprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ntevt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\outlook_01c8a74a409e4c96.mof
MOF file has been successfully parsed
Storing data in the repository...
An error occurred while creating object 1 defined on lines 31 - 163:
0X80041002 Class, instance, or property 'Win32_PerfRawData' was not found.
Compiler returned error 0x80041001Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\regevent.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scm.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scrcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\secrcw32.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\smtpcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\sr.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\subscrpt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\system.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tmplprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\trnsprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tscfgwmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\updprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wbemcons.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\whqlprov.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmi.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipcima.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipdskq.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipicmp.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipiprt.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipjobj.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipsess.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmitimep.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wscenter.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\cimwin32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\dsprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fconprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\fevprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\krnlprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\licwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\msi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ncprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\ntevt.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\regevent.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\scrcons.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\secrcw32.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\smtpcons.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tmplprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\trnsprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\tscfgwmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\updprov.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wbemcons.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmi.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipcima.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipdskq.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipicmp.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipiprt.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipjobj.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmipsess.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\wmitimep.mfl
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\system32\wbem\mof\good\msioff10.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\wbem\msfeeds.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!
Microsoft ® 32-bit MOF Compiler Version 5.1.2600.5512
Copyright © Microsoft Corp. 1997-2001. All rights reserved.
Parsing MOF file: c:\windows\wbem\msfeedsbs.mof
MOF file has been successfully parsed
Storing data in the repository...
Done!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 17 July 2015 - 10:44 PM

Greetings,

Please right click on the folder/file and select Delete.

Did System File Checker run properly?

Please do this.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SFC?
  • FSS,txt
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 18 July 2015 - 11:20 AM

When I've run SFC it seemed normal.

 

Now both Malwarebytes and RogueKiller generate the same type of error.  "xxx has encountered a problem...." and offers to send a report.  The typical thing.  At least now they're the same.

 

I ran an extended memory test with MemTest86+ for 12 hours overnight just in case there was a memory problem harder to find.  All is good there.

 

Here is the FSS.txt:

 

Farbar Service Scanner Version: 17-01-2015
Ran by Owner (administrator) on 18-07-2015 at 07:54:17
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) NETFLTDI(11) NETIMFLT01060044(10) PSched(7) Tcpip(3)
0x0C00000004000000010000000200000003000000560000000B00000005000000080000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

 

I also ran procdump on Malwarebytes and looked at it with WhoCrashed.  Here is the result:

 

Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Sat 7/18/2015 3:09:17 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\malwarebytes.dmp
This was probably caused by the following module: Unknown ()
Bugcheck code: 0x0 (0x0, 0x0, 0x0, 0x0)
Error: CUSTOM_ERROR
A third party driver was identified as the probable root cause of this system error.
Google query: CUSTOM_ERROR

*********************

Not much there, eh?

 

In the Event Viewer I see a number of errors related to DCOM like this:

DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service dlcj_device with arguments "" in order to run the server:

{323CE21C-A448-40AA-BA74-7FCF1E441065}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

As I look at this it's likely because the computer isn't on site with its printer attached.....


Edited by fred3, 18 July 2015 - 11:24 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 18 July 2015 - 01:54 PM

Please boot into Safe Mode and see if Malwarebytes and/or RogueKiller will run.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 fred3

fred3
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 18 July 2015 - 02:10 PM

Been there, done that.  No they don't.  And the crash mode has changed for one of them.  Overall the same problem still.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:46 AM

Posted 18 July 2015 - 04:36 PM

Thank you. I think it is time to uninstall Panda Security. Please do that using Revo Uninstaller.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users