Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - Scour


  • This topic is locked This topic is locked
18 replies to this topic

#1 globalhawk.rq

globalhawk.rq

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 12:22 AM

Hello, I am not sure where I wound up with this Google redirect malware, but I cannot get it off this system! I have tried Malwarebytes Anti-Malware, TDSSKiller tools without success, so I need to turn here for help! I am winding up with Google search results that randoming, like every other one take me too either 63. 209. 69. 107 IP address, or scour or any number of random sites. Any help. Thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 12:41 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 05:45 PM

Defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:36 on 18/10/2012 (Globalhawk)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Security Check


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

DDS
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Globalhawk at 17:41:22 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.4741 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Windows\ASMBB\x64\waudit.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Globalhawk\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ASMBB\x64\wauditu.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Waterfox\firefox.exe
C:\Program Files\Waterfox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Globalhawk\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [googletalk] C:\Users\Globalhawk\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{23C0EA46-C64E-4B07-A792-9E3950FAAEEB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23C0EA46-C64E-4B07-A792-9E3950FAAEEB}\24C6F6F6B656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{23C0EA46-C64E-4B07-A792-9E3950FAAEEB}\24C6F6F6B65623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{386255B4-8536-49C1-B41E-631658AB9F24} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49556
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Users\Globalhawk\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-28 31080]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-31 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-5 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-28 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-5 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-6-1 609904]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-28 722528]
R2 waudit;waudit;C:\Windows\ASMBB\x64\waudit.exe [2012-8-25 1314816]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-5-31 9981952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-5-31 310272]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-5 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-5-31 12289472]
R3 KHCAP;KHCap Packet Driver (KHCAP);C:\Windows\System32\drivers\KHCAP.sys [2012-8-25 39304]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-8-3 8604672]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-24 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-24 208896]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-7-26 15360]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-2 428136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-22 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-10 99384]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-22 116648]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NetFlixDownloadManager;VMC NetFlix Download Manager;C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe [2009-4-16 26624]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-11 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .js: Applications\wordpad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-18 20:59:46 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{ED41FF23-CE75-4D75-AF3E-410DA52C8D1D}
2012-10-18 08:59:35 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{0B135D23-1EAE-491B-8C8B-382BB949A0D9}
2012-10-17 20:59:23 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{AAFAFCAA-9C78-458E-B158-C8753201F219}
2012-10-17 00:28:44 -------- d-----w- C:\Users\Globalhawk\AppData\Roaming\Serif
2012-10-17 00:04:51 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-10-17 00:04:27 -------- d-----w- C:\Program Files (x86)\Serif
2012-10-15 00:30:30 -------- d-----w- C:\Users\Globalhawk\AppData\Roaming\Malwarebytes
2012-10-15 00:30:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-15 00:30:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-15 00:30:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-14 17:52:29 -------- d-----w- C:\Users\Globalhawk\AppData\Roaming\Localphone
2012-10-11 23:01:27 -------- d-----w- C:\Program Files (x86)\ClipGrab
2012-10-10 09:01:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 09:01:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 09:01:24 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 09:01:24 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 09:01:24 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 09:01:24 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 09:01:24 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 09:01:24 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 00:38:17 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-09 22:21:57 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{0C057402-5E48-4B5B-92F9-1A94394BC88E}
2012-10-09 07:50:51 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{CBFB870E-2A9D-47DA-A945-E6DC2D63DBA8}
2012-10-08 19:50:40 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{0875D85F-5F27-474F-9F2F-B3B16A497638}
2012-10-08 04:31:43 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{F35822A5-53CA-45F6-9E36-73FD6C5E6C76}
2012-10-07 16:31:31 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{44D08AE4-2409-4C6A-BFEF-D88BDEA4A27A}
2012-10-07 04:31:17 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{D6FDA8EE-AEA9-44D0-82E4-4206F270887E}
2012-10-05 13:28:43 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{443F54C2-201E-4C67-A423-F1F15DEF2BB3}
2012-10-05 08:26:22 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-05 01:28:31 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{6D495794-7B55-4F3A-9F39-296D99A7EF22}
2012-10-04 13:28:19 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{47DEA6B5-A304-4FE6-89E6-4A4D430673E8}
2012-10-04 01:27:54 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{51AB5C81-0B49-42E4-948F-C79D4B456F7C}
2012-10-03 13:27:42 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{B65B47C7-328F-43AA-8B92-BEA251D7101B}
2012-10-03 01:27:30 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{7A44F313-5121-4CB9-8B8E-BD95CA00A354}
2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-10-02 05:26:17 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{33D1C7B0-5438-4393-A6A4-5639D1A0703A}
2012-10-01 17:26:05 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{4ACB8261-3ADD-4BC8-8A05-DCE273B515C3}
2012-10-01 05:51:26 -------- d-----w- C:\Users\Globalhawk\AppData\Local\Macromedia
2012-10-01 05:25:32 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{9A625E81-E87C-4062-B3D7-FA1F1FE97A53}
2012-09-29 03:56:19 -------- d-----w- C:\Windows\rescache
2012-09-29 01:24:56 -------- d-----w- C:\Users\Globalhawk\AppData\Roaming\AVG2013
2012-09-29 01:23:05 -------- d-----w- C:\Users\Globalhawk\AppData\Roaming\TuneUp Software
2012-09-29 01:23:04 -------- d-----w- C:\Users\Globalhawk\AppData\Local\AVG Secure Search
2012-09-29 01:23:02 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-09-29 01:22:55 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-09-29 01:22:52 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-09-29 01:22:51 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-09-29 01:20:09 -------- d-----w- C:\ProgramData\AVG2013
2012-09-29 01:17:12 -------- d-----w- C:\Users\Globalhawk\AppData\Local\MFAData
2012-09-29 01:17:12 -------- d-----w- C:\Users\Globalhawk\AppData\Local\Avg2013
2012-09-29 01:11:23 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{9421716F-83FD-4D3C-8596-11F5E763EDCA}
2012-09-28 12:43:31 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{6B1F096F-6881-45B5-8223-53D7E824DA9E}
2012-09-28 00:43:20 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{EE35FFFB-6723-4546-88CB-73FC959500FC}
2012-09-27 12:43:08 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{95CD01E1-AE59-48EC-A1D8-FB2ADAEE59B0}
2012-09-26 23:56:03 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{BD9E52F4-FAEF-432C-A12B-8D81948BBB19}
2012-09-26 11:55:38 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{EF0AFA0E-7601-49C5-A7CE-C33D537CF612}
2012-09-26 11:09:44 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 23:55:27 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{8398AA13-1770-43A8-87F2-F6C9AD54EAE0}
2012-09-25 11:55:15 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{61E82872-8092-40E8-8C7F-89B723A2EE71}
2012-09-24 23:55:03 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{6C6D7319-B93B-48CE-83A4-C6D48D5009F8}
2012-09-24 11:54:51 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{F286E74A-053C-41B6-BE72-428789A9A133}
2012-09-23 16:42:21 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{B24A5A98-F9FF-4D44-BB83-EE30AB7A3FEC}
2012-09-23 04:41:51 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{0169A211-555A-4767-9866-951C4672FB92}
2012-09-22 00:46:24 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{8FFC1496-45BE-416F-A935-E6439BAEA2B4}
2012-09-21 12:46:13 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{985D501C-7F89-4134-A348-B256C2622A1C}
2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-21 08:45:50 61792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-09-21 00:46:01 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{D2C5A5BD-3D76-40AF-9170-172ED54EA003}
2012-09-20 12:45:49 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{09807C3D-3335-4A51-BE80-EE75FB995A0E}
2012-09-20 00:45:37 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{EB847F23-1A62-4769-883C-C82E3302B4F6}
2012-09-19 12:45:26 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{2C767611-B485-4955-AA7E-E141388382E1}
2012-09-19 00:45:14 -------- d-----w- C:\Users\Globalhawk\AppData\Local\{DB802A82-92C1-43EC-9217-CDBCD610E834}
.
==================== Find3M ====================
.
2012-10-09 07:45:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 07:45:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 08:11:18 151904 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-25 17:46:25 39304 ----a-w- C:\Windows\System32\drivers\KHCAP.sys
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 17:41:35.78 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2011 12:01:02 PM
System Uptime: 10/16/2012 7:25:46 PM (46 hours ago)
.
Motherboard: Hewlett-Packard | | 1659
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU1 | 2001/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 347 GiB total, 159.236 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.11 GiB free.
E: is CDROM (UDF)
F: is FIXED (NTFS) - 335 GiB total, 119.949 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP612: 10/9/2012 6:28:20 PM - ComboFix created restore point
RP613: 10/9/2012 7:18:50 PM - Removed RoxioNow Player.
RP614: 10/10/2012 8:02:50 AM - Removed Skype Click to Call
RP615: 10/11/2012 7:18:28 AM - Windows Update
RP616: 10/14/2012 7:00:02 PM - Windows Backup
RP617: 10/16/2012 7:03:53 PM - Installed Serif PagePlus Starter Edition
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Photoshop Lightroom 3.4 64-bit
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Amazon Kindle
Amazon MP3 Downloader 1.0.12
Amazon Unbox Video
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Software Update
AVG 2013
Bejeweled 2 Deluxe
BlackBox Security Monitor Express™ 1.0
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
ClipGrab 3.2.0.9
Comcast Desktop Software (v1.2.1)
D3DX10
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's World Adventure
Dropbox
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
ffdshow (remove only)
Final Drive Nitro
Google Chrome
Google Drive
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP 3D DriveGuard
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HP Wireless Assistant
IDT Audio
ImgBurn
Intel PROSet Wireless
Intel® Control Center
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 6 Update 22 (64-bit)
Java™ 6 Update 24
Jewel Quest Solitaire 2
Localphone version 1.1.0
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 8.1
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft PowerPoint Viewer
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
NHM Writer Beta
onOne PerfectPresets
OpenOffice.org 3.4
Paint.NET v3.5.10
PandoraRecovery (Remove Only)
PdaNet for Android 3.50
PDF Settings CS5
Penguins!
Picasa 3
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
RoxioNow Player
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Serif PagePlus Starter Edition
Skype™ 5.10
Spybot - Search & Destroy
SQLiteManager
Synaptics Pointing Device Driver
TeamViewer 7
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Validity WBF DDK
VC80CRTRedist - 8.0.50727.4053
Virtual Families
Virtual Villagers 4 - The Tree of Life
Vista Media Center vmcNetFlix Add-In x64
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.1
VMTS ESX Patch Manager
VMware vCenter Converter Standalone
VMware VIX
VMware vSphere CLI
VMware vSphere Client 4.1
VMware vSphere Client 5.0
VMware vSphere PowerCLI
VMware vSphere Update Manager Client 5.0
VMware Workstation
Waterfox 11.0 (x64 en-US)
WebEx
Wheel of Fortune 2
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinSCP 4.3.2
Wireshark 1.6.5
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/17/2012 7:02:10 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{23C0EA46-C64E-4B07-A792-9E3950FAAEEB} because another computer on the network has the same name. The server could not start.
10/17/2012 7:02:10 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/17/2012 7:02:10 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/17/2012 3:39:31 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
10/17/2012 3:39:31 PM, Error: Microsoft-Windows-RasSstp [22] - The Secure Socket Tunneling Protocol service could not be configured to accept incoming connections. The detailed error message is provided below. Correct the problem and restart the SSTP service. The process cannot access the file because it is being used by another process.
10/17/2012 3:39:31 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:443. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
10/16/2012 7:32:23 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
10/16/2012 7:26:46 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
10/16/2012 6:48:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
10/16/2012 6:48:23 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN9-0 is not functioning.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-1 is not functioning.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN3-0 is not functioning.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN2-1 is not functioning.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN2-0 is not functioning.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-1 is not functioning.
10/16/2012 6:44:44 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN0-0 is not functioning.
10/16/2012 6:44:43 PM, Error: RemoteAccess [20013] - The communication device attached to port VPN9-1 is not functioning.
10/16/2012 1:37:34 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/16/2012 1:37:32 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :20" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/13/2012 11:35:39 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :20" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/13/2012 11:35:39 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :0" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/11/2012 11:47:08 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :20" could not be registered on the interface with IP address 192.168.1.8. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
10/11/2012 11:47:08 AM, Error: NetBT [4321] - The name "GLOBALHAWK-HP :0" could not be registered on the interface with IP address 192.168.1.8. The computer with the IP address 169.254.169.144 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 06:35 PM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 06:56 PM

Security Check

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ADwCleaner Report

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 18:45:54
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Globalhawk - GLOBALHAWK-HP
# Boot Mode : Normal
# Running from : C:\Users\Globalhawk\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Users\Globalhawk\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Globalhawk\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Globalhawk\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default
File : C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.34");
Deleted : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&cl[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bc1f664a7-1a6a-4b62-972e-783f386890d5[...]
Deleted : user_pref("mp3tubetoolbar.configXml", "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n<toolbarlayout[...]
Deleted : user_pref("mp3tubetoolbar.configXml_lastcheck", "21776674");

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Globalhawk\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=CBB51F86024DAFB7C630F84FC2555F0E&tbp=homepage", "hxxp://www.google.com/" ]
Deleted [l.65] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.68] : keyword = "isearch.avg.com",
Deleted [l.71] : search_url = "hxxps://isearch.avg.com/search?cid={31BAAF99-1EB0-4EBB-861F-8E08BC7922CE}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}",
Deleted [l.2164] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=CBB51F86024DAFB7C630F84FC2555F0E&tbp=homepage", "hxxp://www.google.com/" ]

*************************

AdwCleaner[S1].txt - [8071 octets] - [18/10/2012 18:45:54]

########## EOF - C:\AdwCleaner[S1].txt - [8131 octets] ##########

RogueKiller Report

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Globalhawk [Admin rights]
Mode : Remove -- Date : 10/18/2012 18:53:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] f41263e4fb5ee3bad6194b3a345f02d9
[BSP] c0bd7179afb67d4f46e0d585056f490c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 355080 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 727613440 | Size: 360123 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 11c0404951deddec1a08c686e5c95d4d
[BSP] c0bd7179afb67d4f46e0d585056f490c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

+++++ PhysicalDrive1: SDHC Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 30432 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 07:01 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 07:34 PM

I ran the Combofix. Report attached.

I still redirects from Google Search especially Wikipedia results.

ComboFix 12-10-18.03 - Globalhawk 10/18/2012 19:16:59.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5778 [GMT -5:00]
Running from: c:\users\Globalhawk\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 00:27 . 2012-10-19 00:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-19 00:27 . 2012-10-19 00:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 22:46 . 2012-10-18 22:46 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-10-18 22:46 . 2012-10-18 22:46 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-10-17 00:28 . 2012-10-17 00:28 -------- d-----w- c:\users\Globalhawk\AppData\Roaming\Serif
2012-10-17 00:04 . 2012-10-17 00:04 -------- d-----w- c:\program files (x86)\Serif
2012-10-15 00:30 . 2012-10-15 00:30 -------- d-----w- c:\users\Globalhawk\AppData\Roaming\Malwarebytes
2012-10-15 00:30 . 2012-10-15 00:30 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 00:30 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 00:30 . 2012-10-15 00:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-14 21:37 . 2012-10-14 21:37 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-14 17:52 . 2012-10-14 17:52 -------- d-----w- c:\users\Globalhawk\AppData\Roaming\Localphone
2012-10-11 23:01 . 2012-10-11 23:01 -------- d-----w- c:\program files (x86)\ClipGrab
2012-10-10 09:01 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:01 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:01 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:01 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:01 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:01 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:01 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:01 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-05 08:26 . 2012-10-05 08:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-10-01 05:51 . 2012-10-01 05:51 -------- d-----w- c:\users\Globalhawk\AppData\Local\Macromedia
2012-09-29 03:56 . 2012-10-11 17:16 -------- d-----w- c:\windows\rescache
2012-09-29 01:24 . 2012-09-29 01:24 -------- d-----w- c:\users\Globalhawk\AppData\Roaming\AVG2013
2012-09-29 01:23 . 2012-09-29 01:23 -------- d-----w- c:\users\Globalhawk\AppData\Roaming\TuneUp Software
2012-09-29 01:22 . 2012-09-29 01:22 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-29 01:22 . 2012-10-18 23:45 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-29 01:20 . 2012-10-05 00:39 -------- d-----w- c:\programdata\AVG2013
2012-09-29 01:17 . 2012-10-01 14:01 -------- d-----w- c:\users\Globalhawk\AppData\Local\Avg2013
2012-09-29 01:17 . 2012-09-29 01:17 -------- d-----w- c:\users\Globalhawk\AppData\Local\MFAData
2012-09-26 11:09 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-21 08:45 . 2012-09-21 08:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 07:45 . 2012-03-30 13:31 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 07:45 . 2011-05-19 12:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-09-13 08:11 . 2012-09-13 08:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-25 17:46 . 2012-08-25 17:46 39304 ----a-w- c:\windows\system32\drivers\KHCAP.sys
2012-08-22 18:12 . 2012-09-11 23:38 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 23:38 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 23:38 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 23:38 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 23:38 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 23:38 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"googletalk"="c:\users\Globalhawk\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-24 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 116648]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NetFlixDownloadManager;VMC NetFlix Download Manager;c:\program files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe [2009-04-16 26624]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-29 31080]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-31 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2011-03-26 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-08-20 423536]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-08-20 423536]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-29 722528]
S2 waudit;waudit;c:\windows\ASMBB\x64\waudit.exe [2012-08-25 1314816]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-05-31 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-05-31 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-05-31 12289472]
S3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [2012-08-25 39304]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-24 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-24 208896]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-24 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-03 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:45]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 01:51]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-23 01:51]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2307254773-4014522594-3609045076-1000Core.job
- c:\users\Globalhawk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 22:51]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2307254773-4014522594-3609045076-1000UA.job
- c:\users\Globalhawk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 22:51]
.
2012-10-17 c:\windows\Tasks\HPCeeScheduleForGLOBALHAWK-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-10-18 c:\windows\Tasks\HPCeeScheduleForGlobalhawk.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Globalhawk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 20:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-31 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49556
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
SafeBoot-73225703.sys
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-18 19:30:14
ComboFix-quarantined-files.txt 2012-10-19 00:30
.
Pre-Run: 179,795,976,192 bytes free
Post-Run: 179,624,849,408 bytes free
.
- - End Of File - - C9FD7062C8B508D2199CE47540A156CB

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 07:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 07:52 PM

TDSKiller
19:45:04.0708 5332 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:45:05.0027 5332 ============================================================
19:45:05.0027 5332 Current date / time: 2012/10/18 19:45:05.0027
19:45:05.0028 5332 SystemInfo:
19:45:05.0028 5332
19:45:05.0028 5332 OS Version: 6.1.7601 ServicePack: 1.0
19:45:05.0028 5332 Product type: Workstation
19:45:05.0028 5332 ComputerName: GLOBALHAWK-HP
19:45:05.0029 5332 UserName: Globalhawk
19:45:05.0029 5332 Windows directory: C:\Windows
19:45:05.0029 5332 System windows directory: C:\Windows
19:45:05.0029 5332 Running under WOW64
19:45:05.0029 5332 Processor architecture: Intel x64
19:45:05.0029 5332 Number of processors: 8
19:45:05.0029 5332 Page size: 0x1000
19:45:05.0029 5332 Boot type: Normal boot
19:45:05.0029 5332 ============================================================
19:45:05.0594 5332 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:05.0599 5332 Drive \Device\Harddisk1\DR1 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:45:05.0603 5332 ============================================================
19:45:05.0603 5332 \Device\Harddisk0\DR0:
19:45:05.0603 5332 MBR partitions:
19:45:05.0603 5332 \Device\Harddisk1\DR1:
19:45:05.0604 5332 MBR partitions:
19:45:05.0604 5332 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400
19:45:05.0604 5332 ============================================================
19:45:05.0604 5332 Initialize success
19:45:05.0604 5332 ============================================================
19:45:22.0091 3536 ============================================================
19:45:22.0091 3536 Scan started
19:45:22.0091 3536 Mode: Manual;
19:45:22.0091 3536 ============================================================
19:45:22.0112 3536 ================ Scan system memory ========================
19:45:22.0113 3536 System memory - ok
19:45:22.0113 3536 ================ Scan services =============================
19:45:22.0160 3536 1394ohci - ok
19:45:22.0170 3536 Accelerometer - ok
19:45:22.0177 3536 ACPI - ok
19:45:22.0182 3536 AcpiPmi - ok
19:45:22.0226 3536 AdobeFlashPlayerUpdateSvc - ok
19:45:22.0237 3536 adp94xx - ok
19:45:22.0247 3536 adpahci - ok
19:45:22.0251 3536 adpu320 - ok
19:45:22.0269 3536 ADVService - ok
19:45:22.0274 3536 AeLookupSvc - ok
19:45:22.0281 3536 AFD - ok
19:45:22.0289 3536 agp440 - ok
19:45:22.0293 3536 ALG - ok
19:45:22.0296 3536 aliide - ok
19:45:22.0311 3536 AMD External Events Utility - ok
19:45:22.0314 3536 amdide - ok
19:45:22.0316 3536 AmdK8 - ok
19:45:22.0318 3536 amdkmdag - ok
19:45:22.0325 3536 amdkmdap - ok
19:45:22.0327 3536 AmdPPM - ok
19:45:22.0330 3536 amdsata - ok
19:45:22.0332 3536 amdsbs - ok
19:45:22.0334 3536 amdxata - ok
19:45:22.0341 3536 AMPPAL - ok
19:45:22.0379 3536 AMPPALP - ok
19:45:22.0382 3536 AMPPALR3 - ok
19:45:22.0392 3536 AppID - ok
19:45:22.0395 3536 AppIDSvc - ok
19:45:22.0397 3536 Appinfo - ok
19:45:22.0437 3536 arc - ok
19:45:22.0439 3536 arcsas - ok
19:45:22.0451 3536 AsyncMac - ok
19:45:22.0454 3536 atapi - ok
19:45:22.0482 3536 AudioEndpointBuilder - ok
19:45:22.0484 3536 AudioSrv - ok
19:45:22.0502 3536 AVGIDSAgent - ok
19:45:22.0507 3536 AVGIDSDriver - ok
19:45:22.0530 3536 AVGIDSHA - ok
19:45:22.0534 3536 Avgldx64 - ok
19:45:22.0551 3536 Avgloga - ok
19:45:22.0564 3536 Avgmfx64 - ok
19:45:22.0579 3536 Avgrkx64 - ok
19:45:22.0588 3536 Avgtdia - ok
19:45:22.0592 3536 avgtp - ok
19:45:22.0596 3536 avgwd - ok
19:45:22.0624 3536 AxInstSV - ok
19:45:22.0633 3536 b06bdrv - ok
19:45:22.0676 3536 b57nd60a - ok
19:45:22.0688 3536 BDESVC - ok
19:45:22.0696 3536 Beep - ok
19:45:22.0724 3536 BFE - ok
19:45:22.0732 3536 BITS - ok
19:45:22.0740 3536 blbdrive - ok
19:45:22.0782 3536 Bonjour Service - ok
19:45:22.0790 3536 bowser - ok
19:45:22.0801 3536 BrFiltLo - ok
19:45:22.0809 3536 BrFiltUp - ok
19:45:22.0813 3536 BridgeMP - ok
19:45:22.0821 3536 Browser - ok
19:45:22.0824 3536 Brserid - ok
19:45:22.0827 3536 BrSerWdm - ok
19:45:22.0830 3536 BrUsbMdm - ok
19:45:22.0833 3536 BrUsbSer - ok
19:45:22.0837 3536 BTHMODEM - ok
19:45:22.0846 3536 bthserv - ok
19:45:22.0868 3536 BTHSSecurityMgr - ok
19:45:22.0894 3536 catchme - ok
19:45:22.0910 3536 cdfs - ok
19:45:22.0931 3536 cdrom - ok
19:45:22.0946 3536 CertPropSvc - ok
19:45:22.0954 3536 circlass - ok
19:45:22.0961 3536 CLFS - ok
19:45:22.0965 3536 clr_optimization_v2.0.50727_32 - ok
19:45:22.0969 3536 clr_optimization_v2.0.50727_64 - ok
19:45:22.0977 3536 clr_optimization_v4.0.30319_32 - ok
19:45:22.0981 3536 clr_optimization_v4.0.30319_64 - ok
19:45:23.0003 3536 clwvd - ok
19:45:23.0016 3536 CmBatt - ok
19:45:23.0019 3536 cmdide - ok
19:45:23.0025 3536 CNG - ok
19:45:23.0036 3536 Compbatt - ok
19:45:23.0050 3536 CompositeBus - ok
19:45:23.0057 3536 COMSysApp - ok
19:45:23.0062 3536 crcdisk - ok
19:45:23.0071 3536 CryptSvc - ok
19:45:23.0089 3536 dc3d - ok
19:45:23.0095 3536 DcomLaunch - ok
19:45:23.0110 3536 defragsvc - ok
19:45:23.0117 3536 DfsC - ok
19:45:23.0140 3536 dg_ssudbus - ok
19:45:23.0145 3536 Dhcp - ok
19:45:23.0149 3536 discache - ok
19:45:23.0182 3536 Disk - ok
19:45:23.0186 3536 Dnscache - ok
19:45:23.0190 3536 dot3svc - ok
19:45:23.0194 3536 DPS - ok
19:45:23.0198 3536 drmkaud - ok
19:45:23.0201 3536 DXGKrnl - ok
19:45:23.0224 3536 EapHost - ok
19:45:23.0226 3536 ebdrv - ok
19:45:23.0238 3536 EFS - ok
19:45:23.0264 3536 ehRecvr - ok
19:45:23.0272 3536 ehSched - ok
19:45:23.0280 3536 elxstor - ok
19:45:23.0288 3536 ErrDev - ok
19:45:23.0299 3536 EventSystem - ok
19:45:23.0307 3536 EvtEng - ok
19:45:23.0315 3536 exfat - ok
19:45:23.0319 3536 fastfat - ok
19:45:23.0335 3536 Fax - ok
19:45:23.0344 3536 fdc - ok
19:45:23.0354 3536 fdPHost - ok
19:45:23.0358 3536 FDResPub - ok
19:45:23.0363 3536 FileInfo - ok
19:45:23.0367 3536 Filetrace - ok
19:45:23.0371 3536 flpydisk - ok
19:45:23.0376 3536 FltMgr - ok
19:45:23.0380 3536 FontCache - ok
19:45:23.0383 3536 FontCache3.0.0.0 - ok
19:45:23.0386 3536 FsDepends - ok
19:45:23.0388 3536 Fs_Rec - ok
19:45:23.0391 3536 fvevol - ok
19:45:23.0396 3536 gagp30kx - ok
19:45:23.0411 3536 GameConsoleService - ok
19:45:23.0423 3536 GEARAspiWDM - ok
19:45:23.0426 3536 gpsvc - ok
19:45:23.0456 3536 gupdate - ok
19:45:23.0458 3536 gupdatem - ok
19:45:23.0461 3536 gusvc - ok
19:45:23.0476 3536 hcmon - ok
19:45:23.0479 3536 hcw85cir - ok
19:45:23.0496 3536 HdAudAddService - ok
19:45:23.0499 3536 HDAudBus - ok
19:45:23.0501 3536 HidBatt - ok
19:45:23.0503 3536 HidBth - ok
19:45:23.0515 3536 HidIr - ok
19:45:23.0518 3536 hidserv - ok
19:45:23.0525 3536 HidUsb - ok
19:45:23.0527 3536 hkmsvc - ok
19:45:23.0535 3536 HomeGroupListener - ok
19:45:23.0538 3536 HomeGroupProvider - ok
19:45:23.0560 3536 HP Support Assistant Service - ok
19:45:23.0563 3536 HP Wireless Assistant Service - ok
19:45:23.0566 3536 HPAuto - ok
19:45:23.0568 3536 HPClientSvc - ok
19:45:23.0577 3536 HPDrvMntSvc.exe - ok
19:45:23.0592 3536 hpdskflt - ok
19:45:23.0594 3536 hpqwmiex - ok
19:45:23.0597 3536 HpSAMD - ok
19:45:23.0600 3536 hpsrv - ok
19:45:23.0608 3536 HPWMISVC - ok
19:45:23.0615 3536 HTTP - ok
19:45:23.0621 3536 hwpolicy - ok
19:45:23.0632 3536 i8042prt - ok
19:45:23.0635 3536 iaStor - ok
19:45:23.0655 3536 IAStorDataMgrSvc - ok
19:45:23.0661 3536 iaStorV - ok
19:45:23.0687 3536 IconMan_R - ok
19:45:23.0690 3536 idsvc - ok
19:45:23.0693 3536 igfx - ok
19:45:23.0695 3536 iirsp - ok
19:45:23.0698 3536 IKEEXT - ok
19:45:23.0701 3536 IntcDAud - ok
19:45:23.0704 3536 intelide - ok
19:45:23.0724 3536 intelkmd - ok
19:45:23.0728 3536 intelppm - ok
19:45:23.0742 3536 IPBusEnum - ok
19:45:23.0756 3536 IpFilterDriver - ok
19:45:23.0760 3536 iphlpsvc - ok
19:45:23.0763 3536 IPMIDRV - ok
19:45:23.0765 3536 IPNAT - ok
19:45:23.0779 3536 IRENUM - ok
19:45:23.0782 3536 isapnp - ok
19:45:23.0784 3536 iScsiPrt - ok
19:45:23.0787 3536 kbdclass - ok
19:45:23.0789 3536 kbdhid - ok
19:45:23.0792 3536 KeyIso - ok
19:45:23.0803 3536 KHCAP - ok
19:45:23.0806 3536 KSecDD - ok
19:45:23.0808 3536 KSecPkg - ok
19:45:23.0811 3536 ksthunk - ok
19:45:23.0813 3536 KtmRm - ok
19:45:23.0821 3536 LanmanServer - ok
19:45:23.0824 3536 LanmanWorkstation - ok
19:45:23.0839 3536 lltdio - ok
19:45:23.0842 3536 lltdsvc - ok
19:45:23.0844 3536 lmhosts - ok
19:45:23.0867 3536 LMS - ok
19:45:23.0882 3536 LSI_FC - ok
19:45:23.0885 3536 LSI_SAS - ok
19:45:23.0887 3536 LSI_SAS2 - ok
19:45:23.0890 3536 LSI_SCSI - ok
19:45:23.0894 3536 luafv - ok
19:45:23.0896 3536 Mcx2Svc - ok
19:45:23.0899 3536 megasas - ok
19:45:23.0901 3536 MegaSR - ok
19:45:23.0910 3536 MEIx64 - ok
19:45:23.0912 3536 MMCSS - ok
19:45:23.0915 3536 Modem - ok
19:45:23.0920 3536 monitor - ok
19:45:23.0927 3536 mouclass - ok
19:45:23.0937 3536 mouhid - ok
19:45:23.0948 3536 mountmgr - ok
19:45:23.0950 3536 mpio - ok
19:45:23.0952 3536 mpsdrv - ok
19:45:23.0955 3536 MpsSvc - ok
19:45:23.0957 3536 MRxDAV - ok
19:45:23.0960 3536 mrxsmb - ok
19:45:23.0962 3536 mrxsmb10 - ok
19:45:23.0964 3536 mrxsmb20 - ok
19:45:23.0967 3536 msahci - ok
19:45:23.0969 3536 msdsm - ok
19:45:23.0972 3536 MSDTC - ok
19:45:23.0989 3536 Msfs - ok
19:45:23.0992 3536 mshidkmdf - ok
19:45:23.0994 3536 msisadrv - ok
19:45:23.0997 3536 MSiSCSI - ok
19:45:23.0999 3536 msiserver - ok
19:45:24.0010 3536 MSKSSRV - ok
19:45:24.0013 3536 MSPCLOCK - ok
19:45:24.0015 3536 MSPQM - ok
19:45:24.0017 3536 MsRPC - ok
19:45:24.0021 3536 mssmbios - ok
19:45:24.0024 3536 MSTEE - ok
19:45:24.0026 3536 MTConfig - ok
19:45:24.0028 3536 Mup - ok
19:45:24.0042 3536 MyWiFiDHCPDNS - ok
19:45:24.0044 3536 napagent - ok
19:45:24.0057 3536 NativeWifiP - ok
19:45:24.0059 3536 NDIS - ok
19:45:24.0062 3536 NdisCap - ok
19:45:24.0071 3536 NdisTapi - ok
19:45:24.0074 3536 Ndisuio - ok
19:45:24.0076 3536 NdisWan - ok
19:45:24.0089 3536 NDProxy - ok
19:45:24.0098 3536 NetBIOS - ok
19:45:24.0101 3536 NetBT - ok
19:45:24.0129 3536 NetFlixDownloadManager - ok
19:45:24.0132 3536 Netlogon - ok
19:45:24.0134 3536 Netman - ok
19:45:24.0137 3536 netprofm - ok
19:45:24.0139 3536 NetTcpPortSharing - ok
19:45:24.0146 3536 netw5v64 - ok
19:45:24.0158 3536 NETwNs64 - ok
19:45:24.0162 3536 nfrd960 - ok
19:45:24.0177 3536 NlaSvc - ok
19:45:24.0199 3536 nm3 - ok
19:45:24.0230 3536 NPF - ok
19:45:24.0239 3536 Npfs - ok
19:45:24.0247 3536 nsi - ok
19:45:24.0251 3536 nsiproxy - ok
19:45:24.0255 3536 Ntfs - ok
19:45:24.0274 3536 NuidFltr - ok
19:45:24.0277 3536 Null - ok
19:45:24.0291 3536 nusb3hub - ok
19:45:24.0293 3536 nusb3xhc - ok
19:45:24.0305 3536 nvraid - ok
19:45:24.0307 3536 nvstor - ok
19:45:24.0313 3536 nv_agp - ok
19:45:24.0315 3536 ohci1394 - ok
19:45:24.0318 3536 p2pimsvc - ok
19:45:24.0320 3536 p2psvc - ok
19:45:24.0322 3536 Parport - ok
19:45:24.0325 3536 partmgr - ok
19:45:24.0327 3536 PcaSvc - ok
19:45:24.0329 3536 pci - ok
19:45:24.0332 3536 pciide - ok
19:45:24.0334 3536 pcmcia - ok
19:45:24.0336 3536 pcw - ok
19:45:24.0339 3536 PEAUTH - ok
19:45:24.0354 3536 PerfHost - ok
19:45:24.0360 3536 pla - ok
19:45:24.0362 3536 PlugPlay - ok
19:45:24.0374 3536 pneteth - ok
19:45:24.0377 3536 PNRPAutoReg - ok
19:45:24.0379 3536 PNRPsvc - ok
19:45:24.0381 3536 Point64 - ok
19:45:24.0384 3536 PolicyAgent - ok
19:45:24.0387 3536 Power - ok
19:45:24.0394 3536 PptpMiniport - ok
19:45:24.0397 3536 Processor - ok
19:45:24.0399 3536 ProfSvc - ok
19:45:24.0401 3536 ProtectedStorage - ok
19:45:24.0410 3536 Psched - ok
19:45:24.0412 3536 ql2300 - ok
19:45:24.0415 3536 ql40xx - ok
19:45:24.0417 3536 QWAVE - ok
19:45:24.0419 3536 QWAVEdrv - ok
19:45:24.0422 3536 RasAcd - ok
19:45:24.0424 3536 RasAgileVpn - ok
19:45:24.0427 3536 RasAuto - ok
19:45:24.0429 3536 Rasl2tp - ok
19:45:24.0431 3536 RasMan - ok
19:45:24.0434 3536 RasPppoe - ok
19:45:24.0436 3536 RasSstp - ok
19:45:24.0438 3536 rdbss - ok
19:45:24.0441 3536 rdpbus - ok
19:45:24.0449 3536 RDPCDD - ok
19:45:24.0453 3536 RDPENCDD - ok
19:45:24.0457 3536 RDPREFMP - ok
19:45:24.0459 3536 RDPWD - ok
19:45:24.0461 3536 rdyboost - ok
19:45:24.0475 3536 RegSrvc - ok
19:45:24.0486 3536 RemoteAccess - ok
19:45:24.0489 3536 RemoteRegistry - ok
19:45:24.0492 3536 rpcapd - ok
19:45:24.0495 3536 RpcEptMapper - ok
19:45:24.0497 3536 RpcLocator - ok
19:45:24.0499 3536 RpcSs - ok
19:45:24.0502 3536 RSPCIESTOR - ok
19:45:24.0505 3536 rspndr - ok
19:45:24.0520 3536 RTL8167 - ok
19:45:24.0522 3536 SamSs - ok
19:45:24.0524 3536 sbp2port - ok
19:45:24.0552 3536 SBSDWSCService - ok
19:45:24.0555 3536 SCardSvr - ok
19:45:24.0557 3536 scfilter - ok
19:45:24.0560 3536 Schedule - ok
19:45:24.0562 3536 SCPolicySvc - ok
19:45:24.0568 3536 sdbus - ok
19:45:24.0571 3536 SDRSVC - ok
19:45:24.0573 3536 secdrv - ok
19:45:24.0576 3536 seclogon - ok
19:45:24.0589 3536 SENS - ok
19:45:24.0601 3536 SensrSvc - ok
19:45:24.0612 3536 Serenum - ok
19:45:24.0619 3536 Serial - ok
19:45:24.0637 3536 sermouse - ok
19:45:24.0645 3536 SessionEnv - ok
19:45:24.0647 3536 sffdisk - ok
19:45:24.0649 3536 sffp_mmc - ok
19:45:24.0652 3536 sffp_sd - ok
19:45:24.0654 3536 sfloppy - ok
19:45:24.0669 3536 SharedAccess - ok
19:45:24.0671 3536 ShellHWDetection - ok
19:45:24.0674 3536 SiSRaid2 - ok
19:45:24.0676 3536 SiSRaid4 - ok
19:45:24.0679 3536 SkypeUpdate - ok
19:45:24.0688 3536 Smb - ok
19:45:24.0696 3536 SNMPTRAP - ok
19:45:24.0698 3536 spldr - ok
19:45:24.0700 3536 Spooler - ok
19:45:24.0703 3536 sppsvc - ok
19:45:24.0705 3536 sppuinotify - ok
19:45:24.0708 3536 srv - ok
19:45:24.0710 3536 srv2 - ok
19:45:24.0713 3536 SrvHsfHDA - ok
19:45:24.0715 3536 SrvHsfV92 - ok
19:45:24.0717 3536 SrvHsfWinac - ok
19:45:24.0720 3536 srvnet - ok
19:45:24.0734 3536 SSDPSRV - ok
19:45:24.0740 3536 SstpSvc - ok
19:45:24.0743 3536 stexstor - ok
19:45:24.0761 3536 STHDA - ok
19:45:24.0768 3536 stisvc - ok
19:45:24.0770 3536 swenum - ok
19:45:24.0827 3536 SwitchBoard - ok
19:45:24.0836 3536 swprv - ok
19:45:24.0849 3536 SynTP - ok
19:45:24.0854 3536 SysMain - ok
19:45:24.0858 3536 TabletInputService - ok
19:45:24.0862 3536 tap0901 - ok
19:45:24.0866 3536 TapiSrv - ok
19:45:24.0870 3536 TBS - ok
19:45:24.0874 3536 Tcpip - ok
19:45:24.0886 3536 TCPIP6 - ok
19:45:24.0890 3536 tcpipreg - ok
19:45:24.0904 3536 TDPIPE - ok
19:45:24.0906 3536 TDTCP - ok
19:45:24.0909 3536 tdx - ok
19:45:24.0926 3536 TeamViewer7 - ok
19:45:24.0938 3536 TermDD - ok
19:45:24.0941 3536 TermService - ok
19:45:24.0943 3536 Themes - ok
19:45:24.0946 3536 THREADORDER - ok
19:45:24.0948 3536 TrkWks - ok
19:45:24.0951 3536 TrustedInstaller - ok
19:45:24.0954 3536 tssecsrv - ok
19:45:24.0969 3536 TsUsbFlt - ok
19:45:24.0985 3536 tunnel - ok
19:45:24.0988 3536 uagp35 - ok
19:45:24.0990 3536 udfs - ok
19:45:24.0998 3536 ufad-ws60 - ok
19:45:25.0004 3536 UI0Detect - ok
19:45:25.0013 3536 uliagpkx - ok
19:45:25.0027 3536 umbus - ok
19:45:25.0033 3536 UmPass - ok
19:45:25.0044 3536 UNS - ok
19:45:25.0047 3536 upnphost - ok
19:45:25.0059 3536 USBAAPL64 - ok
19:45:25.0061 3536 usbccgp - ok
19:45:25.0066 3536 usbcir - ok
19:45:25.0069 3536 usbehci - ok
19:45:25.0071 3536 usbhub - ok
19:45:25.0074 3536 usbohci - ok
19:45:25.0076 3536 usbprint - ok
19:45:25.0079 3536 USBSTOR - ok
19:45:25.0081 3536 usbuhci - ok
19:45:25.0093 3536 usbvideo - ok
19:45:25.0096 3536 UxSms - ok
19:45:25.0099 3536 VaultSvc - ok
19:45:25.0101 3536 vdrvroot - ok
19:45:25.0104 3536 vds - ok
19:45:25.0106 3536 vga - ok
19:45:25.0108 3536 VgaSave - ok
19:45:25.0111 3536 vhdmp - ok
19:45:25.0144 3536 viaide - ok
19:45:25.0152 3536 VMAuthdService - ok
19:45:25.0160 3536 vmci - ok
19:45:25.0177 3536 vmkbd - ok
19:45:25.0183 3536 VMnetAdapter - ok
19:45:25.0188 3536 VMnetBridge - ok
19:45:25.0194 3536 VMnetDHCP - ok
19:45:25.0200 3536 VMnetuserif - ok
19:45:25.0205 3536 VMUSBArbService - ok
19:45:25.0224 3536 VMware NAT Service - ok
19:45:25.0236 3536 vmx86 - ok
19:45:25.0241 3536 volmgr - ok
19:45:25.0244 3536 volmgrx - ok
19:45:25.0248 3536 volsnap - ok
19:45:25.0263 3536 vsmraid - ok
19:45:25.0267 3536 VSS - ok
19:45:25.0274 3536 vstor2-ws60 - ok
19:45:25.0288 3536 vToolbarUpdater12.2.6 - ok
19:45:25.0291 3536 vwifibus - ok
19:45:25.0303 3536 vwififlt - ok
19:45:25.0314 3536 vwifimp - ok
19:45:25.0317 3536 W32Time - ok
19:45:25.0320 3536 WacomPen - ok
19:45:25.0331 3536 WANARP - ok
19:45:25.0334 3536 Wanarpv6 - ok
19:45:25.0348 3536 WatAdminSvc - ok
19:45:25.0359 3536 waudit - ok
19:45:25.0362 3536 wbengine - ok
19:45:25.0364 3536 WbioSrvc - ok
19:45:25.0367 3536 wcncsvc - ok
19:45:25.0369 3536 WcsPlugInService - ok
19:45:25.0372 3536 Wd - ok
19:45:25.0374 3536 Wdf01000 - ok
19:45:25.0377 3536 WdiServiceHost - ok
19:45:25.0379 3536 WdiSystemHost - ok
19:45:25.0382 3536 wdkmd - ok
19:45:25.0384 3536 WebClient - ok
19:45:25.0387 3536 Wecsvc - ok
19:45:25.0389 3536 wercplsupport - ok
19:45:25.0396 3536 WerSvc - ok
19:45:25.0399 3536 WfpLwf - ok
19:45:25.0402 3536 WIMMount - ok
19:45:25.0404 3536 WinDefend - ok
19:45:25.0408 3536 WinHttpAutoProxySvc - ok
19:45:25.0411 3536 Winmgmt - ok
19:45:25.0413 3536 WinRM - ok
19:45:25.0435 3536 WinUsb - ok
19:45:25.0438 3536 Wlansvc - ok
19:45:25.0441 3536 wlidsvc - ok
19:45:25.0444 3536 WmiAcpi - ok
19:45:25.0447 3536 wmiApSrv - ok
19:45:25.0450 3536 WMPNetworkSvc - ok
19:45:25.0466 3536 WPCSvc - ok
19:45:25.0468 3536 WPDBusEnum - ok
19:45:25.0471 3536 ws2ifsl - ok
19:45:25.0474 3536 wscsvc - ok
19:45:25.0476 3536 WSearch - ok
19:45:25.0480 3536 wuauserv - ok
19:45:25.0482 3536 WudfPf - ok
19:45:25.0485 3536 WUDFRd - ok
19:45:25.0488 3536 wudfsvc - ok
19:45:25.0490 3536 WwanSvc - ok
19:45:25.0502 3536 yukonw7 - ok
19:45:25.0532 3536 ================ Scan global ===============================
19:45:25.0533 3536 [Global] - ok
19:45:25.0534 3536 ================ Scan MBR ==================================
19:45:25.0541 3536 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:45:25.0708 3536 \Device\Harddisk0\DR0 - ok
19:45:25.0715 3536 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:45:25.0723 3536 \Device\Harddisk1\DR1 - ok
19:45:25.0724 3536 ================ Scan VBR ==================================
19:45:25.0729 3536 [ 2C6917CB32ADF61698F99450FCB61F1A ] \Device\Harddisk1\DR1\Partition1
19:45:25.0731 3536 \Device\Harddisk1\DR1\Partition1 - ok
19:45:25.0732 3536 ============================================================
19:45:25.0732 3536 Scan finished
19:45:25.0732 3536 ============================================================
19:45:25.0744 0504 Detected object count: 0
19:45:25.0744 0504 Actual detected object count: 0
19:45:41.0493 8008 Deinitialize success

Avast Report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 19:45:54
-----------------------------
19:45:54.749 OS Version: Windows x64 6.1.7601 Service Pack 1
19:45:54.749 Number of processors: 8 586 0x2A07
19:45:54.749 ComputerName: GLOBALHAWK-HP UserName: Globalhawk
19:45:56.718 Initialize success
19:47:33.917 AVAST engine defs: 12101802
19:47:39.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:47:39.503 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
19:47:39.515 Disk 0 MBR read successfully
19:47:39.521 Disk 0 MBR scan
19:47:39.529 Disk 0 Windows 7 default MBR code
19:47:39.536 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
19:47:39.557 Disk 0 Partition 2 80 (A) 42 SFS NTFS 199 MB offset 2048
19:47:39.576 Disk 0 Partition 3 00 42 SFS NTFS 355080 MB offset 409600
19:47:39.600 Disk 0 Partition 4 00 42 SFS NTFS 360123 MB offset 727613440
19:47:39.607 Disk 0 scanning C:\Windows\system32\drivers
19:47:39.611 Service scanning
19:48:26.218 Modules scanning
19:48:26.224 Disk 0 trace - called modules:
19:48:26.278 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
19:48:26.282 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008379790]
19:48:26.285 3 CLASSPNP.SYS[fffff880015c543f] -> nt!IofCallDriver -> [0xfffffa80082908a0]
19:48:26.288 5 hpdskflt.sys[fffff8800186f189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800814a050]
19:48:27.250 AVAST engine scan C:\Windows
19:48:27.254 AVAST engine scan C:\Windows\system32
19:48:27.257 AVAST engine scan C:\Windows\system32\drivers
19:48:27.261 AVAST engine scan C:\Users\Globalhawk
19:48:27.264 AVAST engine scan C:\ProgramData
19:48:27.267 Scan finished successfully
19:49:30.619 Disk 0 MBR has been saved successfully to "C:\Users\Globalhawk\Desktop\MBR.dat"
19:49:30.622 The log file has been saved successfully to "C:\Users\Globalhawk\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 07:57 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 08:49 PM

OTL Report

OTL logfile created on: 10/18/2012 8:35:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\ProgFiles\Cleaners
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 4.92 Gb Available Physical Memory | 61.85% Memory free
15.90 Gb Paging File | 12.63 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 346.76 Gb Total Space | 167.91 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.11 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
Drive E: | 22.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 334.78 Gb Total Space | 111.78 Gb Free Space | 33.39% Space Free | Partition Type: NTFS
Drive H: | 29.71 Gb Total Space | 20.54 Gb Free Space | 69.13% Space Free | Partition Type: FAT32

Computer Name: GLOBALHAWK-HP | User Name: Globalhawk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - F:\ProgFiles\Cleaners\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (NetFlixDownloadManager) -- C:\Program Files\Luttmann\vmcNetFlix\NetFlixDownloadManager.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (waudit) -- C:\Windows\ASMBB\x64\waudit.exe (ASM Software LLC)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (ADVService) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (KHCAP) -- C:\Windows\SysNative\drivers\KHCAP.sys (BlackSquare Software)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledAddons: hmyvslstmd@hmyvslstmd.org:2.5
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49556
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Globalhawk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Globalhawk\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Globalhawk\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS [2012/03/17 10:13:28 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/10 18:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/18 17:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/26 09:05:49 | 000,000,000 | ---D | M]

[2012/02/22 08:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Extensions
[2012/10/01 00:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions
[1832/11/29 00:05:54 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\hmyvslstmd@hmyvslstmd.org.xpi
[2012/03/17 10:16:50 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\personas@christopher.beard.xpi
[2011/11/25 14:17:08 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2012/09/05 22:19:18 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/04 10:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/18 17:46:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/04 09:06:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/10 18:45:54 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
[2012/01/04 09:06:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Globalhawk\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Globalhawk\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Globalhawk\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Globalhawk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: VMware Remote Console and Client Integration Plug-in (Enabled) = C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Globalhawk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/10/09 17:44:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
O3 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000..\Run: [googletalk] C:\Users\Globalhawk\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\..Trusted Domains: vmware.com ([go] https in Local intranet)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23C0EA46-C64E-4B07-A792-9E3950FAAEEB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{386255B4-8536-49C1-B41E-631658AB9F24}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 19:43:59 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Globalhawk\Desktop\tdsskiller.exe
[2012/10/18 19:14:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/18 19:14:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/18 19:14:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/18 19:14:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/18 18:50:51 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\Desktop\RK_Quarantine
[2012/10/18 15:59:46 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{ED41FF23-CE75-4D75-AF3E-410DA52C8D1D}
[2012/10/18 03:59:35 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{0B135D23-1EAE-491B-8C8B-382BB949A0D9}
[2012/10/17 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{AAFAFCAA-9C78-458E-B158-C8753201F219}
[2012/10/17 15:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/16 19:28:44 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Roaming\Serif
[2012/10/16 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012/10/16 19:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications
[2012/10/16 19:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serif
[2012/10/14 19:30:30 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Roaming\Malwarebytes
[2012/10/14 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/14 12:52:29 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Roaming\Localphone
[2012/10/10 04:02:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 04:02:50 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 04:02:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 04:02:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 04:02:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 04:02:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 04:02:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 04:02:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 04:02:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 04:02:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 04:02:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 04:02:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 04:02:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 04:02:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 04:02:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 04:02:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 04:02:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 04:02:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 04:02:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 04:02:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 04:02:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 04:02:31 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 04:02:25 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 04:02:21 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 04:01:24 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 04:01:24 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/09 17:34:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/09 17:21:57 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{0C057402-5E48-4B5B-92F9-1A94394BC88E}
[2012/10/09 02:50:51 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{CBFB870E-2A9D-47DA-A945-E6DC2D63DBA8}
[2012/10/08 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{0875D85F-5F27-474F-9F2F-B3B16A497638}
[2012/10/07 23:31:43 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{F35822A5-53CA-45F6-9E36-73FD6C5E6C76}
[2012/10/07 11:31:31 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{44D08AE4-2409-4C6A-BFEF-D88BDEA4A27A}
[2012/10/06 23:31:17 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{D6FDA8EE-AEA9-44D0-82E4-4206F270887E}
[2012/10/05 08:28:43 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{443F54C2-201E-4C67-A423-F1F15DEF2BB3}
[2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/04 20:28:31 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{6D495794-7B55-4F3A-9F39-296D99A7EF22}
[2012/10/04 08:28:19 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{47DEA6B5-A304-4FE6-89E6-4A4D430673E8}
[2012/10/03 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{51AB5C81-0B49-42E4-948F-C79D4B456F7C}
[2012/10/03 08:27:42 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{B65B47C7-328F-43AA-8B92-BEA251D7101B}
[2012/10/02 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{7A44F313-5121-4CB9-8B8E-BD95CA00A354}
[2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/10/02 00:26:17 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{33D1C7B0-5438-4393-A6A4-5639D1A0703A}
[2012/10/01 12:26:05 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{4ACB8261-3ADD-4BC8-8A05-DCE273B515C3}
[2012/10/01 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\Macromedia
[2012/10/01 00:25:32 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{9A625E81-E87C-4062-B3D7-FA1F1FE97A53}
[2012/09/28 22:56:19 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012/09/28 20:24:56 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Roaming\AVG2013
[2012/09/28 20:23:05 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Roaming\TuneUp Software
[2012/09/28 20:22:55 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/28 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/28 20:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/28 20:17:12 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\MFAData
[2012/09/28 20:17:12 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\Avg2013
[2012/09/28 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{9421716F-83FD-4D3C-8596-11F5E763EDCA}
[2012/09/28 07:43:31 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{6B1F096F-6881-45B5-8223-53D7E824DA9E}
[2012/09/27 19:43:20 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{EE35FFFB-6723-4546-88CB-73FC959500FC}
[2012/09/27 07:43:08 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{95CD01E1-AE59-48EC-A1D8-FB2ADAEE59B0}
[2012/09/26 18:56:03 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{BD9E52F4-FAEF-432C-A12B-8D81948BBB19}
[2012/09/26 06:55:38 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{EF0AFA0E-7601-49C5-A7CE-C33D537CF612}
[2012/09/26 06:09:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 18:55:27 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{8398AA13-1770-43A8-87F2-F6C9AD54EAE0}
[2012/09/25 06:55:15 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{61E82872-8092-40E8-8C7F-89B723A2EE71}
[2012/09/24 18:55:03 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{6C6D7319-B93B-48CE-83A4-C6D48D5009F8}
[2012/09/24 06:54:51 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{F286E74A-053C-41B6-BE72-428789A9A133}
[2012/09/23 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{B24A5A98-F9FF-4D44-BB83-EE30AB7A3FEC}
[2012/09/23 03:00:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 03:00:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 03:00:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 03:00:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 03:00:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 03:00:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 03:00:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 03:00:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 03:00:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 03:00:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 03:00:34 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 03:00:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 03:00:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/23 03:00:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 03:00:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 23:41:51 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{0169A211-555A-4767-9866-951C4672FB92}
[2012/09/21 19:46:24 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{8FFC1496-45BE-416F-A935-E6439BAEA2B4}
[2012/09/21 07:46:13 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{985D501C-7F89-4134-A348-B256C2622A1C}
[2012/09/21 03:46:04 | 000,200,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/21 03:46:00 | 000,225,120 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2012/09/21 03:45:50 | 000,061,792 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/20 19:46:01 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{D2C5A5BD-3D76-40AF-9170-172ED54EA003}
[2012/09/20 07:45:49 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{09807C3D-3335-4A51-BE80-EE75FB995A0E}
[2012/09/19 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{EB847F23-1A62-4769-883C-C82E3302B4F6}
[2012/09/19 07:45:26 | 000,000,000 | ---D | C] -- C:\Users\Globalhawk\AppData\Local\{2C767611-B485-4955-AA7E-E141388382E1}

========== Files - Modified Within 30 Days ==========

[2012/10/18 20:05:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307254773-4014522594-3609045076-1000UA.job
[2012/10/18 20:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 19:49:30 | 000,000,512 | ---- | M] () -- C:\Users\Globalhawk\Desktop\MBR.dat
[2012/10/18 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/18 18:56:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 18:56:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/18 18:53:54 | 000,730,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/18 18:53:54 | 000,627,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/18 18:53:54 | 000,107,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/18 18:49:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 18:48:19 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/10/18 18:47:54 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGlobalhawk.job
[2012/10/18 18:47:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 18:47:43 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 17:35:36 | 000,000,000 | ---- | M] () -- C:\Users\Globalhawk\defogger_reenable
[2012/10/18 00:05:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307254773-4014522594-3609045076-1000Core.job
[2012/10/18 00:02:30 | 000,002,010 | -H-- | M] () -- C:\Users\Globalhawk\Documents\Default.rdp
[2012/10/16 19:26:54 | 004,864,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/16 19:26:40 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGLOBALHAWK-HP$.job
[2012/10/16 19:00:05 | 000,000,009 | ---- | M] () -- C:\END
[2012/10/10 07:19:43 | 000,037,993 | ---- | M] () -- C:\Users\Globalhawk\Documents\cute_monkey-05.jpg
[2012/10/10 07:11:43 | 000,041,090 | ---- | M] () -- C:\Users\Globalhawk\Documents\Cute_monkey6.jpg
[2012/10/09 19:35:31 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Globalhawk\Desktop\tdsskiller.exe
[2012/10/09 17:44:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/09 02:45:18 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 02:45:18 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/08 07:48:44 | 000,000,822 | ---- | M] () -- C:\Users\Globalhawk\Documents\hosts
[2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/28 20:22:55 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys

========== Files Created - No Company Name ==========

[2012/10/18 19:49:30 | 000,000,512 | ---- | C] () -- C:\Users\Globalhawk\Desktop\MBR.dat
[2012/10/18 19:14:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/18 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/18 19:14:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/18 19:14:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/18 19:14:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/18 19:13:35 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2 64-bit.lnk
[2012/10/18 17:35:36 | 000,000,000 | ---- | C] () -- C:\Users\Globalhawk\defogger_reenable
[2012/10/16 19:04:54 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus Starter Edition.lnk
[2012/10/16 19:00:04 | 000,000,009 | ---- | C] () -- C:\END
[2012/10/10 07:19:22 | 000,037,993 | ---- | C] () -- C:\Users\Globalhawk\Documents\cute_monkey-05.jpg
[2012/10/10 07:11:19 | 000,041,090 | ---- | C] () -- C:\Users\Globalhawk\Documents\Cute_monkey6.jpg
[2012/10/01 21:28:44 | 000,000,822 | ---- | C] () -- C:\Users\Globalhawk\Documents\hosts
[2012/06/14 07:49:48 | 000,000,845 | ---- | C] () -- C:\Users\Globalhawk\AppData\Local\recently-used.xbel
[2012/05/31 08:10:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/05/31 08:10:10 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/05/31 08:10:09 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/31 08:10:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/31 08:10:09 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/03/14 17:37:03 | 000,008,192 | ---- | C] () -- C:\Users\Globalhawk\AppData\Roaming\SQLiteManager3.pref
[2011/11/13 04:27:45 | 000,001,456 | ---- | C] () -- C:\Users\Globalhawk\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/15 16:32:31 | 000,000,082 | ---- | C] () -- C:\Users\Globalhawk\AppData\Local\X-Plane Installer.prf
[2011/05/28 20:22:57 | 000,001,076 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/17 17:51:37 | 000,000,017 | ---- | C] () -- C:\Users\Globalhawk\AppData\Local\resmon.resmoncfg
[2011/05/11 19:42:15 | 000,748,242 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/05 20:54:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/05 20:40:09 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/05/05 20:39:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/01/10 23:01:11 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/16 21:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/10/11 18:05:28 | 028,078,990 | ---- | C] ()(C:\Users\Globalhawk\Documents\???? ??????????? - Enga Ooru Paatukaaran (HQ).flv) -- C:\Users\Globalhawk\Documents\மதுர மரிகொழுந்து - Enga Ooru Paatukaaran (HQ).flv
[2012/10/11 18:02:12 | 028,078,990 | ---- | M] ()(C:\Users\Globalhawk\Documents\???? ??????????? - Enga Ooru Paatukaaran (HQ).flv) -- C:\Users\Globalhawk\Documents\மதுர மரிகொழுந்து - Enga Ooru Paatukaaran (HQ).flv

< End of report >


OTL Extras logfile created on: 10/18/2012 8:35:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\ProgFiles\Cleaners
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 4.92 Gb Available Physical Memory | 61.85% Memory free
15.90 Gb Paging File | 12.63 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 346.76 Gb Total Space | 167.91 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
Drive D: | 16.80 Gb Total Space | 2.11 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
Drive E: | 22.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 334.78 Gb Total Space | 111.78 Gb Free Space | 33.39% Space Free | Partition Type: NTFS
Drive H: | 29.71 Gb Total Space | 20.54 Gb Free Space | 69.13% Space Free | Partition Type: FAT32

Computer Name: GLOBALHAWK-HP | User Name: Globalhawk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006313C3-F94E-4899-9706-F86D15F0CACD}" = lport=7000 | protocol=6 | dir=in | name=bbserver protocol |
"{0186C164-EF1B-4DE2-8547-9DDA7BE161C2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{08101DA9-3BA4-4F06-9F98-E1219798E5F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A655B90-DD54-4C5D-9225-2F7AB0F51F2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13A0BF64-83D1-4E75-92F5-3CE4AE3CA9D1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{145790DA-123F-48E5-AC95-9EC15B17775A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{147032E2-C6B5-4605-AE0B-E9094901621D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C775EA6-7FDE-4D50-95AE-AB13383FA044}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1CECEDBE-50E0-4193-A451-13D4F7B87F0F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{21500052-DE5A-4D27-A989-45DE3E334371}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{229BFCC4-13FB-42C7-A6D7-ACE5690AF8F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23111C2B-1BA9-471A-9F5C-D23572CFE644}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2976195F-F45D-4349-A381-62CF43C3D1EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2ABA6C50-E504-4AA8-8B47-2E437C651551}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BF2453E-9261-4630-8E40-468C973365A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{30EA3F10-5132-4E15-8868-F52D601F9E55}" = lport=445 | protocol=6 | dir=in | app=system |
"{38FD74E0-1EB3-4EC7-A972-25A0051A9AEE}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3DE0A035-F39B-496F-B482-876978152646}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45F595F7-DEED-4825-B246-670DE8090A34}" = rport=139 | protocol=6 | dir=out | app=system |
"{4BBD3A53-8D19-4289-8BE3-124DB4401FD4}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4DF915A5-A485-43D3-9C2D-54FC87F614FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E47D228-C53D-4B52-BDD0-73F43CDC49DA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{505822FF-D97B-4F06-B5F8-9936EFF9BF9F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5329960A-0962-4AF5-950F-864C8E873448}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5B28D424-A115-4D43-8D9F-80FC4F830BD8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5E7D36C4-5FBD-4B70-866C-4CB5E4A9BFDA}" = lport=139 | protocol=6 | dir=in | app=system |
"{61E8503B-EDF2-4460-8EE8-B9F0E0146C54}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6202C499-16C5-48CF-A784-37AB26B1C1D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E50CED8-D9B7-4BAA-89D2-AC3FC16BFB4D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7EB789A0-460A-4E21-9780-922C87B8DF69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86FC23E5-F663-4544-9B7B-6F00202B437B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8750EC96-164C-45DE-8874-4E60E7FEC839}" = lport=137 | protocol=17 | dir=in | app=system |
"{889E3A6A-65F1-4130-A3CD-BE1A1FE92427}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8CE2EF93-712E-474B-91DD-68CD34DF770E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8FB7F257-DCF6-44DC-A23B-C5548FFB0F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3F99068-8443-4D9A-9EC8-D8DB67A13518}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4DBABFB-7FF2-4692-8E62-1F989E8DFD70}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8D715DC-9626-43A7-811C-29244735DD5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A93CB117-01EE-48AF-8F50-D911F96FC0B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA26A7D3-5E41-4468-B59F-E6654FD3FDEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA433EDD-BC3E-4E2B-9C33-0ED2D9F2BF9A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B09B1F05-A6A8-463C-AAE8-1A7DB17E9454}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B3591749-4624-4CF8-B1F3-8132E4BD603B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B47916FE-BF9F-434B-8390-9297A6CCA3AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B822B338-871A-4417-8AA4-4753C007BFC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B95EDFAF-AC5A-4A8E-AB98-209752C927D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9E4EB5B-20D8-4185-8976-3D6EA46B5C46}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB553096-D4AB-4613-95B6-548DE15C39D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9F9B9D-57D0-495A-8275-40176D475549}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC401F13-2AFF-4A55-8ED9-5081BCDA9246}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD14DA8F-B84C-4D98-B889-4F026A6C4830}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3190CDC-31B6-4133-977D-EF38FD77A35C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C658CB0B-B176-4293-81B8-B2BAA38A9C9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC43C985-C456-4105-B301-52D88FC80F69}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D421B3ED-2B50-43D6-8CF8-99D4AFDD5091}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7F8B584-53D0-4C68-9BCF-781087339BC7}" = lport=137 | protocol=17 | dir=in | name=bbserver protocol |
"{DC5064BB-09D6-4DAD-AD55-81040B81B767}" = rport=137 | protocol=17 | dir=out | app=system |
"{E22F300F-70C0-4135-A16B-0A50A3029614}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5FD8C39-C77E-4378-9C2A-E45E82006A1F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBF1A679-1EEB-4373-A288-143A65BC8CB8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ECBF9066-4DDD-4849-B61B-226A7C9CA806}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFA01564-7CD8-479A-BDC5-8E7D7FE6B273}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0C75358-6A8B-4918-828D-95D7BBD792B9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F5DC8A9F-0C3B-4771-8263-5B7D4F0895E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5FC6ECC-F084-4885-9606-139A4BB4C686}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7405257-B991-442C-A71B-97451DCBA544}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCE50555-3303-4065-BE93-F278FB918021}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B5B9C7-8263-4D1C-8F4B-56E4FDDA38D1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{03DBECDD-74AB-444E-8A01-4AA706172380}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{052C980C-395B-4C97-A0D7-6896B4EDEFD6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0C3F44C1-172A-41D4-A479-BBE083EAF46D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CAED736-C37A-48E9-B4EF-D8634781BF5C}" = protocol=17 | dir=in | app=c:\users\globalhawk\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D9E0580-931F-409B-9A94-F9CB81E0AEC5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0F4237CE-8F65-4B40-A136-9C254566C916}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{14CA12A3-DDE7-41B4-BC67-0C6196293FD4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{192C17BD-E7CA-4AFF-ACC6-50A84DB18381}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{1DA7F307-6B7F-41E4-9E56-26EECD769EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{1F9647C4-C993-4ED1-B852-0F9C1A6DA47B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23044924-7EDA-4E4A-B23E-459E2F2A89A5}" = protocol=6 | dir=in | app=c:\users\globalhawk\appdata\roaming\dropbox\bin\dropbox.exe |
"{24869600-7964-4C8A-B776-3A15363B6FA8}" = protocol=6 | dir=in | app=c:\users\globalhawk\appdata\roaming\dropbox\bin\dropbox.exe |
"{25632AAF-43A4-4DA0-84B0-D42444315167}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2E40760A-BAFB-4247-8146-6E33C91DADB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FEAE574-D57A-4AF5-BD2C-0961BF083E47}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{32C4FA13-D6EC-4D50-9FB2-3FB30FDBE3EE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3510A83F-4D4D-433C-9563-C33697F53A5C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{35E7C63B-7E21-41B6-9AD3-AD150BA7F8B4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{38F57656-D299-4B8F-AA4F-F17338919C7F}" = dir=in | app=c:\users\globalhawk\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3E461469-84FE-4F74-87FA-EE1123F32907}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3EA4B059-E718-4596-94D3-60DB5D95A93F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3EA85AF3-9535-469C-AB84-6BEC1EF4E998}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{44F4DDA7-2A79-42C1-A8B2-1E7308B4D449}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46DFD6C6-9D17-4730-8C97-66339FC2AE9C}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{49FC1211-2842-4F98-BBB3-F1AB24F19D2E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4AAB737D-A904-41C0-BACA-CF10C8B723BB}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{4CAAC214-AE0A-428D-9721-E0FC8964687A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CEB254C-62C5-42F1-BDEE-92DB58BD5C35}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{4F50EF00-0541-42C5-8B72-02CB0BF171BD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"{50D5D017-0C4C-4944-8313-3E9EFE0D76B7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{5164B008-C25D-410B-99C0-8D7F5D8F2FEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58CAB067-3F99-4E89-A948-942F4356A58A}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{5AAFD3A6-CB8D-4AE9-8CAC-674890AE7C1C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DD6B49A-E035-415B-9D5D-7AB4C98C3F20}" = protocol=6 | dir=in | app=c:\program files (x86)\x-plane 9\x-plane.exe |
"{5EF82E2C-D53B-4C1D-B91E-176BB481A85A}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{60D50364-E173-489F-9D0C-ECE2F40633DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{62FC04E2-185D-4945-9522-FD2F33E83A8F}" = protocol=6 | dir=in | app=f:\progfiles\utorrent\utorrent.exe |
"{6306DC44-87E4-4DB5-ABFC-8A0C0A87D13B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6722366C-6D67-4749-8ACB-6861B616E908}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{680F0B02-350B-4919-BC55-E322D7246C30}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{6B0B6F07-7D14-4E1A-98BB-C0756CF88BA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74FB96BB-DE19-4F19-84C1-6DBABD0EB638}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{77B5324F-5FD4-4F44-AEDF-7FE9089EBB1D}" = protocol=17 | dir=in | app=c:\users\globalhawk\appdata\roaming\dropbox\bin\dropbox.exe |
"{77C2D11B-C68A-487D-8019-8F87D057D2B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77E17098-0972-4CF4-BDEE-A79A3E1069F4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{78CCA140-684A-42AC-A9CB-2C4926B706CA}" = protocol=17 | dir=in | app=c:\program files (x86)\x-plane 9\x-plane.exe |
"{7B55C9D8-1D33-4597-A33A-6F335F29B353}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CB88EFE-E7AD-47EC-8C99-96AF1A800BC4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{7CBF8352-5897-4791-AF03-212606E8A54B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7E8EB14B-DA97-44AF-954B-2853AAF1D7D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{84FE5372-4196-47E3-AA63-43CCCAE8ABD5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{89274D0B-E60A-4791-96F2-A3997669BD2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89E00098-9372-4C06-9C46-C8E69FDD9B16}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D763D3B-5753-4C7F-970D-53FA52B76AF4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{8E36AAC2-E794-46A3-89DD-E367538AB7E6}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{91687C50-18D4-4DE0-8965-1E8FAE185C70}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{9473D7B1-C169-4C91-9A4C-20A6CF335241}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{96A925AD-C1AD-4565-AB30-3133A32AF38C}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{9862178E-DEE6-4480-A2F9-F8FE4C609982}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{98F3AFA2-ADE2-47F8-A414-B6DA5BB31401}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A825C79-7A21-4D4A-8A12-CDC12C7FE53E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9BBC8C97-707D-49D1-AAAE-169892D4D042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9CE5C4F0-4924-49BB-8628-96F38BDE3068}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{9E169028-150C-4ABB-A6E2-8F29210F83DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1CFA152-18E2-420C-ACFF-CED203278539}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1DE78BE-3771-408F-BCD1-471920289091}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A25C576B-F8DB-41EE-8106-5E0303EE4F4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4D73FBB-2F7C-4A4A-B2BA-81AF8AE8B9A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA34A123-30BE-4DCC-8C7A-4143833F3B33}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB35B2E3-F28C-4B66-B541-F0854AF89950}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{ADAD0E3B-C421-4135-BC23-D73A7D2E856D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B08819DF-0EB1-4767-A806-8E09D77C1B05}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
"{B0BF5E7D-044F-494E-BDA2-DA99909691E6}" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"{B57E8616-1F92-4762-B6D4-0D480D42AFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B5942BE5-12DA-4A17-AC47-1A7634C4017F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BF1B515D-9661-4974-9D1C-CC06ACED21A6}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{C1507577-E36B-422C-B361-1BC780BEB743}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C1D3DFE0-08F7-41E4-BFA5-304761E27F21}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{C302018D-FA5F-4CF4-8939-8F6CF43ED438}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{C5039241-0ECC-489F-A448-69175FFAA908}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C59451C4-5F5F-48CD-9233-E5DE97965360}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{C6A42FBB-C449-4330-A3F6-C43C3B65BE94}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{C758D495-E3BE-4CF9-96FB-69797572E8B0}" = protocol=17 | dir=in | app=f:\progfiles\blackbox\bbserver.exe |
"{CE2D5080-CC0C-4DA2-A797-AF1BB78AA20B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{D242B88A-20B1-42C9-9DE5-F6F911D54383}" = protocol=6 | dir=in | app=c:\program files (x86)\localphone\bin\localphone-3.exe |
"{D3496E2C-0805-4DEC-910E-7342DD2CBBF0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D3ADC8FA-A383-46B6-A695-470C43196EA3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D4CD82B2-015B-4D7E-A7C3-8968BBFBE5AC}" = protocol=17 | dir=in | app=f:\progfiles\utorrent\utorrent.exe |
"{D82D6B2B-3F0D-4DBE-91F4-05EFF8ECCB12}" = protocol=6 | dir=out | app=system |
"{E11A910D-553B-410E-8942-AD70BFADFCBC}" = protocol=17 | dir=in | app=c:\users\globalhawk\appdata\roaming\spotify\spotify.exe |
"{E46F95B2-0369-48C5-9899-B25AB86799F6}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E68690E9-61CC-433E-A6D7-7E1960DAE64E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6BDF2D1-2AF8-4BAF-92FB-42ED1626F05E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E6E33E4C-A902-49FA-8382-78731F2BE845}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{E7A3D90B-59CD-47E5-B4C7-0AE11BEE1F3B}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{E7BB073D-5CAA-475E-9A99-3C541D316C2F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E8CF89CF-A938-4032-AE7C-474D3DAA8D5C}" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"{F0D36290-1BB4-4149-9742-E472158B4F4B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F156BC28-A6F9-4F31-B8CF-E50212220F5A}" = protocol=6 | dir=in | app=c:\users\globalhawk\appdata\roaming\spotify\spotify.exe |
"{F41402F5-8523-4634-B49C-EF9CF20669F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F4995ECF-EC71-4259-9FD5-2981454F5720}" = protocol=6 | dir=in | app=f:\progfiles\blackbox\bbserver.exe |
"{F6380DB6-B9C9-4266-B661-817EB042CCA1}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{F74C24F6-126B-4C95-9F56-3E2C96143FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{FD292A43-4C10-443C-951A-224CEDDE40EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDEC5F2D-EA87-4412-902E-81FC9EDBCAB4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FE1596A6-3A95-4BB6-8CB2-E96CB4CB7BF4}" = protocol=17 | dir=in | app=c:\program files (x86)\localphone\bin\localphone-3.exe |
"{FE816141-9F2A-489F-9FEB-3E3E5F2E34B3}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{FE8AC3E1-F7BC-4FE5-8D02-C07D25814B25}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgam.exe |
"TCP Query User{07567DD0-DE04-4B81-AE4C-E57EB3D20751}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{367C7952-8962-4FAD-A76A-6840EB13EB87}C:\program files (x86)\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cain\cain.exe |
"TCP Query User{477D2FF1-4AE9-42F6-A911-A65FD37886F5}C:\users\globalhawk\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\globalhawk\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{5CC149FE-F92F-4EDD-B852-EF533B688F4F}C:\program files (x86)\localphone\bin\localphone-3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\localphone\bin\localphone-3.exe |
"TCP Query User{8B451D66-B203-4914-A075-E275FFF612B4}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"TCP Query User{A1F2C1CB-2DA2-44EE-A417-236C1D6B163A}C:\program files (x86)\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-plane 9\x-plane.exe |
"TCP Query User{DF623A8E-3F2A-4257-861B-46B41167AEB5}F:\progfiles\utorrent.exe" = protocol=6 | dir=in | app=f:\progfiles\utorrent.exe |
"TCP Query User{E3F39A2B-B16C-4F02-A5B3-78D2D693EA7D}C:\users\globalhawk\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\globalhawk\appdata\roaming\spotify\spotify.exe |
"UDP Query User{11CD4282-32B0-4337-97BB-A512E5FD0105}F:\progfiles\utorrent.exe" = protocol=17 | dir=in | app=f:\progfiles\utorrent.exe |
"UDP Query User{195ADCEE-BA48-4991-AB45-DD3EEF6298FB}C:\program files (x86)\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-plane 9\x-plane.exe |
"UDP Query User{3D9016DA-75AE-4698-B87A-D1C8BFD7FACF}C:\program files (x86)\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quicktime\quicktimeplayer.exe |
"UDP Query User{61007079-CCDC-4C1E-A931-D6C132A9A30C}C:\users\globalhawk\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\globalhawk\appdata\roaming\spotify\spotify.exe |
"UDP Query User{77D4382A-3504-4F65-9817-8FDBFDCD56F0}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{CDEA3195-653B-4B02-BB85-0BBCC3B8A68A}C:\program files (x86)\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cain\cain.exe |
"UDP Query User{D9260A0B-ABF4-45D1-B40F-2A7692DF0357}C:\users\globalhawk\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\globalhawk\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{E12FA57F-3D31-4E25-A0A1-4F7B9C1E007E}C:\program files (x86)\localphone\bin\localphone-3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\localphone\bin\localphone-3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0DF3F266-B52E-4309-B3CC-233607DF4E50}" = HP 3D DriveGuard
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1876545F-47B1-80A7-2F98-D175DA98A392}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D5CE83C-BFDD-4668-8BCB-E8614334A657}" = Adobe Photoshop Lightroom 3.4 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2C43E67B-0CDC-48BE-A374-23BEB0E48A72}" = AVG 2013
"{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}" = AMD Catalyst Install Manager
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}" = Adobe Photoshop Lightroom 4.2 64-bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Waterfox 11.0 (x64 en-US)" = Waterfox 11.0 (x64 en-US)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}" = Catalyst Control Center Graphics Previews Common
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08523528-BA2F-43BB-87E3-252C081872B9}" = Catalyst Control Center - Branding
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{120F4744-38ED-FB1E-F313-A7A7E419A71E}" = CCC Help Chinese Traditional
"{135AAD7D-FB4A-800C-E7F2-58D02B936C38}" = Catalyst Control Center Localization All
"{178EA4CE-9622-76B4-308F-73FEC150DBB4}" = CCC Help Norwegian
"{18759442-C252-446E-A36D-97C696D7456E}" = VMware vSphere PowerCLI
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}" = CCC Help Portuguese
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{412308A1-73B4-A26B-57A8-BE827ADA9BF9}" = Catalyst Control Center Profiles Mobile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6937DA-DABE-31C9-C433-D67C640B7BED}" = CCC Help Italian
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{52594AFD-2797-356A-CC6F-57047524F1E1}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C7F3D35-9018-A839-3B9C-E50B517B9458}" = CCC Help Hungarian
"{5CA75999-3DDE-7B58-3394-38A4E82D8466}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60CD8628-DDD9-B498-A368-D01A4793CCFA}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6866ADAD-71F1-D306-B979-6371D8C4411A}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76D0E682-0183-E295-FA4C-DA6763669CCA}" = CCC Help English
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4B0AA9-F97E-49C4-AE6F-D40580B65A22}" = onOne PerfectPresets
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DB85CDE-EC37-A333-05B1-23846D03F08D}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}" = CCC Help French
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}" = CCC Help Korean
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB2E32E3-B0C3-592C-8093-308249A70C82}" = PX Profile Update
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B357B619-36C5-7C1E-063B-92677609CB14}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}" = CCC Help Turkish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C5D8263A-4D81-8979-91DE-B10120642FC5}" = Catalyst Control Center
"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}" = CCC Help Finnish
"{CF48FF43-B417-637C-C804-0F285FD7ED05}" = CCC Help Spanish
"{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}" = CCC Help Czech
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}" = CCC Help Greek
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E59E0B3D-F840-5910-DF8C-73CFA82613C2}" = CCC Help Polish
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E60422F6-23F5-446A-B26D-70FF3092BF84}" = VMware vSphere CLI
"{E77268D6-5E7F-6DE1-34AC-A1A276710C21}" = CCC Help Chinese Standard
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F095393B-0D7E-4BC7-A28A-2CD66E8BB449}" = SQLiteManager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F0E8C9FD-990F-48A8-9B3B-835DB0DACD26}" = VMware vSphere Update Manager Client 5.0
"{F5C7356C-463C-75BC-E4E0-324E4516EB73}" = CCC Help Thai
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}" = VMware VIX
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"BlackBox" = BlackBox Security Monitor Express™ 1.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX Setup
"ffdshow" = ffdshow (remove only)
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Localphone_is1" = Localphone version 1.1.0
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"My HP Game Console" = HP Game Console
"NHM Writer_is1" = NHM Writer Beta
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PdaNet_is1" = PdaNet for Android 3.50
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VMware_Workstation" = VMware Workstation
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.2
"Wireshark" = Wireshark 1.6.5
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2307254773-4014522594-3609045076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"ActiveTouchMeetingClient" = WebEx
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2012 8:57:46 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2012 8:57:46 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1029

Error - 5/16/2012 8:57:46 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1029

Error - 5/16/2012 8:57:47 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2012 8:57:47 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2121

Error - 5/16/2012 8:57:47 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2121

Error - 5/16/2012 8:57:48 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/16/2012 8:57:48 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120

Error - 5/16/2012 8:57:48 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120

Error - 5/16/2012 8:57:49 PM | Computer Name = Globalhawk-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Hewlett-Packard Events ]
Error - 10/3/2012 10:37:09 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 40 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)

Error - 10/3/2012 10:37:59 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: 40 TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)

Error - 10/3/2012 10:38:49 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)

Error - 10/3/2012 10:39:39 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)

Error - 10/3/2012 10:40:29 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)

Error - 10/3/2012 10:41:19 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2147024882HPSF.exe at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Message: Exception
of type 'System.OutOfMemoryException' was thrown. StackTrace: at System.Threading.Thread.StartInternal(IPrincipal
principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at
System.Diagnostics.ShellExecuteHelper.ShellExecuteOnSTAThread() at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start() at HP.SupportAssistant.UI.MessengerCommunication.launchMessenger()

at HP.SupportAssistant.UI.MessengerCommunication.initializeCommunication()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 8139 Ram Utilization: TargetSite: Void StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef)

Error - 10/3/2012 10:41:54 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/3/2012 10:41:54 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/3/2012 10:42:07 PM | Computer Name = Globalhawk-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/9/2012 6:50:35 PM | Computer Name = Globalhawk-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 8139 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ HP Software Framework Events ]
Error - 8/23/2012 9:01:30 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/08/23 08:01:30.787|00002774|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 8/30/2012 8:28:04 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/08/30 07:28:04.979|00002AFC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/6/2012 8:37:15 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/09/06 07:37:15.733|00002FD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/6/2012 8:38:43 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/09/06 07:38:43.830|00002B54|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/13/2012 8:55:46 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/09/13 07:55:46.411|00001808|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/20/2012 8:03:33 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/09/20 07:03:33.805|0000070C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/27/2012 8:46:15 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/09/27 07:46:15.617|000029DC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/2/2012 9:41:47 PM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/10/02 20:41:47.034|00001CC4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/4/2012 8:41:00 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/10/04 07:41:00.700|00000854|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/11/2012 8:59:37 AM | Computer Name = Globalhawk-HP | Source = CaslWmi | ID = 5
Description = 2012/10/11 07:59:37.610|00002388|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 7/1/2011 3:36:41 PM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 7/1/2011 3:36:42 PM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 7/5/2011 1:28:06 AM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 7/5/2011 1:28:07 AM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 7/5/2011 6:00:51 PM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 7/5/2011 6:00:53 PM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 7/5/2011 10:13:06 PM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 7/5/2011 10:13:07 PM | Computer Name = Globalhawk-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 11/7/2011 8:41:02 PM | Computer Name = Globalhawk-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 8/3/2012 7:40:53 PM | Computer Name = Globalhawk-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ Media Center Events ]
Error - 12/21/2011 11:56:14 AM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 9:26:14 PM - Error connecting to the internet. 9:26:14 PM - Unable
to contact server..

Error - 12/21/2011 11:56:23 AM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 9:26:20 PM - Error connecting to the internet. 9:26:20 PM - Unable
to contact server..

Error - 1/12/2012 5:22:12 AM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 3:22:02 AM - Error connecting to the internet. 3:22:02 AM - Unable
to contact server..

Error - 1/16/2012 8:11:45 PM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 6:11:45 PM - Error connecting to the internet. 6:11:45 PM - Unable
to contact server..

Error - 1/16/2012 8:12:01 PM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 6:11:51 PM - Error connecting to the internet. 6:11:51 PM - Unable
to contact server..

Error - 1/18/2012 10:06:15 PM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 8:06:02 PM - Error connecting to the internet. 8:06:02 PM - Unable
to contact server..

Error - 7/4/2012 10:08:09 PM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 9:08:04 PM - Error connecting to the internet. 9:08:04 PM - Unable
to contact server..

Error - 7/4/2012 11:08:17 PM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 10:08:16 PM - Error connecting to the internet. 10:08:16 PM - Unable
to contact server..

Error - 7/5/2012 12:08:25 AM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 11:08:24 PM - Error connecting to the internet. 11:08:24 PM - Unable
to contact server..

Error - 7/26/2012 5:05:03 AM | Computer Name = Globalhawk-HP | Source = MCUpdate | ID = 0
Description = 4:04:57 AM - Error connecting to the internet. 4:04:57 AM - Unable
to contact server..

[ System Events ]
Error - 10/17/2012 8:02:22 AM | Computer Name = Globalhawk-HP | Source = ipnathlp | ID = 31004
Description =

Error - 10/17/2012 4:39:29 PM | Computer Name = Globalhawk-HP | Source = ipnathlp | ID = 31004
Description =

Error - 10/17/2012 4:39:31 PM | Computer Name = Globalhawk-HP | Source = ipnathlp | ID = 31004
Description =

Error - 10/17/2012 4:39:31 PM | Computer Name = Globalhawk-HP | Source = RasSstp | ID = 22
Description =

Error - 10/17/2012 4:39:31 PM | Computer Name = Globalhawk-HP | Source = HTTP | ID = 15005
Description =

Error - 10/18/2012 7:46:32 PM | Computer Name = Globalhawk-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/18/2012 7:47:55 PM | Computer Name = Globalhawk-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/18/2012 7:47:58 PM | Computer Name = Globalhawk-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 10/18/2012 8:23:57 PM | Computer Name = Globalhawk-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/18/2012 8:27:38 PM | Computer Name = Globalhawk-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 09:11 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Globalhawk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File not found
    O3 - HKU\S-1-5-21-2307254773-4014522594-3609045076-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    FF - prefs.js..extensions.enabledAddons: hmyvslstmd@hmyvslstmd.org:2.5  
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 49556
    FF - prefs.js..network.proxy.type: 0
    [1832/11/29 00:05:54 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\hmyvslstmd@hmyvslstmd.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 09:24 PM

I ran the fix you gave. It asked to reboot. I did reboot my comp. I will update you on the URL redirect. So far i haven't got any redirects. Thanks for your help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:04 AM

Posted 18 October 2012 - 09:40 PM

did it give you a report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 globalhawk.rq

globalhawk.rq
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:04 AM

Posted 18 October 2012 - 09:46 PM

OTL Report after the Fix:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2307254773-4014522594-3609045076-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Prefs.js: hmyvslstmd@hmyvslstmd.org:2.5 removed from extensions.enabledAddons
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 49556 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
File move failed. C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\hmyvslstmd@hmyvslstmd.org.xpi scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\ProgFiles\Cleaners\cmd.bat deleted successfully.
F:\ProgFiles\Cleaners\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Globalhawk
->Java cache emptied: 1874270 bytes

User: Guest
->Java cache emptied: 405245 bytes

User: Mcx1-GLOBALHAWK-HP

User: Public

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Globalhawk
->Flash cache emptied: 548 bytes

User: Guest
->Flash cache emptied: 80557 bytes

User: Mcx1-GLOBALHAWK-HP

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10182012_211557

Files\Folders moved on Reboot...
C:\Users\Globalhawk\AppData\Roaming\Mozilla\Firefox\Profiles\an727tdy.default\extensions\hmyvslstmd@hmyvslstmd.org.xpi moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users