Hi deltalima,
I'm not sure why automatic updates are disabled. This pc belongs to one of my friends at church who uses it to play online games - I'm just trying to help her out. Should I enable automatic updates and install sp1?
Following are the scan logs:
Results of screen317's Security Check version 0.99.60
Windows 7 x86
(UAC is disabled!) Out of date service pack!! Internet Explorer 9
``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 22
Java version out of Date! Adobe Flash Player 10
Flash Player out of Date! Adobe Flash Player 11.1.102.63
Adobe Reader 10.1.2
Adobe Reader out of Date! Mozilla Firefox (19.0)
````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%
````````````````````End of Log`````````````````````` OTL logfile created on: 3/6/2013 8:44:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.89% Memory free
3.98 Gb Paging File | 2.97 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 115.02 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
========== Services (SafeList) ========== SRV - (FastUserSwitchingCompatibility) -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll File not found
SRV - (29BE) -- \\.\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\29BE.tmp File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (d7716e80) -- C:\Windows\TEMP\9E07.tmp File not found
DRV - (7008ae98) -- C:\Windows\TEMP\2A6E.tmp File not found
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (X6XSEx_Pr143) -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.sys (Exent Technologies Ltd.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.startsearcher.comIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 04 81 29 3D 18 CE 01 [binary data]
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/20 19:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/03 14:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/30 19:30:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/20 19:30:24 | 000,000,000 | ---D | M]
[2013/03/03 14:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/03/03 14:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/16 18:31:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/15 19:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/04 12:59:36 | 000,002,197 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/02/27 19:50:46 | 000,000,884 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 87.229.126.44
www.google.comO1 - Hosts: 87.229.126.45
www.bing.comO2 - BHO: (no name) - {07D90D00-A1D0-40FA-819C-7B82B03F4542} - No CLSID value found.
O2 - BHO: (no name) - {0FB21A00-A1D0-40FA-819C-7B82B03F4542} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O3 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}
http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19D01C64-F168-4847-88E3-FE6167DFF604}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (avgrmbr.nt /mbr C:\Windows\System32\avgrmbr.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2013/03/06 08:43:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/05 18:49:23 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/03/05 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/03/05 18:46:28 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\Desktop\MGADiag.exe
[2013/03/03 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2013/03/03 20:11:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2013/03/03 15:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2013/03/03 15:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2013/03/03 15:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/03 15:13:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/03 15:04:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2013/03/03 15:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/03 15:02:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/03 15:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/03 15:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/03/03 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/03/03 14:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/03 14:23:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
[2013/03/03 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/03 13:41:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/03/03 13:16:36 | 000,000,000 | ---D | C] -- C:\components
[2013/02/27 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2013/02/27 20:27:46 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/02/27 20:27:18 | 001,132,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013/02/27 20:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2013/02/27 20:27:14 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2013/02/27 20:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Ride Games
[2013/02/27 20:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/02/27 20:24:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SwvUpdater
[2013/02/27 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Discount Buddy
[2013/02/19 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/19 18:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2013/02/19 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013/02/19 18:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/02/19 18:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/03/06 08:44:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/06 08:40:17 | 000,026,560 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 08:40:17 | 000,026,560 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 08:38:51 | 000,639,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/06 08:38:51 | 000,111,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/06 08:36:10 | 000,881,950 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/03/06 08:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 08:33:01 | 1602,875,392 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/05 18:51:00 | 000,025,088 | ---- | M] () -- C:\Users\Owner\Desktop\codecheck.exe
[2013/03/05 18:46:36 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Desktop\MGADiag.exe
[2013/03/05 18:44:09 | 000,681,984 | ---- | M] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2013/03/05 18:37:43 | 003,514,358 | ---- | M] () -- C:\Users\Owner\Desktop\WVCheck.exe
[2013/03/03 20:11:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2013/03/03 15:49:20 | 000,000,141 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\burnaware.ini
[2013/03/03 15:13:42 | 000,002,963 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/03/03 15:02:48 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/03 14:48:10 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/03 11:15:36 | 003,048,563 | ---- | M] () -- C:\lx12core2641td.bin
[2013/03/03 11:15:09 | 006,851,309 | ---- | M] () -- C:\u12iavi5645u5380lo.bin
[2013/03/03 11:14:33 | 000,002,605 | ---- | M] () -- C:\avg12infolx.ctf
[2013/03/03 11:14:15 | 000,000,705 | ---- | M] () -- C:\avg12infoavi.ctf
[2013/02/28 12:08:37 | 000,002,214 | ---- | M] () -- C:\Users\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk
[2013/02/27 21:07:59 | 000,001,975 | ---- | M] () -- C:\Users\Owner\Desktop\Play Mahjong World.lnk
[2013/02/27 20:27:49 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2013/02/27 20:27:49 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2013/02/27 20:27:48 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/02/27 20:24:07 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/27 20:23:12 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/03/06 08:36:05 | 000,881,950 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/03/05 18:50:59 | 000,025,088 | ---- | C] () -- C:\Users\Owner\Desktop\codecheck.exe
[2013/03/05 18:44:07 | 000,681,984 | ---- | C] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2013/03/05 18:37:33 | 003,514,358 | ---- | C] () -- C:\Users\Owner\Desktop\WVCheck.exe
[2013/03/03 15:49:03 | 000,000,141 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\burnaware.ini
[2013/03/03 15:13:42 | 000,002,963 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/03/03 15:02:48 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/03 14:48:10 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/03 14:48:10 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/03 11:15:29 | 003,048,563 | ---- | C] () -- C:\lx12core2641td.bin
[2013/03/03 11:14:54 | 006,851,309 | ---- | C] () -- C:\u12iavi5645u5380lo.bin
[2013/03/03 11:14:33 | 000,002,605 | ---- | C] () -- C:\avg12infolx.ctf
[2013/03/03 11:14:15 | 000,000,705 | ---- | C] () -- C:\avg12infoavi.ctf
[2013/02/27 21:06:48 | 000,002,214 | ---- | C] () -- C:\Users\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk
[2013/02/27 20:27:54 | 000,001,975 | ---- | C] () -- C:\Users\Owner\Desktop\Play Mahjong World.lnk
[2013/02/27 20:27:49 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2013/02/27 20:27:49 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2013/02/27 20:27:48 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/02/27 20:23:38 | 000,000,009 | ---- | C] () -- C:\END
[2013/02/27 20:23:12 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/02/19 18:29:52 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013/02/19 18:29:52 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2013/01/30 19:31:26 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/11 12:27:56 | 004,132,864 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/03/20 19:22:35 | 000,171,257 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/12/06 14:53:23 | 000,012,384 | -HS- | C] () -- C:\Users\Owner\AppData\Local\308007g1s132n444o284o2iin6y7
[2011/12/06 14:53:23 | 000,012,384 | -HS- | C] () -- C:\ProgramData\308007g1s132n444o284o2iin6y7
[2011/10/27 16:54:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/27 16:54:19 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/27 16:53:55 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/20 14:16:35 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/05 00:34:46 | 000,000,067 | ---- | C] () -- C:\ProgramData\467faa72
[2011/03/21 17:51:48 | 000,172,737 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/03/21 17:51:48 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/03/21 17:45:43 | 000,172,876 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/03/21 17:45:43 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/03/04 11:11:52 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Local\PUTTY.RND
========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0C65EA0E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
OTL Extras logfile created on: 3/6/2013 8:44:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.89% Memory free
3.98 Gb Paging File | 2.97 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 115.02 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B03EAF-3F80-43BD-8A99-C0F6112DBA5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03E3FFAA-73EC-4A1E-A277-A58F2A1E813B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D348670-5BD0-47F1-85A3-61251D9D55AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{115BFF4D-480C-42F0-8030-3CA13BA89574}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{157B95F5-9F9F-4CE2-9F37-87D611E90120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{175998AC-94EA-4936-B475-977022162702}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AF365CA-F6CE-417E-9ACE-CB89655884B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FFA1AD6-CB9A-4030-B214-4321201C2550}" = rport=137 | protocol=17 | dir=out | app=system |
"{267FDA3E-8B32-44E7-842B-6E2A60688D5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{278DF1C3-1B15-4E6A-9E91-F0FA2471D771}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2D342290-6D6F-492C-BE0D-794E1FEDA177}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FB087E1-C840-49A3-8AE7-C7F000A96EB1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{37205DCE-2265-4D19-9653-923BBE632D69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{414CCBEC-412C-4746-8B0B-14311DB0EC86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{417C3B2D-898A-451C-BECA-3DF1D340020E}" = rport=445 | protocol=6 | dir=out | app=system |
"{49772216-7E4B-4F04-A94B-CDC520C4B571}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52CBAFAF-C9E3-4A98-B6AB-0181C97DF5B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{59C8353A-8027-4DA4-83D3-DEBC76AD469D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C98103A-DA98-4BB9-8023-50146D33A9EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D488B76-378D-4BA4-993F-F209DE2B1C59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B64A764-DA7E-4E11-BA89-E48AAEFC20C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{9C6186D5-2C54-421A-BE1E-13A8C68ABCB6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5E03B44-75AC-448B-BC9E-1E785DD8A125}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE9CF4CB-0704-48A9-8796-AFE93C12B582}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3A60507-DB9D-44D6-8AF2-D021074D5D1A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E46BACE5-E9D4-49F6-927B-CBC895E1ADD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E49A01BE-BD96-4F3A-9B6E-0EAA028FB41F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E74D70E2-FC23-4450-88BC-40532C4BDDA3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EAEB5434-7F57-4386-B091-ACB7F6472B4F}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBEB5B6F-D6A8-4D90-9257-DB9B9C2C5030}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0F96547-16F7-4EB8-8DF5-BC9EDA02173A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F484B1C4-E831-46E2-8FC6-C23D8A93F631}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076F6D4-A875-4B62-A415-1915D5480142}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{01D7A2A3-83ED-4DCF-85BC-E97D25A0750A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08E3AF04-F1E1-4959-A0B9-70C0AF605EB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15346252-0113-4AA3-AB83-9F9E51DD9841}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{15C83292-D15E-40F4-B734-1B9961914322}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1AEF9D42-4FCF-46E0-8BDF-800CAE61079C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BE236D1-2C18-46FD-AD3B-CCD67ED57EF1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2336B140-1832-4E41-A36C-49C24FF1CCB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{261C496E-D159-4B6A-ACFB-325EFF9E235A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{2EFC2EB1-70D7-40A2-A564-8F31B035CAC3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{31502C60-8EF3-4DF1-98C9-21C4900283DC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{32732F31-B34D-41E6-A3EE-44192E9AAD6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{38730ABC-42BE-45E4-9E9E-38E9F68BFCB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{3A40CD91-C2C8-42DE-A1DB-508206E94C4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3B959EFE-2BDC-4592-A9F5-7249BFA60265}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{43D55F4B-EB46-49C7-90C8-E1C2EF11B803}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{47D850D2-712D-4786-8103-39DAB1949417}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48167DAD-D7FD-4D76-95DF-EA3410B8D977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53C9FA31-E196-4FFC-9445-09F74E6BC841}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{5AFFD7DB-D1E8-4439-B736-B5CBB13672FE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{5C121DC4-A621-4FD6-A05D-74863468752D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{628C0118-FE3F-4CFA-9482-8C080E4DA864}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{641EEC75-8808-4588-83A5-E7190EF216B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{663516F8-143C-4444-8F8B-A599B7332217}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6CC7B95C-43CE-4866-AC27-80A0566C2F70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{7235463C-1DF1-42B8-8A03-80CF619FFD2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76BE26C5-1901-4F4A-AD06-E6D15A26EA06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{8A42BA0C-B3EF-4D23-B9BA-1A2D762A2DCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B77F07E-61A7-4790-84BF-DA9A9CE17452}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{8BA9AC29-FBA6-4C0F-8D94-CDAD191DB308}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9216164B-44B0-47EE-A40E-6D0E8978B5A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{932ACF84-69A6-478A-B6A6-F63ACE719149}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97F0DD18-8232-419A-9CE0-637C3BE6293C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D0A7735-CC07-41F5-99DF-B4EB66D12C5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{9E9898CA-9CC4-406B-AD02-ACC2D2475C00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{9EA9C5FB-DEF0-4072-9A5A-36FCB6BF24B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{9F5156AB-4DC9-4B0F-9A63-054647AFE93D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{A47CC180-AD60-42A8-AABC-F2E2929A22D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{A63C9BE6-C6CF-4A0A-8F52-3F2EF2EEEE85}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{B94671F0-3462-4B1C-9A0C-8D75ABBDF980}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9AB88E8-5E39-4EB1-A103-B90B61E80586}" = protocol=6 | dir=out | app=system |
"{C5E59B1A-614D-4E5F-A37E-789FA0148968}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{D2C07E57-C3DC-4620-9DF6-A78170CE808E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D7E70CE8-BF16-4B62-B531-D07F91766C5C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{DC7EABDD-3052-41E2-8388-8C1CFB175DB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E3D57092-0588-43F7-87B1-6D7164F0AE0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6B2BC0-F032-4B26-82FF-2D90DE26E22D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBDFED27-7DE1-47C2-85C8-6271C2D9A3A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{EBE9EF68-6D61-473C-AA23-7AEA9CE96F79}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{F60ADFB5-1E93-46EF-A29F-49DB0CB896B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F900089C-F3CB-42B2-8518-4BD5750B5232}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FE680280-E5DD-47FB-9AA9-315A6135D2EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{1A6F7DC9-97DC-4F85-855E-922EF4C26C75}C:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe |
"TCP Query User{396621FD-FCC0-4F6E-89A2-53807942196C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{8B55B197-3ED7-44B7-9E89-6BE0E0A965F4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8F788716-C7DD-43F2-95BE-F75142A79EDF}C:\program files\common files\java\java update\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"TCP Query User{99391F2C-EB8E-4C6F-9801-ECA39E6BC50A}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{A67CFB76-34C4-4158-8910-2D581B07B9EC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A7E48357-72E7-4749-9740-853882B832FC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BA0C1148-FC98-41FC-A7E2-644F29BDC480}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{D8268E6C-4432-447E-AD33-1E67D0FF2B78}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{09FB85EC-E6D2-4585-A1F4-F27E129C8973}C:\program files\common files\java\java update\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"UDP Query User{5D6E7B9C-4BA5-4D26-A25A-26B5F924C48C}C:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe |
"UDP Query User{7AFCEEE7-6275-45DD-B294-6B668A399419}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{8CD75335-4B83-4D40-9211-AA536282C68F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{8D407508-9EE0-448B-B17E-535304735D2F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AED8C75D-19A5-49F5-BC71-EA7201441ACF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CFFAACBD-12B1-40CC-BD4F-52756E471DC1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E788695D-6082-4082-9962-267DA1414908}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F2B3EE2B-BC34-4786-B50B-581A1090F265}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{607398CF-354B-4E21-B1BC-549424BFD04C}" = TIPCI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2013
"BFGC" = Big Fish Games: Game Manager
"BurnAware Free_is1" = BurnAware Free 6.0
"CCleaner" = CCleaner
"exent_598050" = Mahjong World
"exent_643650" = MahJong Quest 3 The Balance of life
"exent_750650" = Heroes of Hellas 3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PRO" = Microsoft Office Professional 2007
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 1/30/2013 7:39:38 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 1/30/2013 7:39:38 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 1/30/2013 7:39:39 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 1/30/2013 7:39:39 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 1/30/2013 8:34:02 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
stamp: 0x4ba1da21 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x10012815 Faulting process id: 0xa18 Faulting application
start time: 0x01cdff4aab253788 Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting
module path: unknown Report Id: e8eb9c02-6b3d-11e2-9412-00e0b8c6b702
Error - 1/30/2013 8:54:17 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
stamp: 0x4ba1da21 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x10012815 Faulting process id: 0x324 Faulting application
start time: 0x01cdff4d7e7b217a Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting
module path: unknown Report Id: bcdc94ef-6b40-11e2-a2b5-00e0b8c6b702
Error - 2/19/2013 7:16:08 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2013 9:27:53 PM | Computer Name = Owner-PC | Source = Application on Demand - GPlayer | ID = 0
Description =
Error - 2/28/2013 1:20:55 PM | Computer Name = Owner-PC | Source = Application on Demand - iexplore | ID = 0
Description =
Error - 3/4/2013 8:42:21 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 3/5/2013 7:34:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The MicroSoft Logging State service terminated with the following
error: %%126
Error - 3/5/2013 7:34:33 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 3/5/2013 7:34:38 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE
Error - 3/5/2013 11:33:57 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 3/6/2013 9:33:06 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Offline Files service terminated with the following error: %%3
Error - 3/6/2013 9:33:08 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the 29BE
service to connect.
Error - 3/6/2013 9:33:08 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The 29BE service failed to start due to the following error: %%1053
Error - 3/6/2013 9:33:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The MicroSoft Logging State service terminated with the following
error: %%126
Error - 3/6/2013 9:33:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 3/6/2013 9:33:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE
< End of report >
GMER 2.1.19155 -
http://www.gmer.netRootkit scan 2013-03-06 09:37:51
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-22RST0 rev.04.01G04 149.05GB
Running: p6rr991x.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8E9B514A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8E9B521A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8E9B4D7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8E9B4F6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8E9B5000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8E9B4E32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8E9B4ECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8E9B509C]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A85569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4A0 82AB1AB0 8 Bytes [4A, 51, 9B, 8E, 1A, 52, 9B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82AB1AF8 4 Bytes [7C, 4D, 9B, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7A8 82AB1DB8 8 Bytes [6A, 4F, 9B, 8E, 00, 50, 9B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AB1DC8 8 Bytes [32, 4E, 9B, 8E, CE, 4E, 9B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82AB1E3C 4 Bytes [9C, 50, 9B, 8E]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73512494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [734F5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [734F56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7351250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73508573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73504D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [735050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [735051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [735066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [735082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73508819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7350907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7350E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73504C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs X6XSEx_Pr143.Sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
---- EOF - GMER 2.1 ----