Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG found trojan horse PSW.Generic 10.HAL [Solved]


  • This topic is locked This topic is locked

#1
bifri

bifri

    New Member

  • Member
  • Pip
  • 8 posts
Hi,
this morning my AVG alert me that my Pc is infected with "Trojan horse PSW.Generic10.HAL".
My husband usually seeting on my Pc in the morning before work and I can say that he doesn't know so much about Pc's, so maybe, he download something from internet or open some mail... He usually play a lot of games, which receives from some friends... I don't know what to say else...

I don't have any simptoms, for now :), I didn't do anything to remove it, because I don't know how and I want to ask someone who knows...

I would be very grateful for your help!

Here is OTL logfile:


OTL logfile created on: 8/9/2012 13:37:41 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\owner\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 35.17% Memory free
5.86 Gb Paging File | 1.95 Gb Available in Paging File | 33.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 299.90 Gb Total Space | 239.05 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive D: | 631.51 Gb Total Space | 614.54 Gb Free Space | 97.31% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 13:37:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2012/06/11 13:16:43 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/26 21:27:12 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2012/01/03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/24 07:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/17 00:34:38 | 000,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/12/15 19:49:28 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/15 19:49:27 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/12/15 19:49:26 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/12/13 21:10:32 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/12/13 21:10:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/12/13 21:10:29 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/13 21:10:29 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/12/13 21:10:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/12/13 21:10:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/12/13 21:10:28 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/11/20 15:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/21 02:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/21 02:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/10/16 01:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/16 01:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/30 15:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 15:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/10 01:29:20 | 000,167,576 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 08:36:14 | 000,442,392 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 08:36:13 | 012,235,288 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/31 08:36:12 | 003,997,720 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 08:34:57 | 000,526,872 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll
MOD - [2012/07/31 08:34:55 | 000,104,984 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll
MOD - [2012/07/31 08:34:45 | 000,144,424 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 08:34:43 | 000,266,792 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 08:34:42 | 002,480,680 | ---- | M] () -- C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2010/12/13 20:58:40 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/12/13 20:58:40 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2010/03/15 22:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/27 21:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 03:37:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 16:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/17 00:34:38 | 000,085,096 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/12/15 19:49:27 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/12/13 21:10:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/12/13 21:10:29 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/13 21:10:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/12/13 07:35:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/21 02:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/07 03:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2009/10/16 01:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/30 15:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 15:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/09/13 08:37:42 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/06 10:37:42 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/13 21:10:29 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/12/13 21:10:29 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/12/13 21:10:29 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/12/13 21:10:29 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/12/13 21:10:29 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/12/13 21:10:28 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/12/13 21:10:28 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/11/20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 13:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/21 02:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010/04/27 22:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/17 07:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/11 10:19:18 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/14 02:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/iat/us_il.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 E5 7E DE 76 9A CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {BCCB0287-A461-4ddb-B0E8-8D2E23F54FAD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{242F6D3F-9D88-48e1-B274-B03AAAD52369}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{317FF0BA-AF7A-4299-A6C6-9854853A36CD}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{BCCB0287-A461-4ddb-B0E8-8D2E23F54FAD}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/05 12:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/11 13:16:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/05 12:01:01 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Late Night = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_1\
CHR - Extension: Gmail = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 00:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{746CDA19-8148-498C-87B8-10C379301F44}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94615D6F-4194-4BA0-9D9F-345E8E6C6CDE}: DhcpNameServer = 82.102.139.10 82.102.139.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D17F04BD-8303-4CEB-BB0B-5208C6024DC4}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 13:37:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/08/08 16:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Shattered Minds - Encore
[2012/08/08 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\ARCBAZAR
[2012/08/06 13:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Howlville - The Dark Past
[2012/08/05 14:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\The Promised Land
[2012/08/05 14:50:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Hidden Anthologies Pride and Prejudice
[2012/08/03 16:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Crossworlds - The Flying City
[2012/08/03 16:55:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Chronoclasm Chronicles
[2012/08/01 08:22:15 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Eipix
[2012/07/31 13:50:26 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\cv

========== Files - Modified Within 30 Days ==========

[2012/08/09 13:37:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/08/09 13:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 13:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1391087559-3192120670-161251095-1000UA.job
[2012/08/09 13:02:39 | 000,129,718 | ---- | M] () -- C:\Users\owner\Desktop\virus.jpg
[2012/08/09 04:27:08 | 103,256,935 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/08/09 00:17:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1391087559-3192120670-161251095-1000Core.job
[2012/08/08 16:39:37 | 000,000,912 | ---- | M] () -- C:\Users\owner\Desktop\Shattered Minds - Encore.lnk
[2012/08/05 03:00:00 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - owner.job
[2012/08/01 13:48:12 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 13:48:12 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 01:20:37 | 002,025,601 | ---- | M] () -- C:\Users\owner\Desktop\Mostische - 22.05.07.dwg
[2012/07/30 01:17:15 | 002,024,766 | ---- | M] () -- C:\Users\owner\Desktop\Mostische - 29.05.07.dwg
[2012/07/30 00:37:53 | 003,555,967 | ---- | M] () -- C:\Users\owner\Desktop\20120317_131617.jpg
[2012/07/25 03:23:15 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/25 03:23:15 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/25 03:18:55 | 000,432,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/25 03:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 03:18:27 | 2358,894,592 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2012/08/09 13:02:39 | 000,129,718 | ---- | C] () -- C:\Users\owner\Desktop\virus.jpg
[2012/08/08 16:39:37 | 000,000,912 | ---- | C] () -- C:\Users\owner\Desktop\Shattered Minds - Encore.lnk
[2012/07/30 01:20:34 | 002,025,601 | ---- | C] () -- C:\Users\owner\Desktop\Mostische - 22.05.07.dwg
[2012/07/30 01:17:02 | 002,024,766 | ---- | C] () -- C:\Users\owner\Desktop\Mostische - 29.05.07.dwg
[2012/07/30 00:35:32 | 003,555,967 | ---- | C] () -- C:\Users\owner\Desktop\20120317_131617.jpg
[2012/04/20 08:56:01 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2012/02/16 22:44:29 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/11/12 14:23:33 | 000,012,832 | ---- | C] () -- C:\Users\owner\AppData\Roaming\log.sflog
[2011/09/21 00:35:20 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/13 14:49:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/05/20 07:44:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/21 11:58:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/07 09:58:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/05 11:57:36 | 000,182,420 | ---- | C] () -- C:\Windows\hpwins10.dat
[2011/01/05 11:57:36 | 000,000,372 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2010/12/17 02:03:24 | 000,000,231 | ---- | C] () -- C:\Windows\System32\3dsmax.ini
[2010/12/17 02:03:24 | 000,000,043 | ---- | C] () -- C:\Windows\System32\InstallSettings.ini
[2010/12/15 20:04:52 | 000,010,752 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/22 00:46:50 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2010/11/22 00:46:50 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2010/11/22 00:46:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/11/22 00:37:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== LOP Check ==========

[2012/06/21 14:15:41 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\2monkeys
[2012/03/07 19:02:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Alawar
[2011/08/17 14:22:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Alawar Entertainment
[2012/05/31 11:53:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Alawar Stargaze
[2012/08/03 17:03:41 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AlawarEntertainment
[2012/06/23 23:07:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\aliasworlds
[2012/02/01 16:37:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Amaranth Games
[2011/08/20 13:16:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Anarchy
[2012/06/11 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Artifex Mundi
[2012/06/18 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Artogon
[2010/12/31 06:44:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Autodesk
[2011/09/14 07:33:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Awem
[2011/11/02 00:03:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Az-Art
[2012/04/27 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Big Finish
[2011/12/01 11:34:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Big Fish Games
[2012/03/02 18:43:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\bigwig_media
[2012/08/01 15:02:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BlamGames
[2012/05/30 10:35:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Blue Tea Games
[2012/08/05 14:55:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Boolat Games
[2012/05/29 11:56:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Boomzap
[2011/11/07 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BrablGames
[2011/11/24 11:32:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Casual Box
[2011/08/31 14:55:53 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\casualArts
[2012/04/24 10:15:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CasualMechanics
[2011/08/13 14:49:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CattaleGames
[2011/11/20 15:11:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\cerasus.media
[2011/10/18 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Chayowo Games
[2012/08/03 16:57:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Chronoclasm Chronicles
[2011/11/30 18:54:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Colibri Games
[2012/04/24 17:27:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\com.custardsquare.CircusCircus.RunAwayWithTheCircus
[2011/11/24 13:46:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Daedalic Entertainment
[2012/04/29 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DailyMagic
[2012/05/26 11:28:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Deep Shadows
[2012/01/26 12:36:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Digital Quarter
[2012/06/10 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DominiGame Death Man
[2011/08/22 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DragonsEye Studios
[2011/12/22 19:48:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dying for Daylight
[2011/12/22 15:38:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dying for Daylight Shared
[2012/08/01 08:22:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Eipix
[2011/12/16 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EleFun Games
[2012/05/24 12:16:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ElementalsTheMagicKey
[2012/08/04 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Elephant Games
[2011/10/11 14:53:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Enki Games
[2012/03/18 13:00:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EntwinedSoD
[2012/08/02 15:06:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ERS Game Studios
[2011/11/15 15:35:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Fanda Games
[2011/08/01 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Farm 2
[2011/12/16 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\flashInstall
[2011/08/18 15:17:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Floodlight Games
[2012/03/19 13:02:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FlowerOfImmortality
[2012/03/08 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FlyWheelGames
[2012/04/18 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Freeze Tag
[2011/09/23 23:47:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Friday's games
[2011/08/03 08:35:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Frogwares
[2011/11/21 13:29:27 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Frozen Kingdom
[2011/09/21 00:17:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\funkitron
[2012/06/30 12:52:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Funlinker
[2011/08/16 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Funswitch
[2011/11/08 12:24:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Funzai!
[2012/06/30 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Fuzzy Bug Interactive
[2012/05/22 15:36:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameDevo
[2011/10/30 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameHouse
[2012/03/15 13:01:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameInvest
[2012/05/19 14:35:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GameMill Entertainment
[2012/05/20 13:54:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GlarySoft
[2012/03/15 19:30:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GO Games
[2012/06/24 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gogii
[2011/09/06 14:25:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Happy Muffin Top
[2011/11/28 10:10:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Harmonic Flow
[2011/11/24 19:31:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HdO Adventure
[2012/08/05 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Hidden Anthologies Pride and Prejudice
[2011/11/29 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Hidden Objects XIII
[2010/12/21 16:01:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HillStoneAnimationStudios
[2011/11/14 11:28:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\HitPoint Studios
[2012/01/25 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\InImages
[2012/02/07 12:03:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Islands
[2012/01/29 19:22:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Islands2
[2012/02/01 14:26:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Islands3
[2012/04/22 11:46:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\iWin
[2012/05/29 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Jetdogs Studios
[2012/05/28 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Joybits
[2012/05/04 11:39:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Lazy Turtle Games
[2012/03/11 12:23:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LegacyGames
[2012/04/27 11:26:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LegacyInteractive
[2011/08/02 15:37:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LestaStudio
[2012/03/06 13:50:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Ludia
[2012/03/06 13:46:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MakeupGuide
[2011/09/11 12:33:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\margrave3_full
[2011/10/17 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mariaglorum
[2010/12/28 13:05:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MasterThief
[2011/09/09 07:54:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Maximize Games
[2011/11/28 11:23:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MediaArt
[2012/04/19 11:15:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Meridian93
[2011/11/10 13:10:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MoMB_Full_Eng
[2011/09/06 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Monkey Barrel Games
[2012/05/28 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MumboJumbo
[2011/09/22 22:46:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Muse
[2011/09/08 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\My Games
[2012/05/24 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mystery of Mortlake Mansion
[2011/09/19 14:47:53 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Namco
[2012/03/12 13:27:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\naviextras
[2011/12/12 12:39:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Odian Games
[2010/12/18 00:29:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Old Castle
[2012/06/16 13:48:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orneon
[2011/12/18 14:31:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Paranormal Crime Investigations - Brotherhood of the Crescent Snakes Strategy Guide
[2012/05/09 12:09:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PassionFruit Games
[2012/05/20 13:51:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC Cleaners
[2012/05/20 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PCPro
[2012/01/18 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeaceCraft3
[2012/06/06 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Persha Studia
[2011/09/20 08:15:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Phantasmat_bf_se1
[2011/12/07 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PlayFavoriteGames
[2011/11/08 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PlayFirst
[2011/09/21 11:52:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PlayPond
[2011/12/19 14:16:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\quickclick
[2011/10/25 18:13:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Rainbow
[2012/02/02 12:15:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Sahmon Games
[2011/11/13 14:06:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\saves
[2011/10/23 16:23:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SecretIslandEng
[2012/03/04 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ShamanGS
[2012/04/22 14:12:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Silverback Productions
[2012/06/01 00:27:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Skunk Studios
[2012/07/30 14:01:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SMIGames
[2012/06/20 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Specialbit
[2011/09/16 11:52:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SpinTop Games
[2011/10/31 19:43:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SulusGames
[2012/04/30 11:53:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\tabagames
[2012/05/21 12:44:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Ten Heavens
[2011/08/08 10:39:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Teyon
[2012/06/18 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\The Drama Queen Murder
[2012/06/02 14:04:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\The Drama Queen Murder Collector's Edition
[2012/05/31 11:22:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TikisLab
[2011/10/25 11:35:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011/10/23 19:41:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TOMI3
[2011/11/25 12:45:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Top Evidence
[2011/08/26 10:40:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TrickySoftware
[2011/09/02 16:35:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Twilight Games
[2011/08/21 14:34:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ValuSoft
[2012/08/08 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Vast Studios
[2012/05/25 15:54:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\VendelGAMES
[2012/01/19 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\VisualShape
[2011/10/27 12:30:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Vogat Interactive
[2012/02/26 16:07:53 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WendigoStudios
[2012/02/29 16:19:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\YoudaGames
[2012/08/05 03:00:00 | 000,000,242 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - owner.job
[2009/07/14 07:53:46 | 000,025,288 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/05/31 06:41:40 | 000,021,504 | ---- | M] ()(C:\Users\owner\Documents\????? ?????.doc) -- C:\Users\owner\Documents\ביטול מינוי.doc
[2012/05/31 06:41:40 | 000,021,504 | ---- | C] ()(C:\Users\owner\Documents\????? ?????.doc) -- C:\Users\owner\Documents\ביטול מינוי.doc
[2011/09/24 15:56:13 | 000,033,280 | ---- | M] ()(C:\Users\owner\Documents\???? ?????, 23.09.11.doc) -- C:\Users\owner\Documents\מכתב לבינה, 23.09.11.doc
[2011/09/24 15:56:13 | 000,033,280 | ---- | C] ()(C:\Users\owner\Documents\???? ?????, 23.09.11.doc) -- C:\Users\owner\Documents\מכתב לבינה, 23.09.11.doc
[2011/06/29 07:17:27 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?D) -- C:\Windows\System32\ﬨĎ
[2011/06/29 07:17:27 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?D) -- C:\Windows\System32\ﬨĎ
[2011/05/07 22:25:05 | 000,022,016 | ---- | M] ()(C:\Users\owner\Documents\???? ?-AIG.doc) -- C:\Users\owner\Documents\מכתב ל-AIG.doc
[2011/05/07 22:25:05 | 000,022,016 | ---- | C] ()(C:\Users\owner\Documents\???? ?-AIG.doc) -- C:\Users\owner\Documents\מכתב ל-AIG.doc
[2011/03/27 01:28:07 | 000,023,552 | ---- | M] ()(C:\Users\owner\Desktop\?????.doc) -- C:\Users\owner\Desktop\לכבוד.doc
[2011/03/27 00:58:37 | 000,023,552 | ---- | C] ()(C:\Users\owner\Desktop\?????.doc) -- C:\Users\owner\Desktop\לכבוד.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:012BC84F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:4A8EB1C4
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:9195103F
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:F610C203
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:E3615992
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:ED0B32CA
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:1604D047
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:097274A2
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65B8AF94
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:28D8AB30
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2211E7A0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5A2E8BBF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5520ED93
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:697DDE2B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4D551822
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3969ACF7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:021496FB
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B3C7433B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C4A88D6B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8F30A02C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BACD3198
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:6F656E06
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A6E01F67
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:69FE2EE4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DCA79AB3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:905BCB57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9C3AAD57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:474022C7
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2D2461E7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:26499772
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:114C90CA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F5E8CAE0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9603033A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C48905F4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B139DDF3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:AD2DB2F9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C9569F5A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E40D7F76
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B1381B34
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:72A1B66A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:59465B40
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:48D3CC24
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:02CC0035

< End of report >



I also get an OTL Extras logfile, i don't know if you need this....

OTL Extras logfile created on: 8/9/2012 13:37:41 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\owner\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 35.17% Memory free
5.86 Gb Paging File | 1.95 Gb Available in Paging File | 33.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 299.90 Gb Total Space | 239.05 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive D: | 631.51 Gb Total Space | 614.54 Gb Free Space | 97.31% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B311148-921E-444C-9C4D-6E472BE6FA14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C2346F5-CFF5-4E00-B7B3-863C7CF10312}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CA0659D-FFCC-4F40-A210-BF7B6DF42C7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{111A860D-0FD8-4A8D-B9FD-86CC5F6915DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15CD3A7D-8DCD-4958-B82A-E119E3BC930D}" = rport=138 | protocol=17 | dir=out | app=system |
"{19A65D82-61DC-44A3-B542-C1EB1D89A297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31AE2A34-4D9D-411E-95FD-D09F1A9EB095}" = lport=137 | protocol=17 | dir=in | app=system |
"{3788BD03-0B0B-4E84-9A0B-272610AB26D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F86BDD4-08A6-4C78-99B0-EBD5507B5EA0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5096C34A-393D-431F-A833-9A0773E1D650}" = lport=138 | protocol=17 | dir=in | app=system |
"{5A156E14-A2A0-412E-B616-DDA786E9D9D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{65B1EDFC-15D5-4509-A39B-59329C8BBD6E}" = rport=445 | protocol=6 | dir=out | app=system |
"{6EA17FDD-D84F-4000-AD6B-2F84891F1036}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98CED316-718A-4ABD-8891-5ACCF7387F31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EFC0166-C114-4824-B4E7-1D4024C3A22B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5A7F578-08C6-46E1-A297-56C72EBD9305}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE65A19A-AB98-4029-A316-D68EC37D3180}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2982FF0-3B47-4209-AF23-4463F5865328}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D09BC155-9987-41D9-8FDE-8261D48EFC8E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F2E6C2CB-AA23-4D08-B284-46BB6CCD44E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8BD7E4C-E69C-41BD-A3F3-BF9E62B26397}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F958AE7A-2928-4D28-8E79-455C41696972}" = lport=139 | protocol=6 | dir=in | app=system |
"{FB451A6E-4BA9-4295-8C40-EA7F3EC1E171}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061C68E2-8C41-44BC-9069-EF917CD76BC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{09010621-36CF-4986-86C7-C852847088C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{095ED612-C550-43F6-92F2-B9345AE165C2}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{09A37F59-F416-47EC-9F86-B0ABAD177053}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CCF454A-B339-48BE-8D4A-CF0EB54B617A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10F0745F-9C72-40A4-914E-CD6CBEA94D39}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{1A145328-2B62-4393-8FBF-87221A4E94D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1ABD0AEE-A8C3-4905-8266-63C001283887}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{1EDC52D8-E130-44BA-AF6A-666481489544}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{222D3F8B-8DF5-43FB-928E-4F870ECF2FDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25ECE7D9-47ED-47DC-BDA9-38A4EDDFAC2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{2F1DC0B7-F2E9-4C53-8F10-66C220935270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B9FDA8F-143C-4C3F-A55A-8F20957F7964}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{3DA500D9-E9DC-4D09-9979-F1021F441ABC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{3DE5600D-B403-4C31-95F8-3D3896512EBE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{416E378F-6A98-4F11-AE90-4967BC928EDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{4BEE9C0D-397D-452F-BF97-EF7E7C9FC17C}" = protocol=58 | dir=out | [email protected],-28546 |
"{4C95937A-57CE-4A68-9508-C7F2B35C96A0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{4F605673-210E-4ED3-BE1B-5DD9D58FD767}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A4DF6B2-7551-4F3D-9794-2728D422F4F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AC80548-01FD-423B-BC7C-0E3D6630649F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{60CEE9E5-7E3B-4F34-84B9-E9744987E0D3}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{61597F7F-E511-46CA-AC13-76CD834F1DBA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6B0756C7-1A28-4800-BFC7-4BA998C994F9}" = protocol=1 | dir=in | [email protected],-28543 |
"{72659C79-F585-4F10-86BA-A96A84D603A6}" = protocol=1 | dir=out | [email protected],-28544 |
"{73DCAD67-EC33-4B06-81A9-0A170453B3D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{779A9F60-8BF4-4D9C-85FD-ECB7466C9208}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{7883A1D6-AAF0-464A-A612-61EECAC15825}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{81046185-6D31-42BE-9E22-1BC867DB5C3B}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8815A50B-4DF5-4405-A1C3-26AAE96BC485}" = protocol=58 | dir=in | [email protected],-28545 |
"{A1A325A5-0804-4C44-9350-4C838DABA4D6}" = protocol=6 | dir=out | app=system |
"{A8696550-879C-4B5B-8DB3-51EE66866F70}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{AE8143AA-9646-4513-8CBA-7603ABD0F6B6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{B1682B63-E20D-4D95-911C-64706359BC68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5AC66E8-2924-475A-9E4A-FB29DE19C724}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAEE549F-9FDF-42BA-B7D4-77AF345CF765}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{BB40C0C7-9ECF-428D-9828-CAD7CB95E59A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{BEA81017-3455-4895-B855-E61DB14E03B4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{C1A2A485-0C72-4D37-A4C5-C2DDB4AC89E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C27561B1-40B5-4E46-AF2A-623D22129CB2}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C2BBB377-A11E-4A10-886F-FA3467497426}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C3EF1E69-DEFD-473F-A108-3FA442059679}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C96DAED6-41FC-4A15-A8C2-C185CE7FF357}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBA173E3-10CE-4E5C-968E-8BD52DDB9ECE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D22868F4-5423-499E-9C30-9013DB6D734C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D2844BF0-C84A-4E5A-AC53-50F91E87F8D3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D286BC4C-8D6C-4A68-8EE3-78F059874A45}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D2B14DCC-F6DD-42B5-8148-D93438E11D9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{DAEFAFA9-2797-40CB-9403-10708C8F6C77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3E06EF1-7462-4CD1-BBAA-C862A392B10C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F3CD6638-3E29-45A9-B771-48E57243ACAD}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{4BAC847B-D819-44FA-A13D-04762D52BD3B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{025C7DA7-D923-41E6-9F9E-4CC9D585775D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075315E8-E9E1-4DB3-8CBD-0BEBA9E2BAC3}" = ProductContext
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{1742DE47-1693-4E7C-8121-8E1D6AED5B25}" = J5700
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70CAF6DA-C2F4-40C4-A0A4-10FB04701669}" = bpd_scan
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B0B72BC-3007-45E9-BBA3-7B7EF8819FA3}" = 5700_Help
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D3A65B0A-403B-4C20-A488-BFED2BC5D2EF}" = HP OfficeJet J5700
"{D43B1A55-6957-4E93-A674-338F78B4A202}" = BPDSoftware
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0A1335B-3D84-413B-B92C-DF2D4BAACA0C}" = BPDSoftware_Ini
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"AVG9Uninstall" = AVG 9.0
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Kingdom Chronicles Collector's Edition ~ Just For Fun Games" = Kingdom Chronicles Collector's Edition ~ Just For Fun Games
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 15.0" = RealPlayer
"Shattered Minds - Encore ~ Just For Fun Games" = Shattered Minds - Encore ~ Just For Fun Games
"Shop for HP Supplies" = Shop for HP Supplies
"Trusted Software Assistant_is1" = File Type Assistant
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2012 16:41:05 | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 7/24/2012 16:42:00 | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 7/24/2012 16:43:00 | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 7/24/2012 16:44:00 | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 7/24/2012 16:45:00 | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 7/24/2012 16:46:00 | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>
with error: The data is invalid. .

Error - 8/3/2012 9:58:40 | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CrossWorlds.exe, version: 0.0.0.0, time
stamp: 0x4d119f42 Faulting module name: kernel32.dll, version: 6.1.7601.17651, time
stamp: 0x4e2111bf Exception code: 0xc0000005 Fault offset: 0x0004957d Faulting process
id: 0x2cb4 Faulting application start time: 0x01cd71801535c6a2 Faulting application
path: D:\+igrice\Crossworlds - The Flying City\CrossWorlds.exe Faulting module path:
C:\Windows\system32\kernel32.dll Report Id: 54147d07-dd73-11e1-a8cf-1c6f6545cb74

Error - 8/3/2012 9:58:51 | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CrossWorlds.exe, version: 0.0.0.0, time
stamp: 0x4d119f42 Faulting module name: kernel32.dll, version: 6.1.7601.17651, time
stamp: 0x4e2111bf Exception code: 0xc0000005 Fault offset: 0x0004957d Faulting process
id: 0x2fcc Faulting application start time: 0x01cd71801cc92058 Faulting application
path: D:\+igrice\Crossworlds - The Flying City\CrossWorlds.exe Faulting module path:
C:\Windows\system32\kernel32.dll Report Id: 5a7df860-dd73-11e1-a8cf-1c6f6545cb74

Error - 8/3/2012 9:59:35 | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Crossworlds.exe, version: 0.0.0.0, time
stamp: 0x4d119f42 Faulting module name: kernel32.dll, version: 6.1.7601.17651, time
stamp: 0x4e2111bf Exception code: 0xc0000005 Fault offset: 0x0004957d Faulting process
id: 0x337c Faulting application start time: 0x01cd7180368729f6 Faulting application
path: D:\+igrice\Crossworlds - The Flying City\Crossworlds.exe Faulting module path:
C:\Windows\system32\kernel32.dll Report Id: 74600545-dd73-11e1-a8cf-1c6f6545cb74

Error - 8/3/2012 10:01:29 | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CrossWorlds.exe, version: 0.0.0.0, time
stamp: 0x4d119f42 Faulting module name: kernel32.dll, version: 6.1.7601.17651, time
stamp: 0x4e2111bf Exception code: 0xc0000005 Fault offset: 0x0004957d Faulting process
id: 0x33f4 Faulting application start time: 0x01cd71807adf6f36 Faulting application
path: D:\+igrice\Crossworlds - The Flying City\Crossworlds - The Flying City\CrossWorlds.exe
Faulting
module path: C:\Windows\system32\kernel32.dll Report Id: b89c5dac-dd73-11e1-a8cf-1c6f6545cb74

[ System Events ]
Error - 1/29/2012 16:21:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/29/2012 16:22:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/29/2012 16:22:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/29/2012 16:22:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/29/2012 16:22:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/29/2012 16:22:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/29/2012 16:22:23 | Computer Name = owner-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/4/2012 13:22:06 | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:39:52 PM on ?2/?4/?2012 was unexpected.

Error - 4/24/2012 2:59:29 | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:58:07 AM on ?4/?24/?2012 was unexpected.

Error - 4/25/2012 6:17:40 | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:14:48 PM on ?4/?25/?2012 was unexpected.


< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello bifri and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


# Step 1 #
Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


# Step 2 #
Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • 0

#3
bifri

bifri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for contact me so quickly!

Here is logs you are requesting:

1----------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 15:40:42
-----------------------------
15:40:42.625 OS Version: Windows 6.1.7601 Service Pack 1
15:40:42.625 Number of processors: 4 586 0x2505
15:40:42.640 ComputerName: OWNER-PC UserName: owner
15:41:07.070 Initialize success
15:43:10.319 AVAST engine defs: 12081100
15:43:47.400 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
15:43:47.416 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
15:43:47.432 Disk 0 MBR read successfully
15:43:47.432 Disk 0 MBR scan
15:43:47.447 Disk 0 Windows 7 default MBR code
15:43:47.447 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:43:47.478 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 307100 MB offset 206848
15:43:47.525 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 646667 MB offset 629147648
15:43:47.619 Disk 0 scanning sectors +1953521664
15:43:47.775 Disk 0 scanning C:\Windows\system32\drivers
15:44:13.671 Service scanning
15:44:56.666 Modules scanning
15:45:05.121 Disk 0 trace - called modules:
15:45:07.789 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys USBPORT.SYS usbehci.sys ndis.sys Rt86win7.sys rspndr.sys tcpip.sys NETIO.SYS tdx.sys afd.sys pacer.
15:45:07.789 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865ac948]
15:45:07.789 3 CLASSPNP.SYS[8b5d359e] -> nt!IofCallDriver -> [0x86040918]
15:45:07.804 5 ACPI.sys[8b2323d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86470030]
15:45:07.804 7 cdrom.sys[8b41b158] -> nt!IofCallDriver -> \Device\CdRom0[0x86bdad90]
15:45:08.803 AVAST engine scan C:\Windows
15:45:11.860 AVAST engine scan C:\Windows\system32
15:49:13.800 AVAST engine scan C:\Windows\system32\drivers
15:49:34.142 AVAST engine scan C:\Users\owner
16:03:54.702 AVAST engine scan C:\ProgramData
16:05:08.303 Scan finished successfully
16:05:17.008 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
16:05:17.070 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"


2-------------------

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]

8/12/2012 7:43:23
mbam-log-2012-08-12 (07-43-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349169
Time elapsed: 54 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
AVG is still detecting Trojan horse PSW.Generic10.HAL?

Can you tell me what is the file detected? You can find this information in the own AVG quarantine. :thumbsup:
  • 0

#5
bifri

bifri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hy WhiteHat!

Avg found this file:

Object name: C:\Program files\AutoCAD2009\styexe.exe
Detection name: Trojan horse PSW.Generic10.HAL

With best wishies, Bifri!
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

#7
bifri

bifri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi WhiteHat,

First to tell you that I update my Avg and he download updates and tell me that everything is ok, but after that he report that
Anti-virus, Anti-Spayware and Link-Scanner - datebase is outdated, Online Shield - partially functional!


here are log you are requesting:


ComboFix 12-08-13.01 - owner 08/14/2012 17:18:01.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2999.2036 [GMT 3:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 14:22 . 2012-08-14 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 14:09 . 2012-08-14 14:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2012-08-14 14:04 . 2012-08-14 14:09 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2012-08-14 14:04 . 2012-08-14 14:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-14 14:04 . 2012-08-14 14:09 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-14 14:04 . 2012-08-14 14:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-08-14 14:04 . 2012-08-14 14:09 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-08-14 14:04 . 2012-08-14 14:04 -------- d-----w- c:\windows\system32\drivers\Avg
2012-08-14 14:03 . 2012-08-14 14:09 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2012-08-14 14:03 . 2012-08-14 14:03 -------- d-----w- c:\program files\AVG
2012-08-12 04:37 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-08-11 13:08 . 2012-08-11 13:08 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-08-11 13:08 . 2012-08-11 13:08 -------- d-----w- c:\programdata\Malwarebytes
2012-08-11 13:08 . 2012-08-11 13:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-11 13:08 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 11:55 . 2012-08-05 12:29 -------- d-----w- c:\program files\The Promised Land
2012-08-05 11:50 . 2012-08-05 11:51 -------- d-----w- c:\users\owner\AppData\Roaming\Hidden Anthologies Pride and Prejudice
2012-08-03 13:55 . 2012-08-03 13:57 -------- d-----w- c:\users\owner\AppData\Roaming\Chronoclasm Chronicles
2012-08-01 05:22 . 2012-08-01 05:22 -------- d-----w- c:\users\owner\AppData\Roaming\Eipix
2012-07-25 00:00 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 00:37 . 2012-04-12 09:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 00:37 . 2012-02-06 16:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 10:16 . 2010-12-13 17:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-11 10:16 . 2010-12-13 17:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-02 22:19 . 2012-06-22 13:48 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:48 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 13:48 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 13:48 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 13:47 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:19 . 2012-06-22 13:47 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 12:12 . 2012-06-22 13:47 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-26 8546848]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-11 296056]
.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 21:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2011-04-13 12:03 1298320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 23:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 23:27 762736 ----a-w- c:\windows\vVX1000.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [x]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [x]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [x]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [x]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [x]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:37]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391087559-3192120670-161251095-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 19:05]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1391087559-3192120670-161251095-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 19:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-14 17:28:00
ComboFix-quarantined-files.txt 2012-08-14 14:28
ComboFix2.txt 2012-08-14 13:50
.
Pre-Run: 260,027,654,144 bytes free
Post-Run: 259,745,103,872 bytes free
.
- - End Of File - - 7763A310E9E072FEEC159768AE27586A

Edited by bifri, 14 August 2012 - 08:38 AM.

  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\Program files\AutoCAD2009\styexe.exe

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.

  • 0

#9
bifri

bifri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is a link:

https://www.virustot...sis/1344971015/
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Apparently it's a false positive from your antivirus. He still detecting this file as a malware?

Update your antivirus database.

:thumbsup:
  • 0

#11
bifri

bifri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I guess you're right...he didn't reported any file...

THANK YOU VERY MUCH, VERY MUCH, VERY MUCH!
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#13
bifri

bifri

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi WhiteHat,

I did everything you wrote, removed all programs and everything gone successfully!

I read "How did I get infected in the first place??" and I must say it's very helpful...

If I find something I will be here again :)

Thanks again for your time and big help!

Have a good time!
  • 0

#14
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP