Avrohom

Attached is my log. mbst-grab-results.zip

I keep getting this attached message when trying to install. But internet connection is fine. What should I do?

One way I have seen (on forums) to deal with the problem is just to accept it. When we see the pop-up -- just log in -- and then pop up won't return.

Log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-23 23:33:10 ----------------------------- 23:33:10.010 OS Version: Windows x64 6.1.7601 Service Pack 1 23:33:10.010 Number of processors: 4 586 0x2A07 23:33:10.010 ComputerName: CHAVA-HP UserName: Chava 23:33:11.695 Initialize success 23:33:17.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:33:17.833 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3 23:33:17.848 Disk 0 MBR read successfully 23:33:17.848 Disk 0 MBR scan 23:33:17.864 Disk 0 Windows 7 default MBR code 23:33:17.864 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 23:33:17.879 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690601 MB offset 409600 23:33:17.911 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20540 MB offset 1414760448 23:33:17.926 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368 23:33:17.957 Disk 0 scanning C:\Windows\system32\drivers 23:33:24.119 Service scanning 23:33:54.461 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 23:34:34.070 Modules scanning 23:34:34.086 Disk 0 trace - called modules: 23:34:34.195 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 23:34:34.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008ace060] 23:34:34.210 3 CLASSPNP.SYS[fffff88001d7043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8006213050] 23:34:34.210 Scan finished successfully 23:34:52.852 Disk 0 MBR has been saved successfully to "C:\Users\Chava\Desktop\MBR.dat" 23:34:52.852 The log file has been saved successfully to "C:\Users\Chava\Desktop\aswMBR.txt"

No threats were found. Here's the log: 19:34:32.0901 7076 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 19:34:33.0168 7076 ============================================================ 19:34:33.0168 7076 Current date / time: 2012/04/23 19:34:33.0168 19:34:33.0168 7076 SystemInfo: 19:34:33.0168 7076 19:34:33.0168 7076 OS Version: 6.1.7601 ServicePack: 1.0 19:34:33.0168 7076 Product type: Workstation 19:34:33.0169 7076 ComputerName: CHAVA-HP 19:34:33.0169 7076 UserName: Chava 19:34:33.0169 7076 Windows directory: C:\Windows 19:34:33.0169 7076 System windows directory: C:\Windows 19:34:33.0169 7076 Running under WOW64 19:34:33.0169 7076 Processor architecture: Intel x64 19:34:33.0169 7076 Number of processors: 4 19:34:33.0169 7076 Page size: 0x1000 19:34:33.0169 7076 Boot type: Normal boot 19:34:33.0169 7076 ============================================================ 19:34:33.0519 7076 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:34:33.0569 7076 \Device\Harddisk0\DR0: 19:34:33.0569 7076 MBR partitions: 19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x544D4800 19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x54538800, BlocksNum 0x281E000 19:34:33.0569 7076 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x56D56800, BlocksNum 0x7EF000 19:34:33.0617 7076 C: <-> \Device\Harddisk0\DR0\Partition1 19:34:33.0660 7076 D: <-> \Device\Harddisk0\DR0\Partition2 19:34:33.0672 7076 E: <-> \Device\Harddisk0\DR0\Partition3 19:34:33.0672 7076 Initialize success 19:34:33.0672 7076 ============================================================ 19:35:11.0780 5224 ============================================================ 19:35:11.0780 5224 Scan started 19:35:11.0780 5224 Mode: Manual; SigCheck; TDLFS; 19:35:11.0780 5224 ============================================================ 19:35:12.0423 5224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:35:12.0501 5224 1394ohci - ok 19:35:12.0899 5224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:35:12.0957 5224 ACPI - ok 19:35:13.0337 5224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:35:13.0381 5224 AcpiPmi - ok 19:35:13.0510 5224 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:35:13.0597 5224 AdobeARMservice - ok 19:35:13.0918 5224 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:35:14.0029 5224 AdobeFlashPlayerUpdateSvc - ok 19:35:14.0430 5224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 19:35:14.0472 5224 adp94xx - ok 19:35:14.0860 5224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 19:35:14.0882 5224 adpahci - ok 19:35:15.0276 5224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 19:35:15.0310 5224 adpu320 - ok 19:35:15.0542 5224 AdvancedSystemCareService5 (b11c71b29fa69e4586f9b65560e6604d) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe 19:35:15.0588 5224 AdvancedSystemCareService5 - ok 19:35:15.0836 5224 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:35:15.0892 5224 AeLookupSvc - ok 19:35:16.0279 5224 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 19:35:16.0307 5224 AFD - ok 19:35:16.0704 5224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:35:16.0738 5224 agp440 - ok 19:35:17.0033 5224 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:35:17.0084 5224 ALG - ok 19:35:17.0475 5224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:35:17.0496 5224 aliide - ok 19:35:17.0896 5224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:35:17.0931 5224 amdide - ok 19:35:18.0335 5224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 19:35:18.0368 5224 AmdK8 - ok 19:35:18.0751 5224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 19:35:18.0770 5224 AmdPPM - ok 19:35:19.0157 5224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:35:19.0192 5224 amdsata - ok 19:35:19.0577 5224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 19:35:19.0605 5224 amdsbs - ok 19:35:19.0990 5224 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:35:20.0019 5224 amdxata - ok 19:35:20.0407 5224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:35:20.0466 5224 AppID - ok 19:35:20.0719 5224 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:35:20.0776 5224 AppIDSvc - ok 19:35:21.0076 5224 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 19:35:21.0123 5224 Appinfo - ok 19:35:21.0523 5224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 19:35:21.0555 5224 arc - ok 19:35:21.0929 5224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 19:35:21.0979 5224 arcsas - ok 19:35:22.0334 5224 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:35:22.0356 5224 aspnet_state - ok 19:35:22.0744 5224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:35:22.0797 5224 AsyncMac - ok 19:35:23.0151 5224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:35:23.0185 5224 atapi - ok 19:35:23.0491 5224 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:35:23.0563 5224 AudioEndpointBuilder - ok 19:35:23.0572 5224 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:35:23.0625 5224 AudioSrv - ok 19:35:23.0845 5224 Autodesk Content Service (f431dc5d94f4b2fdbc927655d8a9b10e) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe 19:35:23.0861 5224 Autodesk Content Service - ok 19:35:24.0144 5224 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 19:35:24.0179 5224 AxInstSV - ok 19:35:24.0576 5224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 19:35:24.0613 5224 b06bdrv - ok 19:35:24.0979 5224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:35:25.0021 5224 b57nd60a - ok 19:35:25.0134 5224 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 19:35:25.0201 5224 BBSvc - ok 19:35:25.0237 5224 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 19:35:25.0302 5224 BBUpdate - ok 19:35:25.0684 5224 bcbtums (09a19c806110ce839111850ec27e65f5) C:\Windows\system32\drivers\bcbtums.sys 19:35:25.0745 5224 bcbtums - ok 19:35:26.0235 5224 BCM43XX (461e574d7967e895640109a371a912a5) C:\Windows\system32\DRIVERS\bcmwl664.sys 19:35:26.0321 5224 BCM43XX - ok 19:35:26.0576 5224 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:35:26.0604 5224 BDESVC - ok 19:35:26.0990 5224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:35:27.0051 5224 Beep - ok 19:35:27.0356 5224 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 19:35:27.0431 5224 BFE - ok 19:35:27.0698 5224 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 19:35:27.0768 5224 BITS - ok 19:35:28.0138 5224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 19:35:28.0171 5224 blbdrive - ok 19:35:28.0554 5224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:35:28.0609 5224 bowser - ok 19:35:28.0999 5224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 19:35:29.0038 5224 BrFiltLo - ok 19:35:29.0404 5224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 19:35:29.0448 5224 BrFiltUp - ok 19:35:29.0829 5224 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 19:35:29.0877 5224 BridgeMP - ok 19:35:30.0117 5224 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 19:35:30.0164 5224 Browser - ok 19:35:30.0528 5224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:35:30.0562 5224 Brserid - ok 19:35:30.0927 5224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:35:30.0953 5224 BrSerWdm - ok 19:35:31.0345 5224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:35:31.0384 5224 BrUsbMdm - ok 19:35:31.0747 5224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:35:31.0763 5224 BrUsbSer - ok 19:35:32.0144 5224 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 19:35:32.0182 5224 BthEnum - ok 19:35:32.0571 5224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 19:35:32.0609 5224 BTHMODEM - ok 19:35:32.0997 5224 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:35:33.0030 5224 BthPan - ok 19:35:33.0408 5224 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 19:35:33.0447 5224 BTHPORT - ok 19:35:33.0693 5224 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:35:33.0741 5224 bthserv - ok 19:35:34.0100 5224 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 19:35:34.0129 5224 BTHUSB - ok 19:35:34.0533 5224 btwampfl (0e78584d5faca0509dfa97bd8b635075) C:\Windows\system32\drivers\btwampfl.sys 19:35:34.0591 5224 btwampfl - ok 19:35:34.0949 5224 btwaudio (409c4117e6027672ef41e68ace1468ad) C:\Windows\system32\drivers\btwaudio.sys 19:35:34.0972 5224 btwaudio - ok 19:35:35.0354 5224 btwavdt (8ca7cabd13316abace386d9f380b4cf3) C:\Windows\system32\DRIVERS\btwavdt.sys 19:35:35.0383 5224 btwavdt - ok 19:35:35.0539 5224 btwdins (1249ede2280f9a1564c946afddcd59d5) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 19:35:35.0619 5224 btwdins - ok 19:35:35.0983 5224 BTWDPAN (41933521a618475644b6e8d8487af326) C:\Windows\system32\DRIVERS\btwdpan.sys 19:35:36.0019 5224 BTWDPAN - ok 19:35:36.0376 5224 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys 19:35:36.0412 5224 btwl2cap - ok 19:35:36.0766 5224 btwrchid (71a04f2d9deb21b162561eb574d7d629) C:\Windows\system32\DRIVERS\btwrchid.sys 19:35:36.0787 5224 btwrchid - ok 19:35:36.0828 5224 catchme - ok 19:35:37.0204 5224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:35:37.0275 5224 cdfs - ok 19:35:37.0642 5224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 19:35:37.0681 5224 cdrom - ok 19:35:37.0951 5224 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:35:38.0004 5224 CertPropSvc - ok 19:35:38.0404 5224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 19:35:38.0455 5224 circlass - ok 19:35:38.0709 5224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:35:38.0746 5224 CLFS - ok 19:35:38.0941 5224 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:35:38.0987 5224 clr_optimization_v2.0.50727_32 - ok 19:35:39.0230 5224 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:35:39.0247 5224 clr_optimization_v2.0.50727_64 - ok 19:35:39.0592 5224 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:35:39.0627 5224 clr_optimization_v4.0.30319_32 - ok 19:35:39.0945 5224 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:35:39.0969 5224 clr_optimization_v4.0.30319_64 - ok 19:35:40.0360 5224 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys 19:35:40.0417 5224 clwvd - ok 19:35:40.0786 5224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 19:35:40.0832 5224 CmBatt - ok 19:35:41.0195 5224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:35:41.0234 5224 cmdide - ok 19:35:41.0608 5224 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:35:41.0711 5224 CNG - ok 19:35:42.0085 5224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 19:35:42.0117 5224 Compbatt - ok 19:35:42.0505 5224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:35:42.0542 5224 CompositeBus - ok 19:35:42.0801 5224 COMSysApp - ok 19:35:43.0159 5224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 19:35:43.0192 5224 crcdisk - ok 19:35:43.0486 5224 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 19:35:43.0564 5224 CryptSvc - ok 19:35:43.0789 5224 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 19:35:43.0877 5224 cvhsvc - ok 19:35:44.0258 5224 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 19:35:44.0281 5224 dc3d - ok 19:35:44.0586 5224 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:35:44.0653 5224 DcomLaunch - ok 19:35:44.0908 5224 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:35:44.0995 5224 defragsvc - ok 19:35:45.0391 5224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:35:45.0433 5224 DfsC - ok 19:35:45.0718 5224 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 19:35:45.0767 5224 Dhcp - ok 19:35:46.0125 5224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:35:46.0192 5224 discache - ok 19:35:46.0575 5224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 19:35:46.0592 5224 Disk - ok 19:35:46.0846 5224 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 19:35:46.0897 5224 Dnscache - ok 19:35:47.0153 5224 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 19:35:47.0204 5224 dot3svc - ok 19:35:47.0466 5224 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 19:35:47.0513 5224 DPS - ok 19:35:47.0906 5224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:35:47.0957 5224 drmkaud - ok 19:35:48.0334 5224 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys 19:35:48.0384 5224 DXGKrnl - ok 19:35:48.0643 5224 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:35:48.0698 5224 EapHost - ok 19:35:49.0112 5224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 19:35:49.0164 5224 ebdrv - ok 19:35:49.0407 5224 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 19:35:49.0445 5224 EFS - ok 19:35:49.0625 5224 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 19:35:49.0683 5224 ehRecvr - ok 19:35:49.0818 5224 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:35:49.0878 5224 ehSched - ok 19:35:50.0244 5224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 19:35:50.0284 5224 elxstor - ok 19:35:50.0636 5224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:35:50.0662 5224 ErrDev - ok 19:35:50.0956 5224 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:35:51.0033 5224 EventSystem - ok 19:35:51.0391 5224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:35:51.0456 5224 exfat - ok 19:35:51.0815 5224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:35:51.0855 5224 fastfat - ok 19:35:52.0157 5224 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 19:35:52.0223 5224 Fax - ok 19:35:52.0571 5224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 19:35:52.0603 5224 fdc - ok 19:35:52.0880 5224 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:35:52.0936 5224 fdPHost - ok 19:35:53.0193 5224 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:35:53.0248 5224 FDResPub - ok 19:35:53.0616 5224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:35:53.0650 5224 FileInfo - ok 19:35:54.0018 5224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:35:54.0102 5224 Filetrace - ok 19:35:54.0215 5224 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 19:35:54.0361 5224 FLEXnet Licensing Service 64 - ok 19:35:54.0722 5224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 19:35:54.0758 5224 flpydisk - ok 19:35:55.0149 5224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:35:55.0188 5224 FltMgr - ok 19:35:55.0444 5224 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 19:35:55.0485 5224 FontCache - ok 19:35:55.0628 5224 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:35:55.0650 5224 FontCache3.0.0.0 - ok 19:35:55.0797 5224 FPLService (ec3949088f617acc056fc1ab54a6a13b) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe 19:35:55.0846 5224 FPLService - ok 19:35:56.0203 5224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:35:56.0240 5224 FsDepends - ok 19:35:56.0603 5224 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 19:35:56.0629 5224 Fs_Rec - ok 19:35:57.0015 5224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:35:57.0038 5224 fvevol - ok 19:35:57.0398 5224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 19:35:57.0415 5224 gagp30kx - ok 19:35:57.0539 5224 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 19:35:57.0609 5224 GamesAppService - ok 19:35:57.0884 5224 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 19:35:57.0992 5224 gpsvc - ok 19:35:58.0160 5224 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:35:58.0240 5224 gupdate - ok 19:35:58.0244 5224 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:35:58.0281 5224 gupdatem - ok 19:35:58.0393 5224 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:35:58.0438 5224 gusvc - ok 19:35:58.0803 5224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:35:58.0836 5224 hcw85cir - ok 19:35:59.0217 5224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:35:59.0263 5224 HdAudAddService - ok 19:35:59.0660 5224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 19:35:59.0680 5224 HDAudBus - ok 19:36:00.0034 5224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 19:36:00.0093 5224 HidBatt - ok 19:36:00.0460 5224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 19:36:00.0504 5224 HidBth - ok 19:36:00.0880 5224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 19:36:00.0916 5224 HidIr - ok 19:36:01.0175 5224 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 19:36:01.0250 5224 hidserv - ok 19:36:01.0634 5224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 19:36:01.0680 5224 HidUsb - ok 19:36:01.0932 5224 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 19:36:01.0983 5224 hkmsvc - ok 19:36:02.0236 5224 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 19:36:02.0300 5224 HomeGroupListener - ok 19:36:02.0557 5224 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 19:36:02.0604 5224 HomeGroupProvider - ok 19:36:02.0752 5224 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 19:36:02.0794 5224 HP Support Assistant Service - ok 19:36:02.0917 5224 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe 19:36:02.0944 5224 HPAuto - ok 19:36:03.0021 5224 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 19:36:03.0044 5224 HPClientSvc - ok 19:36:03.0273 5224 hpCMSrv (e07f8e78d08d9269e3365c2a4f637191) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 19:36:03.0353 5224 hpCMSrv - ok 19:36:03.0524 5224 HPDrvMntSvc.exe (e6ab9e7ff923928e9f549fddfcedb28a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 19:36:03.0604 5224 HPDrvMntSvc.exe - ok 19:36:03.0772 5224 hpqwmiex (dbdc0581d4506c13e6bef48d14b1c55b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 19:36:03.0998 5224 hpqwmiex - ok 19:36:04.0376 5224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:36:04.0410 5224 HpSAMD - ok 19:36:04.0547 5224 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 19:36:04.0588 5224 HPWMISVC - ok 19:36:04.0989 5224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:36:05.0050 5224 HTTP - ok 19:36:05.0418 5224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:36:05.0451 5224 hwpolicy - ok 19:36:05.0848 5224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:36:05.0885 5224 i8042prt - ok 19:36:06.0267 5224 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys 19:36:06.0307 5224 iaStor - ok 19:36:06.0467 5224 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 19:36:06.0484 5224 IAStorDataMgrSvc - ok 19:36:06.0886 5224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:36:06.0919 5224 iaStorV - ok 19:36:07.0132 5224 IconMan_R (d3090576412ec63e0c6271d8b0974d73) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 19:36:07.0218 5224 IconMan_R - ok 19:36:07.0392 5224 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:36:07.0425 5224 idsvc - ok 19:36:08.0011 5224 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:36:08.0159 5224 igfx - ok 19:36:08.0531 5224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 19:36:08.0564 5224 iirsp - ok 19:36:08.0841 5224 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 19:36:08.0912 5224 IKEEXT - ok 19:36:09.0324 5224 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 19:36:09.0364 5224 IntcDAud - ok 19:36:09.0726 5224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:36:09.0741 5224 intelide - ok 19:36:10.0132 5224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:36:10.0153 5224 intelppm - ok 19:36:10.0413 5224 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:36:10.0479 5224 IPBusEnum - ok 19:36:10.0831 5224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:36:10.0890 5224 IpFilterDriver - ok 19:36:11.0155 5224 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 19:36:11.0221 5224 iphlpsvc - ok 19:36:11.0576 5224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:36:11.0608 5224 IPMIDRV - ok 19:36:11.0978 5224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:36:12.0043 5224 IPNAT - ok 19:36:12.0423 5224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:36:12.0466 5224 IRENUM - ok 19:36:12.0845 5224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:36:12.0872 5224 isapnp - ok 19:36:13.0244 5224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:36:13.0282 5224 iScsiPrt - ok 19:36:13.0432 5224 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 19:36:13.0490 5224 jhi_service - ok 19:36:13.0865 5224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 19:36:13.0895 5224 kbdclass - ok 19:36:14.0274 5224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 19:36:14.0309 5224 kbdhid - ok 19:36:14.0552 5224 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:14.0596 5224 KeyIso - ok 19:36:14.0963 5224 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:36:15.0001 5224 KSecDD - ok 19:36:15.0359 5224 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:36:15.0379 5224 KSecPkg - ok 19:36:15.0756 5224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:36:15.0818 5224 ksthunk - ok 19:36:16.0077 5224 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:36:16.0136 5224 KtmRm - ok 19:36:16.0424 5224 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 19:36:16.0494 5224 LanmanServer - ok 19:36:16.0780 5224 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 19:36:16.0843 5224 LanmanWorkstation - ok 19:36:17.0235 5224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:36:17.0290 5224 lltdio - ok 19:36:17.0543 5224 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:36:17.0609 5224 lltdsvc - ok 19:36:17.0851 5224 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:36:17.0915 5224 lmhosts - ok 19:36:18.0072 5224 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:36:18.0155 5224 LMS - ok 19:36:18.0544 5224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 19:36:18.0588 5224 LSI_FC - ok 19:36:18.0976 5224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 19:36:19.0005 5224 LSI_SAS - ok 19:36:19.0400 5224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 19:36:19.0432 5224 LSI_SAS2 - ok 19:36:19.0803 5224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 19:36:19.0833 5224 LSI_SCSI - ok 19:36:20.0191 5224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:36:20.0268 5224 luafv - ok 19:36:20.0569 5224 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 19:36:20.0608 5224 Mcx2Svc - ok 19:36:20.0981 5224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 19:36:21.0015 5224 megasas - ok 19:36:21.0405 5224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 19:36:21.0453 5224 MegaSR - ok 19:36:21.0838 5224 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 19:36:21.0870 5224 MEIx64 - ok 19:36:22.0143 5224 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:36:22.0244 5224 MMCSS - ok 19:36:22.0598 5224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:36:22.0650 5224 Modem - ok 19:36:23.0009 5224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:36:23.0048 5224 monitor - ok 19:36:23.0414 5224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:36:23.0448 5224 mouclass - ok 19:36:23.0853 5224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:36:23.0915 5224 mouhid - ok 19:36:24.0268 5224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:36:24.0292 5224 mountmgr - ok 19:36:24.0659 5224 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys 19:36:24.0704 5224 MpFilter - ok 19:36:25.0057 5224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:36:25.0101 5224 mpio - ok 19:36:25.0462 5224 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys 19:36:25.0496 5224 MpNWMon - ok 19:36:25.0861 5224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:36:25.0914 5224 mpsdrv - ok 19:36:26.0172 5224 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 19:36:26.0229 5224 MpsSvc - ok 19:36:26.0596 5224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:36:26.0641 5224 MRxDAV - ok 19:36:27.0005 5224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:36:27.0046 5224 mrxsmb - ok 19:36:27.0411 5224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:36:27.0442 5224 mrxsmb10 - ok 19:36:27.0808 5224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:36:27.0846 5224 mrxsmb20 - ok 19:36:28.0209 5224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:36:28.0227 5224 msahci - ok 19:36:28.0598 5224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:36:28.0640 5224 msdsm - ok 19:36:28.0897 5224 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:36:28.0951 5224 MSDTC - ok 19:36:29.0317 5224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:36:29.0369 5224 Msfs - ok 19:36:29.0750 5224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:36:29.0795 5224 mshidkmdf - ok 19:36:30.0162 5224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:36:30.0212 5224 msisadrv - ok 19:36:30.0491 5224 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:36:30.0571 5224 MSiSCSI - ok 19:36:30.0793 5224 msiserver - ok 19:36:31.0179 5224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:36:31.0246 5224 MSKSSRV - ok 19:36:31.0371 5224 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 19:36:31.0396 5224 MsMpSvc - ok 19:36:31.0779 5224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:36:31.0850 5224 MSPCLOCK - ok 19:36:32.0235 5224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:36:32.0297 5224 MSPQM - ok 19:36:32.0667 5224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:36:32.0708 5224 MsRPC - ok 19:36:33.0066 5224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:36:33.0082 5224 mssmbios - ok 19:36:33.0430 5224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:36:33.0492 5224 MSTEE - ok 19:36:33.0845 5224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 19:36:33.0885 5224 MTConfig - ok 19:36:34.0264 5224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:36:34.0283 5224 Mup - ok 19:36:34.0559 5224 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 19:36:34.0629 5224 napagent - ok 19:36:35.0032 5224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:36:35.0082 5224 NativeWifiP - ok 19:36:35.0483 5224 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 19:36:35.0519 5224 NDIS - ok 19:36:35.0905 5224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:36:35.0967 5224 NdisCap - ok 19:36:36.0361 5224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:36:36.0418 5224 NdisTapi - ok 19:36:36.0806 5224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:36:36.0843 5224 Ndisuio - ok 19:36:37.0210 5224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:36:37.0292 5224 NdisWan - ok 19:36:37.0644 5224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:36:37.0708 5224 NDProxy - ok 19:36:38.0089 5224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:36:38.0143 5224 NetBIOS - ok 19:36:38.0507 5224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:36:38.0578 5224 NetBT - ok 19:36:38.0821 5224 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:38.0854 5224 Netlogon - ok 19:36:39.0143 5224 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:36:39.0202 5224 Netman - ok 19:36:39.0531 5224 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:39.0553 5224 NetMsmqActivator - ok 19:36:39.0556 5224 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:39.0578 5224 NetPipeActivator - ok 19:36:39.0836 5224 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:36:39.0924 5224 netprofm - ok 19:36:40.0254 5224 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:40.0295 5224 NetTcpActivator - ok 19:36:40.0301 5224 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:40.0324 5224 NetTcpPortSharing - ok 19:36:40.0692 5224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 19:36:40.0716 5224 nfrd960 - ok 19:36:41.0088 5224 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:36:41.0123 5224 NisDrv - ok 19:36:41.0244 5224 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 19:36:41.0299 5224 NisSrv - ok 19:36:41.0586 5224 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 19:36:41.0664 5224 NlaSvc - ok 19:36:42.0025 5224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:36:42.0087 5224 Npfs - ok 19:36:42.0341 5224 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:36:42.0403 5224 nsi - ok 19:36:42.0758 5224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:36:42.0795 5224 nsiproxy - ok 19:36:43.0193 5224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:36:43.0246 5224 Ntfs - ok 19:36:43.0638 5224 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys 19:36:43.0670 5224 NuidFltr - ok 19:36:44.0032 5224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:36:44.0087 5224 Null - ok 19:36:44.0456 5224 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 19:36:44.0516 5224 NVENETFD - ok 19:36:44.0901 5224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:36:44.0928 5224 nvraid - ok 19:36:45.0284 5224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:36:45.0346 5224 nvstor - ok 19:36:45.0736 5224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:36:45.0781 5224 nv_agp - ok 19:36:45.0957 5224 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:36:46.0023 5224 odserv - ok 19:36:46.0386 5224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:36:46.0431 5224 ohci1394 - ok 19:36:46.0552 5224 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:36:46.0628 5224 ose - ok 19:36:46.0795 5224 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:36:46.0998 5224 osppsvc - ok 19:36:47.0266 5224 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:36:47.0306 5224 p2pimsvc - ok 19:36:47.0572 5224 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:36:47.0618 5224 p2psvc - ok 19:36:47.0984 5224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 19:36:48.0020 5224 Parport - ok 19:36:48.0380 5224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 19:36:48.0401 5224 partmgr - ok 19:36:48.0662 5224 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 19:36:48.0730 5224 PcaSvc - ok 19:36:49.0105 5224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:36:49.0146 5224 pci - ok 19:36:49.0505 5224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:36:49.0525 5224 pciide - ok 19:36:49.0897 5224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 19:36:49.0943 5224 pcmcia - ok 19:36:50.0301 5224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:36:50.0328 5224 pcw - ok 19:36:50.0701 5224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:36:50.0760 5224 PEAUTH - ok 19:36:51.0025 5224 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:36:51.0069 5224 PerfHost - ok 19:36:51.0360 5224 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 19:36:51.0430 5224 pla - ok 19:36:51.0719 5224 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 19:36:51.0771 5224 PlugPlay - ok 19:36:52.0023 5224 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:36:52.0048 5224 PNRPAutoReg - ok 19:36:52.0308 5224 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:36:52.0340 5224 PNRPsvc - ok 19:36:52.0719 5224 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 19:36:52.0743 5224 Point64 - ok 19:36:53.0026 5224 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 19:36:53.0088 5224 PolicyAgent - ok 19:36:53.0335 5224 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 19:36:53.0385 5224 Power - ok 19:36:53.0771 5224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:36:53.0810 5224 PptpMiniport - ok 19:36:54.0169 5224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 19:36:54.0206 5224 Processor - ok 19:36:54.0489 5224 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 19:36:54.0549 5224 ProfSvc - ok 19:36:54.0788 5224 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:54.0810 5224 ProtectedStorage - ok 19:36:55.0189 5224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:36:55.0237 5224 Psched - ok 19:36:55.0633 5224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 19:36:55.0700 5224 ql2300 - ok 19:36:56.0062 5224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 19:36:56.0097 5224 ql40xx - ok 19:36:56.0366 5224 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:36:56.0425 5224 QWAVE - ok 19:36:56.0787 5224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:36:56.0846 5224 QWAVEdrv - ok 19:36:57.0209 5224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:36:57.0250 5224 RasAcd - ok 19:36:57.0635 5224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:36:57.0692 5224 RasAgileVpn - ok 19:36:57.0944 5224 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:36:58.0008 5224 RasAuto - ok 19:36:58.0390 5224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:36:58.0428 5224 Rasl2tp - ok 19:36:58.0698 5224 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 19:36:58.0770 5224 RasMan - ok 19:36:59.0147 5224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:36:59.0204 5224 RasPppoe - ok 19:36:59.0595 5224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:36:59.0634 5224 RasSstp - ok 19:37:00.0001 5224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:37:00.0043 5224 rdbss - ok 19:37:00.0405 5224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 19:37:00.0445 5224 rdpbus - ok 19:37:00.0800 5224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:37:00.0842 5224 RDPCDD - ok 19:37:01.0222 5224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:37:01.0259 5224 RDPENCDD - ok 19:37:01.0611 5224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:37:01.0648 5224 RDPREFMP - ok 19:37:02.0020 5224 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 19:37:02.0064 5224 RDPWD - ok 19:37:02.0449 5224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:37:02.0473 5224 rdyboost - ok 19:37:02.0729 5224 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:37:02.0805 5224 RemoteAccess - ok 19:37:03.0064 5224 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:37:03.0145 5224 RemoteRegistry - ok 19:37:03.0522 5224 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:37:03.0589 5224 RFCOMM - ok 19:37:03.0871 5224 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:37:03.0918 5224 RpcEptMapper - ok 19:37:04.0183 5224 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:37:04.0227 5224 RpcLocator - ok 19:37:04.0508 5224 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll 19:37:04.0580 5224 RpcSs - ok 19:37:04.0955 5224 RSPCIESTOR (6e5c3d18c3bcc72aa527dbc5fa61ab8f) C:\Windows\system32\DRIVERS\RtsPStor.sys 19:37:04.0991 5224 RSPCIESTOR - ok 19:37:05.0354 5224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:37:05.0402 5224 rspndr - ok 19:37:05.0819 5224 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys 19:37:05.0852 5224 RTL8167 - ok 19:37:06.0122 5224 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:37:06.0144 5224 SamSs - ok 19:37:06.0533 5224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:37:06.0550 5224 sbp2port - ok 19:37:06.0850 5224 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:37:06.0911 5224 SCardSvr - ok 19:37:07.0267 5224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:37:07.0303 5224 scfilter - ok 19:37:07.0575 5224 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 19:37:07.0637 5224 Schedule - ok 19:37:07.0879 5224 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:37:07.0942 5224 SCPolicySvc - ok 19:37:08.0306 5224 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 19:37:08.0389 5224 sdbus - ok 19:37:08.0649 5224 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 19:37:08.0694 5224 SDRSVC - ok 19:37:09.0071 5224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:37:09.0119 5224 secdrv - ok 19:37:09.0370 5224 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 19:37:09.0425 5224 seclogon - ok 19:37:09.0685 5224 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 19:37:09.0754 5224 SENS - ok 19:37:10.0010 5224 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:37:10.0045 5224 SensrSvc - ok 19:37:10.0395 5224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 19:37:10.0412 5224 Serenum - ok 19:37:10.0793 5224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 19:37:10.0828 5224 Serial - ok 19:37:11.0265 5224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 19:37:11.0300 5224 sermouse - ok 19:37:11.0568 5224 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 19:37:11.0635 5224 SessionEnv - ok 19:37:12.0002 5224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:37:12.0037 5224 sffdisk - ok 19:37:12.0398 5224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:37:12.0443 5224 sffp_mmc - ok 19:37:12.0800 5224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:37:12.0825 5224 sffp_sd - ok 19:37:13.0186 5224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 19:37:13.0225 5224 sfloppy - ok 19:37:13.0649 5224 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 19:37:13.0699 5224 Sftfs - ok 19:37:13.0831 5224 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 19:37:13.0952 5224 sftlist - ok 19:37:14.0357 5224 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 19:37:14.0389 5224 Sftplay - ok 19:37:14.0777 5224 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 19:37:14.0795 5224 Sftredir - ok 19:37:15.0193 5224 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 19:37:15.0227 5224 Sftvol - ok 19:37:15.0332 5224 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 19:37:15.0445 5224 sftvsa - ok 19:37:15.0735 5224 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:37:15.0806 5224 SharedAccess - ok 19:37:16.0053 5224 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 19:37:16.0107 5224 ShellHWDetection - ok 19:37:16.0466 5224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 19:37:16.0498 5224 SiSRaid2 - ok 19:37:16.0856 5224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 19:37:16.0875 5224 SiSRaid4 - ok 19:37:16.0989 5224 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 19:37:17.0106 5224 SkypeUpdate - ok 19:37:17.0470 5224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:37:17.0509 5224 Smb - ok 19:37:17.0794 5224 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:37:17.0821 5224 SNMPTRAP - ok 19:37:18.0193 5224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:37:18.0214 5224 spldr - ok 19:37:18.0464 5224 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 19:37:18.0562 5224 Spooler - ok 19:37:18.0864 5224 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 19:37:18.0978 5224 sppsvc - ok 19:37:19.0238 5224 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:37:19.0298 5224 sppuinotify - ok 19:37:19.0674 5224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:37:19.0706 5224 srv - ok 19:37:20.0089 5224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:37:20.0114 5224 srv2 - ok 19:37:20.0536 5224 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 19:37:20.0559 5224 SrvHsfHDA - ok 19:37:20.0983 5224 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 19:37:21.0036 5224 SrvHsfV92 - ok 19:37:21.0507 5224 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 19:37:21.0544 5224 SrvHsfWinac - ok 19:37:21.0929 5224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:37:21.0954 5224 srvnet - ok 19:37:22.0230 5224 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:37:22.0306 5224 SSDPSRV - ok 19:37:22.0560 5224 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:37:22.0622 5224 SstpSvc - ok 19:37:22.0807 5224 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe 19:37:22.0890 5224 STacSV - ok 19:37:23.0253 5224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 19:37:23.0281 5224 stexstor - ok 19:37:23.0704 5224 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys 19:37:23.0750 5224 STHDA - ok 19:37:24.0037 5224 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 19:37:24.0076 5224 stisvc - ok 19:37:24.0446 5224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:37:24.0479 5224 swenum - ok 19:37:24.0799 5224 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:37:24.0877 5224 swprv - ok 19:37:25.0265 5224 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys 19:37:25.0309 5224 SynTP - ok 19:37:25.0604 5224 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 19:37:25.0656 5224 SysMain - ok 19:37:25.0908 5224 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 19:37:25.0951 5224 TabletInputService - ok 19:37:26.0195 5224 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 19:37:26.0257 5224 TapiSrv - ok 19:37:26.0509 5224 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:37:26.0568 5224 TBS - ok 19:37:26.0984 5224 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 19:37:27.0036 5224 Tcpip - ok 19:37:27.0467 5224 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 19:37:27.0527 5224 TCPIP6 - ok 19:37:27.0882 5224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:37:27.0949 5224 tcpipreg - ok 19:37:28.0304 5224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:37:28.0333 5224 TDPIPE - ok 19:37:28.0709 5224 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 19:37:28.0741 5224 TDTCP - ok 19:37:29.0121 5224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:37:29.0206 5224 tdx - ok 19:37:29.0571 5224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:37:29.0588 5224 TermDD - ok 19:37:29.0868 5224 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 19:37:29.0951 5224 TermService - ok 19:37:30.0192 5224 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:37:30.0224 5224 Themes - ok 19:37:30.0469 5224 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:37:30.0515 5224 THREADORDER - ok 19:37:30.0817 5224 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:37:30.0865 5224 TrkWks - ok 19:37:30.0982 5224 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 19:37:31.0033 5224 TrustedInstaller - ok 19:37:31.0333 5224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:37:31.0382 5224 tssecsrv - ok 19:37:31.0834 5224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:37:31.0866 5224 TsUsbFlt - ok 19:37:32.0224 5224 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 19:37:32.0250 5224 TsUsbGD - ok 19:37:32.0648 5224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:37:32.0736 5224 tunnel - ok 19:37:33.0111 5224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 19:37:33.0152 5224 uagp35 - ok 19:37:33.0511 5224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:37:33.0565 5224 udfs - ok 19:37:33.0821 5224 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:37:33.0881 5224 UI0Detect - ok 19:37:34.0421 5224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:37:34.0437 5224 uliagpkx - ok 19:37:34.0789 5224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 19:37:34.0805 5224 umbus - ok 19:37:35.0347 5224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 19:37:35.0364 5224 UmPass - ok 19:37:35.0521 5224 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:37:35.0737 5224 UNS - ok 19:37:36.0004 5224 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:37:36.0073 5224 upnphost - ok 19:37:36.0433 5224 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:37:36.0460 5224 usbccgp - ok 19:37:36.0857 5224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:37:36.0878 5224 usbcir - ok 19:37:37.0240 5224 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 19:37:37.0280 5224 usbehci - ok 19:37:37.0647 5224 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:37:37.0702 5224 usbhub - ok 19:37:38.0057 5224 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:37:38.0072 5224 usbohci - ok 19:37:38.0454 5224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:37:38.0491 5224 usbprint - ok 19:37:38.0851 5224 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:37:38.0905 5224 USBSTOR - ok 19:37:39.0258 5224 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 19:37:39.0291 5224 usbuhci - ok 19:37:39.0674 5224 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 19:37:39.0699 5224 usbvideo - ok 19:37:39.0935 5224 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:37:39.0998 5224 UxSms - ok 19:37:40.0236 5224 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:37:40.0276 5224 VaultSvc - ok 19:37:40.0635 5224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:37:40.0671 5224 vdrvroot - ok 19:37:40.0915 5224 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 19:37:40.0969 5224 vds - ok 19:37:41.0308 5224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:37:41.0336 5224 vga - ok 19:37:41.0675 5224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:37:41.0724 5224 VgaSave - ok 19:37:42.0073 5224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:37:42.0113 5224 vhdmp - ok 19:37:42.0469 5224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:37:42.0487 5224 viaide - ok 19:37:42.0854 5224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:37:42.0878 5224 volmgr - ok 19:37:43.0235 5224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:37:43.0257 5224 volmgrx - ok 19:37:43.0616 5224 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys 19:37:43.0662 5224 volsnap - ok 19:37:44.0009 5224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 19:37:44.0044 5224 vsmraid - ok 19:37:44.0313 5224 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 19:37:44.0381 5224 VSS - ok 19:37:44.0733 5224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:37:44.0752 5224 vwifibus - ok 19:37:45.0134 5224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:37:45.0177 5224 vwififlt - ok 19:37:45.0534 5224 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 19:37:45.0564 5224 vwifimp - ok 19:37:45.0800 5224 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:37:45.0853 5224 W32Time - ok 19:37:46.0192 5224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 19:37:46.0215 5224 WacomPen - ok 19:37:46.0594 5224 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:37:46.0653 5224 WANARP - ok 19:37:46.0674 5224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:37:46.0712 5224 Wanarpv6 - ok 19:37:47.0016 5224 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 19:37:47.0233 5224 WatAdminSvc - ok 19:37:47.0506 5224 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 19:37:47.0604 5224 wbengine - ok 19:37:47.0863 5224 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:37:47.0911 5224 WbioSrvc - ok 19:37:48.0167 5224 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 19:37:48.0245 5224 wcncsvc - ok 19:37:48.0498 5224 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:37:48.0543 5224 WcsPlugInService - ok 19:37:48.0908 5224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 19:37:48.0941 5224 Wd - ok 19:37:49.0320 5224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:37:49.0363 5224 Wdf01000 - ok 19:37:49.0611 5224 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:37:49.0644 5224 WdiServiceHost - ok 19:37:49.0648 5224 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:37:49.0681 5224 WdiSystemHost - ok 19:37:49.0938 5224 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 19:37:49.0982 5224 WebClient - ok 19:37:50.0232 5224 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:37:50.0295 5224 Wecsvc - ok 19:37:50.0542 5224 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:37:50.0620 5224 wercplsupport - ok 19:37:50.0902 5224 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:37:50.0951 5224 WerSvc - ok 19:37:51.0312 5224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:37:51.0368 5224 WfpLwf - ok 19:37:51.0734 5224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:37:51.0760 5224 WIMMount - ok 19:37:51.0825 5224 WinDefend - ok 19:37:51.0832 5224 WinHttpAutoProxySvc - ok 19:37:52.0165 5224 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:37:52.0254 5224 Winmgmt - ok 19:37:52.0544 5224 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 19:37:52.0622 5224 WinRM - ok 19:37:52.0923 5224 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:37:52.0973 5224 Wlansvc - ok 19:37:53.0093 5224 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:37:53.0115 5224 wlcrasvc - ok 19:37:53.0209 5224 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:37:53.0317 5224 wlidsvc - ok 19:37:53.0673 5224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:37:53.0716 5224 WmiAcpi - ok 19:37:54.0059 5224 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:37:54.0097 5224 wmiApSrv - ok 19:37:54.0184 5224 WMPNetworkSvc - ok 19:37:54.0434 5224 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:37:54.0492 5224 WPCSvc - ok 19:37:54.0760 5224 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 19:37:54.0803 5224 WPDBusEnum - ok 19:37:55.0169 5224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:37:55.0231 5224 ws2ifsl - ok 19:37:55.0510 5224 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 19:37:55.0577 5224 wscsvc - ok 19:37:55.0798 5224 WSearch - ok 19:37:56.0111 5224 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 19:37:56.0190 5224 wuauserv - ok 19:37:56.0559 5224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:37:56.0628 5224 WudfPf - ok 19:37:57.0006 5224 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:37:57.0077 5224 WUDFRd - ok 19:37:57.0336 5224 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 19:37:57.0385 5224 wudfsvc - ok 19:37:57.0633 5224 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll 19:37:57.0697 5224 WwanSvc - ok 19:37:57.0765 5224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:37:58.0521 5224 \Device\Harddisk0\DR0 - ok 19:37:58.0529 5224 Boot (0x1200) (61414348ad765f8677f348259a98e5e3) \Device\Harddisk0\DR0\Partition0 19:37:58.0531 5224 \Device\Harddisk0\DR0\Partition0 - ok 19:37:58.0549 5224 Boot (0x1200) (dfd349396010a7896f2b36d3ad9419e1) \Device\Harddisk0\DR0\Partition1 19:37:58.0551 5224 \Device\Harddisk0\DR0\Partition1 - ok 19:37:58.0584 5224 Boot (0x1200) (76a9b4c03494550f111e0d90beb4bedf) \Device\Harddisk0\DR0\Partition2 19:37:58.0585 5224 \Device\Harddisk0\DR0\Partition2 - ok 19:37:58.0596 5224 Boot (0x1200) (be328afc6894cfab5a8255940a2fe303) \Device\Harddisk0\DR0\Partition3 19:37:58.0597 5224 \Device\Harddisk0\DR0\Partition3 - ok 19:37:58.0598 5224 ============================================================ 19:37:58.0598 5224 Scan finished 19:37:58.0598 5224 ============================================================ 19:37:58.0612 4668 Detected object count: 0 19:37:58.0612 4668 Actual detected object count: 0

Are these popups associated with your browser? I mean, when you open your browser, you only see them or not? That's what I asked you earlier. I haven't seen a direct connection with a browser. Usually I have been using IE. Once I openned Skype and then is appeared. IE is open right now and the pop up still hasn't appeared. Log: ComboFix 12-04-22.02 - Chava 04/23/2012 13:05:56.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4256 [GMT 3:00] Running from: c:\users\Chava\Downloads\ComboFix.exe Command switches used :: c:\users\Chava\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\$AVG c:\$avg\$VAULT\V_00000002.fil c:\$avg\$VAULT\V_00000004.fil c:\$avg\$VAULT\vvfolder.idx c:\program files (x86)\AVG c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\chrome.manifest c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\Chrome\donottrack.jar c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences\defaults.js c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\install.rdf c:\program files (x86)\AVG\AVG2012\html\reportcard\avg_logo.png c:\program files (x86)\AVG\AVG2012\html\reportcard\awards.png c:\program files (x86)\AVG\AVG2012\html\reportcard\index.html c:\program files (x86)\AVG\AVG2012\html\reportcard\menu-bg.png c:\program files (x86)\AVG\AVG2012\html\reportcard\menu-content-bg.png c:\program files (x86)\AVG\AVG2012\html\reportcard\menu-footer-bg.png c:\program files (x86)\AVG\AVG2012\html\reportcard\reportcard.css c:\program files (x86)\AVG\AVG2012\html\reportcard\table_bg.png c:\program files (x86)\Common Files\AVG Secure Search c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\10.2.0\CommonInstaller.exe c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\10.2.0\ScriptHelper.exe c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\10.2.0\toolband c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\UpdaterConfig.ini c:\programdata\AVG2012 c:\programdata\AVG2012\fet\9085836990858369.dat c:\programdata\AVG2012\fet\a44458e84458beac.dat c:\programdata\AVG2012\fet\ba8e53138e52c811.dat c:\programdata\AVG2012\fet\ca2e05502e05374b.dat c:\programdata\AVG2012\fet\eus-10042012-08.dat c:\programdata\AVG2012\fet\eus-10042012-09.dat c:\programdata\AVG2012\fet\eus-10042012-10.dat c:\programdata\AVG2012\fet\eus-11042012-08.dat c:\programdata\AVG2012\fet\eus-11042012-09.dat c:\programdata\AVG2012\fet\eus-12042012-08.dat c:\programdata\AVG2012\fet\eus-12042012-09.dat c:\programdata\AVG2012\fet\eus-15042012-03.dat c:\programdata\AVG2012\fet\eus-15042012-04.dat c:\programdata\AVG2012\fet\eus-15042012-05.dat c:\programdata\AVG2012\fet\eus-15042012-06.dat c:\programdata\AVG2012\fet\eus-15042012-07.dat c:\programdata\AVG2012\fet\eus-15042012-10.dat c:\programdata\AVG2012\fet\eus-15042012-11.dat c:\programdata\AVG2012\fet\eus-15042012-12.dat c:\programdata\AVG2012\fet\eus-15042012-13.dat c:\programdata\AVG2012\fet\eus-15042012-14.dat c:\programdata\AVG2012\fet\eus-15042012-15.dat c:\programdata\AVG2012\fet\eus-15042012-16.dat c:\programdata\AVG2012\fet\eus-15042012-17.dat c:\programdata\AVG2012\fet\eus-16042012-08.dat c:\programdata\AVG2012\fet\eus-16042012-10.dat c:\programdata\AVG2012\fet\eus-16042012-11.dat c:\programdata\AVG2012\fet\eus-16042012-12.dat c:\programdata\AVG2012\fet\eus-16042012-13.dat c:\programdata\AVG2012\fet\eus-17042012-11.dat c:\programdata\AVG2012\fet\eus-17042012-12.dat c:\programdata\AVG2012\fet\eus-17042012-13.dat c:\programdata\AVG2012\fet\eus-17042012-14.dat c:\programdata\AVG2012\fet\eus-18042012-07.dat c:\programdata\AVG2012\fet\eus-18042012-12.dat c:\programdata\AVG2012\fet\eus-18042012-13.dat c:\programdata\AVG2012\fet\eus-18042012-14.dat c:\programdata\AVG2012\fet\eus-19042012-00.dat c:\programdata\AVG2012\fet\eus-19042012-18.dat c:\programdata\AVG2012\fet\eus-19042012-21.dat c:\programdata\AVG2012\fet\eus-19042012-23.dat c:\programdata\AVG2012\fet\eus-20042012-15.dat c:\programdata\AVG2012\IDS\outbox\2\12 c:\programdata\AVG2012\IDS\outbox\3\13 c:\programdata\AVG2012\IDS\outbox\4\14 c:\programdata\AVG2012\IDS\outbox\5\15 c:\programdata\AVG2012\IDS\outbox\6\16 c:\programdata\AVG2012\IDS\outbox\7\17 c:\programdata\AVG2012\IDS\outbox\8\18 c:\users\Chava\AppData\Roaming\AVG2012 c:\users\Chava\AppData\Roaming\AVG2012\cfgall\userawacs.cfg c:\users\Chava\AppData\Roaming\AVG2012\cfgall\usergui.cfg c:\users\Chava\AppData\Roaming\Mozilla\Firefox\Profiles\nm84bhij.default\weave\toFetch . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-23 10:10 . 2012-04-23 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-23 09:29 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{972E9EC1-B58A-44A0-8215-21A6F4A703FD}\mpengine.dll 2012-04-22 15:38 . 2012-04-22 15:38 -------- d-----w- c:\users\Chava\AppData\Local\CrashDumps 2012-04-18 21:38 . 2012-04-18 21:38 -------- d-----w- c:\users\Chava\AppData\Local\PackageAware 2012-04-18 21:26 . 2012-04-18 21:26 -------- d-----w- c:\users\Chava\AppData\Local\Wisdom-soft 2012-04-18 21:25 . 2012-04-18 21:26 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 6.0 Free 2012-04-17 17:28 . 2012-04-17 17:28 -------- d-----w- C:\_OTL 2012-04-15 13:25 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-15 13:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-15 13:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-15 13:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-15 13:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-15 13:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-15 13:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-15 13:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-15 13:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-15 13:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-15 10:43 . 2012-04-15 10:43 -------- d-----w- c:\programdata\IObit 2012-04-15 10:43 . 2012-04-15 11:07 -------- d-----w- c:\users\Chava\AppData\Roaming\IObit 2012-04-15 10:42 . 2012-04-15 10:42 -------- d-----w- c:\program files (x86)\IObit 2012-04-15 10:03 . 2012-04-15 10:03 -------- d-----w- c:\program files\Google 2012-04-15 10:00 . 2012-04-15 10:03 -------- d-----w- c:\program files (x86)\Google 2012-04-06 09:15 . 2012-04-22 16:37 -------- d-----w- c:\users\Chava\AppData\Local\cache 2012-04-06 09:14 . 2012-04-06 09:14 -------- d-----w- c:\programdata\FLEXnet 2012-04-06 09:08 . 2012-04-06 09:08 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-04-06 09:07 . 2012-04-22 15:18 -------- d-----w- c:\users\Chava\AppData\Local\Autodesk 2012-04-06 09:04 . 2012-04-06 09:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-04-06 09:04 . 2012-04-06 09:10 -------- d-----w- c:\program files\Autodesk 2012-04-06 09:03 . 2012-04-06 09:03 -------- d-----w- c:\program files (x86)\Autodesk 2012-04-06 09:02 . 2012-04-06 09:11 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2012-04-06 08:54 . 2012-04-22 15:16 -------- d-----w- c:\users\Chava\AppData\Roaming\Autodesk 2012-04-06 08:54 . 2012-04-22 15:16 -------- d-----w- c:\programdata\Autodesk 2012-04-06 06:17 . 2012-04-06 06:17 -------- d-----w- C:\Autodesk 2012-04-06 06:12 . 2012-04-10 13:44 -------- d-----w- c:\programdata\VirtualizedApplications 2012-04-06 06:04 . 2012-04-15 10:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-05 05:41 . 2012-04-05 05:41 -------- d-----w- c:\users\Chava\AppData\Local\HP 2012-04-05 05:35 . 2012-04-05 05:35 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\users\Chava\AppData\Roaming\Malwarebytes 2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\programdata\Malwarebytes 2012-04-05 05:20 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-05 05:20 . 2012-04-15 10:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-05 05:00 . 2012-04-05 05:00 -------- d--h--w- c:\programdata\Common Files 2012-04-05 04:59 . 2012-04-21 20:59 -------- d-----w- c:\programdata\MFAData 2012-03-31 18:15 . 2012-03-31 18:15 -------- d-----w- c:\users\Chava\AppData\Local\SoftGrid Client 2012-03-31 18:15 . 2012-04-15 10:28 -------- d-----w- c:\users\Chava\AppData\Roaming\SoftGrid Client 2012-03-31 18:15 . 2012-04-05 08:06 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-03-31 18:14 . 2012-03-31 18:16 -------- d-----w- c:\users\Chava\AppData\Roaming\TP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 10:37 . 2011-10-30 03:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-13 08:46 . 2012-02-26 21:34 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-19 16:50 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-19 03:36 . 2012-02-19 03:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{952B9BB0-284B-473D-89C9-95083382F3BE}\gapaengine.dll 2012-02-17 06:38 . 2012-03-17 02:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-17 02:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-17 02:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-17 02:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:36 . 2012-03-17 02:46 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-17 02:46 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-07 00:39 . 2012-02-07 00:39 16808 ----a-w- c:\windows\system32\AcSignExtRes.dll 2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\styleman.cpl 2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\plotman.cpl 2012-02-07 00:38 . 2012-02-07 00:38 47016 ----a-w- c:\windows\system32\AcSignIcon.dll 2012-02-07 00:38 . 2012-02-07 00:38 435624 ----a-w- c:\windows\system32\AcSignOpt.exe 2012-02-07 00:38 . 2012-02-07 00:38 35240 ----a-w- c:\windows\system32\AcSignExt.dll 2012-02-03 04:34 . 2012-03-17 02:46 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 06:38 . 2012-03-17 02:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-17 02:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-17 02:45 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-04-18_21.06.58 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-04-17 17:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-21 20:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-21 20:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-17 17:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-21 20:52 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-17 17:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-04-21 21:01 48704 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-22 19:24 39632 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2012-02-18 02:16 . 2012-04-18 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-18 02:16 . 2012-04-23 09:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-04-18 17:39 . 2012-04-23 09:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-04-18 17:39 . 2012-04-18 20:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-23 09:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-18 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-04-19 04:26 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-02-18 12:01 . 2012-04-22 19:24 8168 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158178755-1681758875-57547459-1000_UserData.bin - 2012-04-18 21:06 . 2012-04-18 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-22 19:21 . 2012-04-22 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-22 19:21 . 2012-04-22 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-18 21:06 . 2012-04-18 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-17 19:35 . 2012-04-23 09:58 267982 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-04-18 20:48 662862 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-23 09:59 662862 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-04-18 20:48 122400 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-23 09:59 122400 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-04-18 21:05 325360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-04-22 18:09 325360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-04-19 20:22 . 2012-04-19 20:22 326128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1003-8192.dat - 2012-03-16 21:09 . 2012-04-15 13:29 724324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-12288.dat + 2012-03-16 21:09 . 2012-04-19 04:28 724324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-12288.dat - 2011-10-30 09:00 . 2012-04-18 17:33 1069320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-10-30 09:00 . 2012-04-21 22:41 1069320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-02-18 12:19 . 2012-04-22 18:09 8280652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chromium"="c:\users\Chava\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-15 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;????? Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-06 1432400] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-19 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-09-01 2425960] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x] S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000Core.job - c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000UA.job - c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05] . 2012-04-16 c:\windows\Tasks\HPCeeScheduleForCHAVA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-04-15 c:\windows\Tasks\HPCeeScheduleForChava.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680] . ------- Supplementary Scan ------- . uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\Chava\AppData\Roaming\Mozilla\Firefox\Profiles\nm84bhij.default\ FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Diw&scc=1&ltmpl=default&ltmplcache=2&hl=iw . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-23 13:12:45 ComboFix-quarantined-files.txt 2012-04-23 10:12 ComboFix2.txt 2012-04-21 21:20 ComboFix3.txt 2012-04-18 22:01 ComboFix4.txt 2012-04-18 21:11 . Pre-Run: 656,777,838,592 bytes free Post-Run: 656,667,766,784 bytes free . - - End Of File - - D83DCC566C5E5F313E10EF53CD17ED9C

I cleaned up AVG. And I deleted the old Combofix. And downloaded another. Here is the log: ComboFix 12-04-20.03 - Chava 04/22/2012 0:14.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4093 [GMT 3:00] Running from: c:\users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZYEA78WF\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 ))))))))))))))))))))))))))))))) . . 2012-04-21 21:18 . 2012-04-21 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-21 21:11 . 2012-04-21 21:11 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D3B3716-6ECC-41F9-AFB3-E9D1CA4F2C0B}\offreg.dll 2012-04-21 21:11 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D3B3716-6ECC-41F9-AFB3-E9D1CA4F2C0B}\mpengine.dll 2012-04-18 21:38 . 2012-04-18 21:38 -------- d-----w- c:\users\Chava\AppData\Local\PackageAware 2012-04-18 21:26 . 2012-04-18 21:26 -------- d-----w- c:\users\Chava\AppData\Local\Wisdom-soft 2012-04-18 21:25 . 2012-04-18 21:26 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 6.0 Free 2012-04-17 17:28 . 2012-04-17 17:28 -------- d-----w- C:\_OTL 2012-04-15 13:25 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-15 13:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-15 13:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-15 13:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-15 13:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-15 13:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-15 13:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-15 13:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-15 13:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-15 13:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-15 10:43 . 2012-04-15 10:43 -------- d-----w- c:\programdata\IObit 2012-04-15 10:43 . 2012-04-15 11:07 -------- d-----w- c:\users\Chava\AppData\Roaming\IObit 2012-04-15 10:42 . 2012-04-15 10:42 -------- d-----w- c:\program files (x86)\IObit 2012-04-15 10:03 . 2012-04-15 10:03 -------- d-----w- c:\program files\Google 2012-04-15 10:00 . 2012-04-15 10:03 -------- d-----w- c:\program files (x86)\Google 2012-04-06 09:15 . 2012-04-19 16:18 -------- d-----w- c:\users\Chava\AppData\Local\cache 2012-04-06 09:14 . 2012-04-06 09:14 -------- d-----w- c:\programdata\FLEXnet 2012-04-06 09:08 . 2012-04-06 09:08 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-04-06 09:07 . 2012-04-06 09:13 -------- d-----w- c:\users\Chava\AppData\Local\Autodesk 2012-04-06 09:04 . 2012-04-06 09:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-04-06 09:04 . 2012-04-06 09:10 -------- d-----w- c:\program files\Autodesk 2012-04-06 09:03 . 2012-04-06 09:03 -------- d-----w- c:\program files (x86)\Autodesk 2012-04-06 09:02 . 2012-04-06 09:11 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2012-04-06 08:54 . 2012-04-15 08:13 -------- d-----w- c:\users\Chava\AppData\Roaming\Autodesk 2012-04-06 08:54 . 2012-04-15 08:13 -------- d-----w- c:\programdata\Autodesk 2012-04-06 06:17 . 2012-04-06 06:17 -------- d-----w- C:\Autodesk 2012-04-06 06:12 . 2012-04-10 13:44 -------- d-----w- c:\programdata\VirtualizedApplications 2012-04-06 06:04 . 2012-04-15 10:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-05 05:41 . 2012-04-05 05:41 -------- d-----w- c:\users\Chava\AppData\Local\HP 2012-04-05 05:35 . 2012-04-05 05:35 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\users\Chava\AppData\Roaming\Malwarebytes 2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\programdata\Malwarebytes 2012-04-05 05:20 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-05 05:20 . 2012-04-15 10:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-05 05:11 . 2012-04-05 05:11 -------- d-----w- c:\users\Chava\AppData\Roaming\AVG2012 2012-04-05 05:09 . 2012-04-05 05:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-04-05 05:09 . 2012-04-21 20:59 -------- d-----w- c:\programdata\AVG2012 2012-04-05 05:09 . 2012-04-05 05:09 -------- d-----w- C:\$AVG 2012-04-05 05:08 . 2012-04-05 05:08 -------- d-----w- c:\program files (x86)\AVG 2012-04-05 05:00 . 2012-04-05 05:00 -------- d--h--w- c:\programdata\Common Files 2012-04-05 04:59 . 2012-04-21 20:59 -------- d-----w- c:\programdata\MFAData 2012-03-31 18:15 . 2012-03-31 18:15 -------- d-----w- c:\users\Chava\AppData\Local\SoftGrid Client 2012-03-31 18:15 . 2012-04-15 10:28 -------- d-----w- c:\users\Chava\AppData\Roaming\SoftGrid Client 2012-03-31 18:15 . 2012-04-05 08:06 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-03-31 18:14 . 2012-03-31 18:16 -------- d-----w- c:\users\Chava\AppData\Roaming\TP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 10:37 . 2011-10-30 03:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-13 08:46 . 2012-02-26 21:34 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-19 16:50 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-19 03:36 . 2012-02-19 03:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{952B9BB0-284B-473D-89C9-95083382F3BE}\gapaengine.dll 2012-02-17 06:38 . 2012-03-17 02:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-17 02:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-17 02:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-17 02:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:36 . 2012-03-17 02:46 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-17 02:46 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-07 00:39 . 2012-02-07 00:39 16808 ----a-w- c:\windows\system32\AcSignExtRes.dll 2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\styleman.cpl 2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\plotman.cpl 2012-02-07 00:38 . 2012-02-07 00:38 47016 ----a-w- c:\windows\system32\AcSignIcon.dll 2012-02-07 00:38 . 2012-02-07 00:38 435624 ----a-w- c:\windows\system32\AcSignOpt.exe 2012-02-07 00:38 . 2012-02-07 00:38 35240 ----a-w- c:\windows\system32\AcSignExt.dll 2012-02-03 04:34 . 2012-03-17 02:46 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 06:38 . 2012-03-17 02:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-17 02:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-17 02:45 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-04-18_21.06.58 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-04-17 17:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-21 20:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-04-17 17:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-21 20:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-17 17:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-21 20:52 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-04-21 21:01 48704 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-21 21:01 39560 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-02-18 02:16 . 2012-04-21 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-18 02:16 . 2012-04-18 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-04-18 17:39 . 2012-04-21 21:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-04-18 17:39 . 2012-04-18 20:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-21 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-04-18 20:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-04-19 04:26 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-02-18 12:01 . 2012-04-21 21:01 8160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158178755-1681758875-57547459-1000_UserData.bin + 2012-04-21 20:59 . 2012-04-21 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-18 21:06 . 2012-04-18 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-21 20:59 . 2012-04-21 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-18 21:06 . 2012-04-18 21:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-17 19:35 . 2012-04-19 20:10 266392 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-04-18 20:48 662862 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-21 21:04 662862 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-21 21:04 122400 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-04-18 20:48 122400 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-04-21 20:59 325360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-04-18 21:05 325360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-04-19 20:22 . 2012-04-19 20:22 326128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1003-8192.dat - 2012-03-16 21:09 . 2012-04-15 13:29 724324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-12288.dat + 2012-03-16 21:09 . 2012-04-19 04:28 724324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-12288.dat + 2012-02-18 12:19 . 2012-04-21 20:59 8245060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3158178755-1681758875-57547459-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chromium"="c:\users\Chava\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-15 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;????? Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-06 1432400] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-19 260424] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-09-01 2425960] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x] S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37] . 2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03] . 2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03] . 2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000Core.job - c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05] . 2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000UA.job - c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05] . 2012-04-16 c:\windows\Tasks\HPCeeScheduleForCHAVA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-04-15 c:\windows\Tasks\HPCeeScheduleForChava.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680] . ------- Supplementary Scan ------- . uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\Chava\AppData\Roaming\Mozilla\Firefox\Profiles\nm84bhij.default\ FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Diw&scc=1&ltmpl=default&ltmplcache=2&hl=iw FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B38705c44-a7ac-4676-8676-cbd4a014a6f5%7D&mid=624ae36fb0e647d0af9b359c7b1ecf2f-a94b1e5c4789be134b889793d9d57516021b6b17&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2012-04-05%2000%3A09%3A41&sap=ku&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-22 00:20:34 ComboFix-quarantined-files.txt 2012-04-21 21:20 ComboFix2.txt 2012-04-18 22:01 ComboFix3.txt 2012-04-18 21:11 . Pre-Run: 656,489,984,000 bytes free Post-Run: 657,551,736,832 bytes free . - - End Of File - - 236969868AF79849541D64BF1A098861

My daughter says she doesn't see it anymore (It's her computer).She doesn't use Internet Explorer. Yet I do. Could it be related to IE? It does seem to be popping up less though. Thanks! Avrohom

I just saw that pop up window again..... Perhaps we injured him... but still alive.... What should we do??? Avrohom

Maniac, it's been a long time since we saw the pop up... It could be we got him!!! I have made a small donation in appreciation of your devoted services! Here is the log: 2012-04-18 21:10:26 . 2012-04-18 21:10:26 3,874 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}.reg.dat 2012-04-18 21:10:26 . 2012-04-18 21:10:26 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat 2012-04-18 21:10:18 . 2012-04-18 21:10:18 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat 2012-04-18 21:10:18 . 2012-04-18 22:00:09 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}.reg.dat 2012-04-18 21:10:16 . 2012-04-18 21:10:16 229 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}.reg.dat 2012-04-18 21:02:46 . 2012-04-18 21:58:05 10,734 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-04-18 20:58:36 . 2012-04-18 21:54:59 102 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-04-18 17:38:49 . 2012-04-18 17:38:49 424,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Chava\AppData\Local\Temp\{AD0459FD-4F84-45E8-B530-940160A61381}\fpb.tmp.vir Thank you! Avrohom

I ran ComboFix again. Here is the log: ComboFix 12-04-18.02 - Chava 04/19/2012 0:55.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4535 [GMT 3:00] Running from: c:\users\Chava\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 ))))))))))))))))))))))))))))))) . . 2012-04-18 21:59 . 2012-04-18 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-18 21:38 . 2012-04-18 21:38 -------- d-----w- c:\users\Chava\AppData\Local\PackageAware 2012-04-18 21:26 . 2012-04-18 21:26 -------- d-----w- c:\users\Chava\AppData\Local\Wisdom-soft 2012-04-18 21:25 . 2012-04-18 21:26 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 6.0 Free 2012-04-18 17:34 . 2012-04-18 21:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCEFE834-D3D3-4777-A554-5C7F84E59149}\offreg.dll 2012-04-18 17:27 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCEFE834-D3D3-4777-A554-5C7F84E59149}\mpengine.dll 2012-04-17 17:28 . 2012-04-17 17:28 -------- d-----w- C:\_OTL 2012-04-17 17:21 . 2012-04-17 17:21 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-04-15 13:25 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-15 13:25 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-15 13:25 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-15 13:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-15 13:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-15 13:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-15 13:20 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-15 13:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-15 13:20 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-15 13:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-15 10:43 . 2012-04-15 10:43 -------- d-----w- c:\programdata\IObit 2012-04-15 10:43 . 2012-04-15 11:07 -------- d-----w- c:\users\Chava\AppData\Roaming\IObit 2012-04-15 10:42 . 2012-04-15 10:42 -------- d-----w- c:\program files (x86)\IObit 2012-04-15 10:03 . 2012-04-15 10:03 -------- d-----w- c:\program files\Google 2012-04-15 10:00 . 2012-04-15 10:03 -------- d-----w- c:\program files (x86)\Google 2012-04-06 09:15 . 2012-04-16 20:19 -------- d-----w- c:\users\Chava\AppData\Local\cache 2012-04-06 09:14 . 2012-04-06 09:14 -------- d-----w- c:\programdata\FLEXnet 2012-04-06 09:08 . 2012-04-06 09:08 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2012-04-06 09:07 . 2012-04-06 09:13 -------- d-----w- c:\users\Chava\AppData\Local\Autodesk 2012-04-06 09:04 . 2012-04-06 09:11 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2012-04-06 09:04 . 2012-04-06 09:10 -------- d-----w- c:\program files\Autodesk 2012-04-06 09:03 . 2012-04-06 09:03 -------- d-----w- c:\program files (x86)\Autodesk 2012-04-06 09:02 . 2012-04-06 09:11 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2012-04-06 08:54 . 2012-04-15 08:13 -------- d-----w- c:\users\Chava\AppData\Roaming\Autodesk 2012-04-06 08:54 . 2012-04-15 08:13 -------- d-----w- c:\programdata\Autodesk 2012-04-06 06:17 . 2012-04-06 06:17 -------- d-----w- C:\Autodesk 2012-04-06 06:12 . 2012-04-10 13:44 -------- d-----w- c:\programdata\VirtualizedApplications 2012-04-06 06:04 . 2012-04-15 10:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-05 05:41 . 2012-04-05 05:41 -------- d-----w- c:\users\Chava\AppData\Local\HP 2012-04-05 05:35 . 2012-04-05 05:35 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\users\Chava\AppData\Roaming\Malwarebytes 2012-04-05 05:20 . 2012-04-05 05:20 -------- d-----w- c:\programdata\Malwarebytes 2012-04-05 05:20 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-05 05:20 . 2012-04-15 10:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-05 05:11 . 2012-04-05 05:11 -------- d-----w- c:\users\Chava\AppData\Roaming\AVG2012 2012-04-05 05:09 . 2012-04-05 05:09 -------- d-----w- c:\programdata\AVG Secure Search 2012-04-05 05:09 . 2012-04-05 05:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-04-05 05:09 . 2012-04-05 05:09 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-04-05 05:09 . 2012-04-17 16:58 -------- d-----w- c:\windows\system32\drivers\AVG 2012-04-05 05:09 . 2012-04-05 05:22 -------- d-----w- c:\programdata\AVG2012 2012-04-05 05:09 . 2012-04-05 05:09 -------- d-----w- C:\$AVG 2012-04-05 05:08 . 2012-04-05 05:08 -------- d-----w- c:\program files (x86)\AVG 2012-04-05 05:00 . 2012-04-05 05:00 -------- d--h--w- c:\programdata\Common Files 2012-04-05 04:59 . 2012-04-18 17:21 -------- d-----w- c:\programdata\MFAData 2012-03-31 18:15 . 2012-03-31 18:15 -------- d-----w- c:\users\Chava\AppData\Local\SoftGrid Client 2012-03-31 18:15 . 2012-04-15 10:28 -------- d-----w- c:\users\Chava\AppData\Roaming\SoftGrid Client 2012-03-31 18:15 . 2012-04-05 08:06 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client 2012-03-31 18:14 . 2012-03-31 18:16 -------- d-----w- c:\users\Chava\AppData\Roaming\TP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 10:37 . 2011-10-30 03:21 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-14 03:27 . 2012-02-26 21:34 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-22 10:25 . 2012-02-22 10:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-02-19 16:50 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-19 03:36 . 2012-02-19 03:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{952B9BB0-284B-473D-89C9-95083382F3BE}\gapaengine.dll 2012-02-17 06:38 . 2012-03-17 02:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-17 02:44 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-17 02:44 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-17 02:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:36 . 2012-03-17 02:46 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-17 02:46 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-07 00:39 . 2012-02-07 00:39 16808 ----a-w- c:\windows\system32\AcSignExtRes.dll 2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\styleman.cpl 2012-02-07 00:39 . 2012-02-07 00:39 2312616 ----a-w- c:\windows\system32\plotman.cpl 2012-02-07 00:38 . 2012-02-07 00:38 47016 ----a-w- c:\windows\system32\AcSignIcon.dll 2012-02-07 00:38 . 2012-02-07 00:38 435624 ----a-w- c:\windows\system32\AcSignOpt.exe 2012-02-07 00:38 . 2012-02-07 00:38 35240 ----a-w- c:\windows\system32\AcSignExt.dll 2012-02-03 04:34 . 2012-03-17 02:46 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 06:38 . 2012-03-17 02:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-17 02:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-17 02:45 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-04-18_21.06.58 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-04-17 17:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-18 21:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-04-17 17:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-04-18 21:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-17 17:29 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-18 21:09 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-04-18 21:08 39480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-02-18 12:01 . 2012-04-18 21:08 7642 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158178755-1681758875-57547459-1000_UserData.bin - 2009-07-14 02:36 . 2012-04-18 20:48 662862 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-04-18 21:11 662862 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-04-18 20:48 122400 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-04-18 21:11 122400 c:\windows\system32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-04-17 17:21 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-17 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chromium"="c:\users\Chava\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-12 1224176] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-15 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-17 982880] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;????? Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-06 1432400] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 136176] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-19 260424] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-09-01 2425960] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-04-05 918880] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x] S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37] . 2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03] . 2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-15 10:03] . 2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000Core.job - c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05] . 2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000UA.job - c:\users\Chava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 03:05] . 2012-04-16 c:\windows\Tasks\HPCeeScheduleForCHAVA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-04-15 c:\windows\Tasks\HPCeeScheduleForChava.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-26 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-26 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-26 416024] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680] . ------- Supplementary Scan ------- . uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Chava\AppData\Roaming\Mozilla\Firefox\Profiles\nm84bhij.default\ FF - prefs.js: browser.startup.homepage - hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Diw&scc=1&ltmpl=default&ltmplcache=2&hl=iw FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B38705c44-a7ac-4676-8676-cbd4a014a6f5%7D&mid=624ae36fb0e647d0af9b359c7b1ecf2f-a94b1e5c4789be134b889793d9d57516021b6b17&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2012-04-05%2000%3A09%3A41&sap=ku&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-19 01:01:01 ComboFix-quarantined-files.txt 2012-04-18 22:01 ComboFix2.txt 2012-04-18 21:11 . Pre-Run: 655,588,929,536 bytes free Post-Run: 655,559,143,424 bytes free . - - End Of File - - 399EB39702765FBFD551E4C7B66F39D1

Perhaps the log is not automatically saved? I tried opening a browser -- and I recieved some error message about registry keys were about to be deleted. I was getting concerned. Then the computer got stuck in a loop. So I 'logged off'. That stopped the freeze -- but now I had lost my log (which I neglected to save). Please advise...

Actually I spoke (wrote) too soon. It still is poping up.... After my message, I saw your message about ComboFix. I have now run that. I have misplaced my ComboFix log. Do you know where I can find it? What title should it have?

The truth is, I only saw the pop up window once more -- and I haven't seen it since. So the problem may be fixed. Let's hope.... Avrohom

I ran the program. Here is the log: All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_USERS\S-1-5-21-3158178755-1681758875-57547459-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Chava ->Temp folder emptied: 186479739 bytes ->Temporary Internet Files folder emptied: 167274271 bytes ->FireFox cache emptied: 124890502 bytes ->Google Chrome cache emptied: 40930875 bytes ->Flash cache emptied: 3898 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 175404736 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 663.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.39.2 log created on 04182012_123013 Files\Folders moved on Reboot... C:\Users\Chava\AppData\Local\Temp\Low\~DF6FAC97721B3B7CAF.TMP moved successfully. C:\Users\Chava\AppData\Local\Temp\Low\~DFF017FEC7EE69CF67.TMP moved successfully. C:\Users\Chava\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NIYUMXTL\0[1].htm moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FB5C006F\fastbutton[2].htm moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ECNTY2HP\0[2].htm moved successfully. File\Folder C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABASS757\bind[1].htm not found! C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABASS757\bind[3].htm moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ABASS757\default[1].css moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AY86CXQ\index[3].htm moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J4V12XE\AuthenticationService[1].js moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J4V12XE\command[1].htm moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J4V12XE\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J4V12XE\IE[2].css moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J4V12XE\openhand[1].cur moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3J4V12XE\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Chava\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. File\Folder C:\Windows\temp\TMP0000ED62E8156B743B1ABDB4 not found! File\Folder C:\Windows\temp\TMP0000ED78C16920FE5BA2F115 not found! File\Folder C:\Windows\temp\TMP0000ED81F6CA23C705C12B38 not found! File\Folder C:\Windows\temp\TMP0000EDA04B92526D9298FD11 not found! File\Folder C:\Windows\temp\TMP0000EDA10E6933DD8E0B345D not found! File\Folder C:\Windows\temp\TMP0000EDA23AE50A3C7E846FC0 not found! File\Folder C:\Windows\temp\TMP0000EDA30B1606366194A32F not found! File\Folder C:\Windows\temp\TMP0000EDA424887AF0B5044CFE not found! File\Folder C:\Windows\temp\TMP0000EDAC46E7C8A9D70F137A not found! Registry entries deleted on Reboot... BTW, I still see the popup window. Avrohom

Thank you Maniac. I removed AVG and Norton. Here is the log: All processes killed Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFIE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDFO4 - HKLM..\Run: [] File not found:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.39.2 log created on 04172012_122808 Files\Folders moved on Reboot... Registry entries deleted on Reboot... BTW, the pop up box still persits. Avrohom

And here is the second file: OTL logfile created on: 16/04/2012 12:26:24 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Chava\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy 5.95 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 51.41% Memory free 11.90 Gb Paging File | 7.73 Gb Available in Paging File | 64.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 674.42 Gb Total Space | 609.44 Gb Free Space | 90.37% Space Free | Partition Type: NTFS Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.11% Space Free | Partition Type: FAT32 Drive G: | 3.74 Gb Total Space | 2.16 Gb Free Space | 57.77% Space Free | Partition Type: FAT32 Computer Name: CHAVA-HP | User Name: Chava | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/16 12:25:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Chava\Downloads\OTL.exe PRC - [2012/04/15 05:37:55 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe PRC - [2012/04/05 00:09:40 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012/04/05 00:09:39 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012/02/06 19:39:04 | 000,132,520 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\AutoCAD 2013\AdExchange\AcBrowserHost.exe PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe PRC - [2011/10/07 21:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/28 17:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/09/20 13:53:26 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe PRC - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/09/12 19:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/08/19 16:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/08/19 07:44:30 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/08/19 07:44:12 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/08/19 07:43:46 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/07/20 13:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== MOD - [2012/04/15 05:41:51 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012/04/11 08:54:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012/04/11 08:53:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/04/11 08:53:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2012/04/09 15:28:48 | 000,444,400 | ---- | M] () -- C:\Users\Chava\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppgooglenaclpluginchrome.dll MOD - [2012/04/09 15:28:46 | 003,915,248 | ---- | M] () -- C:\Users\Chava\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll MOD - [2012/04/09 15:27:21 | 000,122,880 | ---- | M] () -- C:\Users\Chava\AppData\Local\Google\Chrome\Application\18.0.1025.152\avutil-51.dll MOD - [2012/04/09 15:27:20 | 000,220,672 | ---- | M] () -- C:\Users\Chava\AppData\Local\Google\Chrome\Application\18.0.1025.152\avformat-53.dll MOD - [2012/04/09 15:27:19 | 001,747,456 | ---- | M] () -- C:\Users\Chava\AppData\Local\Google\Chrome\Application\18.0.1025.152\avcodec-53.dll MOD - [2012/04/05 00:09:39 | 001,869,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll MOD - [2012/04/05 00:09:39 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/04/06 04:08:25 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011/09/20 13:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2011/09/08 08:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/04/15 05:37:56 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/05 00:09:40 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2012/01/17 00:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS) SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/13 16:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011/09/12 19:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/09/09 19:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/09/01 00:11:00 | 002,425,960 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/08/19 07:44:30 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/08/01 16:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/07/20 13:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/06/06 14:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel® SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/05 00:32:24 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012/01/17 17:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS) DRV:64bit: - [2012/01/17 17:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/01/17 17:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/01/17 17:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/01/17 17:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidseha.sys -- (AVGIDSEH) DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011/11/29 17:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011/10/30 03:33:15 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011/10/29 22:04:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/10/29 22:04:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/09/20 20:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2011/09/20 20:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2011/09/20 20:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN) DRV:64bit: - [2011/09/20 20:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011/09/20 20:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011/09/20 20:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011/09/20 20:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011/09/08 08:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/09/02 14:46:00 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/08/26 14:54:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2011/08/26 14:53:52 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys -- (SymDS) DRV:64bit: - [2011/06/09 21:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011/08/19 03:00:00 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys -- (BHDrvx64) DRV - [2011/08/09 20:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15) DRV - [2011/08/09 20:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG) DRV - [2011/07/20 12:43:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E62346F5-2F13-4F25-870F-176549A78F01}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{E62346F5-2F13-4F25-870F-176549A78F01}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2 IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_enIL479 IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8E0ECA5A-A4BA-44CD-B5FC-63555B2E8118}&mid=624ae36fb0e647d0af9b359c7b1ecf2f-a94b1e5c4789be134b889793d9d57516021b6b17〈=en&ds=AVG&pr=fr&d=2012-04-05 00:09:41&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\SearchScopes\{E62346F5-2F13-4F25-870F-176549A78F01}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?hl%3Diw&scc=1&ltmpl=default&ltmplcache=2&hl=iw" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B38705c44-a7ac-4676-8676-cbd4a014a6f5%7D&mid=624ae36fb0e647d0af9b359c7b1ecf2f-a94b1e5c4789be134b889793d9d57516021b6b17&ds=AVG&v=10.2.0.3〈=en&pr=fr&d=2012-04-05%2000%3A09%3A41&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chava\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chava\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/17 14:18:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/04/15 10:06:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/10 09:10:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/04/05 00:09:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/05 00:09:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/09 22:48:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/09 22:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chava\AppData\Roaming\Mozilla\Extensions [2012/03/11 13:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/11 13:01:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/03/11 12:44:31 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2012/04/05 00:09:15 | 000,000,000 | ---D | M] (AVG Do-Not-Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012/04/10 09:10:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4 [2012/04/05 00:09:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3 [2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/05 00:09:38 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Chava\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chava\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chava\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc\1.0_0\npwebsitelogon.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Chava\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Website Logon = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc\1.0_0\ CHR - Extension: YouTube = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: Skype Click to Call = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Norton Identity Protection = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\ CHR - Extension: Gmail = C:\Users\Chava\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3:64bit: - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3158178755-1681758875-57547459-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w O7 - HKU\S-1-5-21-3158178755-1681758875-57547459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33A5B06A-72EB-4C50-91E3-330AC972EDE9}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A279D8C1-9BFD-4BC9-960A-0F5A1D01C78D}: DhcpNameServer = 40.20.1.201 40.20.1.202 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/04/06 01:17:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/15 05:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012/04/15 05:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5 [2012/04/15 05:43:04 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\IObit [2012/04/15 05:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2012/04/15 05:03:59 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\Google [2012/04/15 05:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/04/15 05:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012/04/15 05:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8 [2012/04/15 05:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/04/06 04:15:33 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Local\cache [2012/04/06 04:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012/04/06 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chava\Documents\Inventor Server SDK ACAD 2013 [2012/04/06 04:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012/04/06 04:07:47 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Local\Autodesk [2012/04/06 04:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012/04/06 04:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012/04/06 04:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2012/04/06 04:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2012/04/06 04:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012/04/06 03:54:39 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\Autodesk [2012/04/06 03:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012/04/06 01:17:07 | 000,000,000 | ---D | C] -- C:\Autodesk [2012/04/06 01:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012/04/05 00:41:58 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Local\HP [2012/04/05 00:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/04/05 00:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/04/05 00:20:18 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\Malwarebytes [2012/04/05 00:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/05 00:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/05 00:20:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/04/05 00:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/04/05 00:11:32 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\AVG2012 [2012/04/05 00:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/04/05 00:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/04/05 00:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/04/05 00:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/04/05 00:09:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/04/05 00:09:03 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/04/05 00:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/04/05 00:09:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/04/05 00:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/04/05 00:00:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/04/04 23:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/03/31 13:38:56 | 000,000,000 | ---D | C] -- C:\Users\Chava\Documents\Avatar [2012/03/31 13:15:56 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Local\SoftGrid Client [2012/03/31 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\SoftGrid Client [2012/03/31 13:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) [2012/03/31 13:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/03/31 13:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2012/03/31 13:14:52 | 000,000,000 | ---D | C] -- C:\Users\Chava\AppData\Roaming\TP ========== Files - Modified Within 30 Days ========== [2012/04/16 12:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/16 11:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000UA.job [2012/04/16 11:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/16 11:18:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCHAVA-HP$.job [2012/04/16 10:22:24 | 000,783,072 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/16 10:22:24 | 000,662,862 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/16 10:22:24 | 000,122,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/16 10:17:30 | 095,190,522 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/04/16 10:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/16 08:24:57 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3158178755-1681758875-57547459-1000Core.job [2012/04/16 08:22:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/16 08:12:03 | 000,002,397 | ---- | M] () -- C:\Users\Chava\Desktop\Google Chrome.lnk [2012/04/15 13:42:46 | 000,607,260 | ---- | M] () -- C:\Users\Chava\Desktop\dds.scr [2012/04/15 13:15:50 | 000,000,702 | ---- | M] () -- C:\Users\Chava\Desktop\Avg scan.csv [2012/04/15 10:11:55 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/15 10:11:55 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/15 10:04:08 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChava.job [2012/04/15 10:03:46 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2012/04/15 08:25:48 | 001,618,068 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB [2012/04/15 05:43:12 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk [2012/04/15 05:43:09 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012/04/15 05:00:41 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012/04/10 09:10:58 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/04/10 08:05:35 | 000,777,288 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/04/10 07:43:51 | 000,380,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/04/09 11:18:52 | 000,015,518 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/04/06 04:12:08 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk [2012/04/06 04:09:41 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk [2012/04/06 04:08:39 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/04/06 01:15:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/04/05 00:32:24 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/04/05 00:32:24 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/04/05 00:32:24 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/04/05 00:20:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/05 00:09:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/04/05 00:09:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini ========== Files Created - No Company Name ========== [2012/04/16 10:17:30 | 095,190,522 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/04/15 13:42:46 | 000,607,260 | ---- | C] () -- C:\Users\Chava\Desktop\dds.scr [2012/04/15 13:15:50 | 000,000,702 | ---- | C] () -- C:\Users\Chava\Desktop\Avg scan.csv [2012/04/15 05:43:12 | 000,001,272 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk [2012/04/15 05:43:09 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk [2012/04/15 05:03:08 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/15 05:03:08 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/15 05:00:41 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk [2012/04/09 11:18:52 | 000,015,518 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/04/09 11:17:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForCHAVA-HP$.job [2012/04/06 04:12:08 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk [2012/04/06 04:08:39 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012/04/06 04:07:49 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk [2012/04/06 01:15:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012/04/06 01:04:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/05 00:20:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/05 00:09:49 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/04/05 00:09:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/04/05 00:09:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/02/18 22:32:37 | 000,777,288 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/06 14:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/08/26 14:54:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/08/26 14:53:54 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/08/26 14:53:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011/08/26 14:53:48 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/08/26 14:53:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/06/09 21:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== LOP Check ========== [2012/04/15 03:13:39 | 000,000,000 | ---D | M] -- C:\Users\Chava\AppData\Roaming\Autodesk [2012/04/05 00:11:32 | 000,000,000 | ---D | M] -- C:\Users\Chava\AppData\Roaming\AVG2012 [2012/04/15 06:07:04 | 000,000,000 | ---D | M] -- C:\Users\Chava\AppData\Roaming\IObit [2012/04/15 05:28:31 | 000,000,000 | ---D | M] -- C:\Users\Chava\AppData\Roaming\SoftGrid Client [2012/02/17 14:23:03 | 000,000,000 | ---D | M] -- C:\Users\Chava\AppData\Roaming\Synaptics [2012/03/31 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Chava\AppData\Roaming\TP [2009/07/14 00:08:49 | 000,011,146 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Is this what I am supposed to do? Avrohom

Here is the first one: OTL Extras logfile created on: 16/04/2012 12:26:24 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Chava\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy 5.95 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 51.41% Memory free 11.90 Gb Paging File | 7.73 Gb Available in Paging File | 64.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 674.42 Gb Total Space | 609.44 Gb Free Space | 90.37% Space Free | Partition Type: NTFS Drive D: | 20.06 Gb Total Space | 2.17 Gb Free Space | 10.82% Space Free | Partition Type: NTFS Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.11% Space Free | Partition Type: FAT32 Drive G: | 3.74 Gb Total Space | 2.16 Gb Free Space | 57.77% Space Free | Partition Type: FAT32 Computer Name: CHAVA-HP | User Name: Chava | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant "{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English "{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English "{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software "{7D451293-B3FC-4664-B1B4-552B28736D05}" = AVG 2012 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9666782C-CEBB-4D2A-8651-5A02AECA8034}" = AVG 2012 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012 "{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 "{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "AutoCAD 2013 - English" = AutoCAD 2013 - English "Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013 "Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013 "AVG" = AVG 2012 "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics TouchPad Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass PE 2011 "{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service "{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}" = HP Software Framework "{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb "{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0 "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1 "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced SystemCare 5_is1" = Advanced SystemCare 5 "Autodesk Content Service" = Autodesk Content Service "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "VIP Access SDK" = VIP Access SDK (1.0.1.2) "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WTA-0fb78b17-33dd-4f01-921f-e7b582e57496" = Bejeweled 3 "WTA-1294232e-5d53-4dda-9c85-dc96e30f5f0b" = Chuzzle Deluxe "WTA-23929246-54a7-4aa2-8d95-c5e1943f4097" = Farmscapes "WTA-2deee181-8954-4c86-ba12-318ead1cc2e7" = Zuma's Revenge "WTA-37dd1031-c97c-4c44-856e-2007cf8cdb53" = Torchlight "WTA-3906e7a5-9705-49d0-a1dd-5addf4915de2" = Hoyle Card Games "WTA-40d4eb6c-a47e-4faf-b345-decff69d0baa" = Mah Jong Medley "WTA-43922a3d-4fc6-4b7e-bcb4-c0e91794aa2e" = Farm Frenzy "WTA-48ca0b6a-88e4-4a82-bff9-1bbb4434ddda" = John Deere Drive Green "WTA-70bdb47a-bfb3-4f7a-a7ad-3f2da8f52362" = RollerCoaster Tycoon 3: Platinum "WTA-7f1420b0-c542-4fe2-91d9-2fecad0e1e93" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition "WTA-86414a45-e649-4e73-9b6c-1f7708f270e7" = The Treasures of Mystery Island: The Ghost Ship "WTA-91a83c29-1945-4e45-bb19-020d73d2cc53" = Virtual Villagers 4 - The Tree of Life "WTA-94ab8d8a-33b3-4f5c-9948-3dbda2b40fd0" = Dora's World Adventure "WTA-96556fdd-b466-4caa-8054-981f9047f2c9" = Polar Bowler "WTA-a17f5b3e-82a4-42c2-8972-46ba7d3d019a" = Plants vs. Zombies - Game of the Year "WTA-aef240cc-6248-4a38-b6c2-24e6297240ba" = Final Drive Fury "WTA-af026e11-5bad-45a9-a519-774518dcc195" = Letters from Nowhere 2 "WTA-b0e5cd09-8b67-4262-b34d-6b2af29328d2" = Poker Superstars III "WTA-bd059a34-8d14-4e7e-9d83-4f278e077763" = Luxor HD "WTA-cf50aa26-b1f0-42c0-9195-f024a7e11b29" = Cradle of Rome 2 "WTA-de03069c-7636-4b58-acb6-a993eaaf1f81" = Blackhawk Striker 2 "WTA-e707aeec-d578-4e4a-82bd-49a73f2e6c3f" = FATE "WTA-f0c6e8f5-dba3-445d-9d69-675a85b0c58e" = Polar Golfer "WTA-f55141d6-84e4-4f71-8f8e-a1d36c425ff2" = Penguins! "WTA-ff971db7-0a8b-449f-86b5-075eb5288d97" = Jewel Match 3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3158178755-1681758875-57547459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02/04/2012 09:32:23 | Computer Name = Chava-HP | Source = WinMgmt | ID = 10 Description = Error - 02/04/2012 09:34:44 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:54:59 | Computer Name = Chava-HP | Source = WinMgmt | ID = 10 Description = Error - 05/04/2012 00:57:00 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:57:06 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:57:15 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:57:16 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:57:20 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:57:33 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . Error - 05/04/2012 00:57:38 | Computer Name = Chava-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid. . [ Hewlett-Packard Events ] Error - 11/03/2012 14:00:07 | Computer Name = Chava-HP | Source = HPSF.exe | ID = 4000 Description = Error - 16/03/2012 22:12:26 | Computer Name = Chava-HP | Source = HPSF.exe | ID = 4000 Description = Error - 09/04/2012 12:25:01 | Computer Name = Chava-HP | Source = HPSF.exe | ID = 4000 Description = Error - 09/04/2012 12:29:23 | Computer Name = Chava-HP | Source = HPSF.exe | ID = 4000 Description = Error - 09/04/2012 12:35:24 | Computer Name = Chava-HP | Source = HPSF.exe | ID = 4000 Description = [ HP Connection Manager Events ] Error - 15/04/2012 09:27:23 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:27:23.272|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:27:33 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:27:33.085|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:27:33 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:27:33.303|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:27:43 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:27:43.272|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:28:03 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:28:03.271|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:28:33 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:28:33.083|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:29:23 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:29:23.268|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:29:33 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:29:33.080|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:29:33 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:29:33.299|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 15/04/2012 09:29:43 | Computer Name = Chava-HP | Source = hpCMSrv | ID = 5 Description = 2012/04/15 08:29:43.283|0000195C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ HP Software Framework Events ] Error - 10/04/2012 08:47:22 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/10 07:47:22.939|00001540|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/04/2012 09:36:14 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/10 08:36:14.793|00000DEC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 10/04/2012 11:24:14 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/10 10:24:14.965|00001F78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 11/04/2012 09:39:01 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/11 08:39:01.051|00000AC4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 12/04/2012 09:41:35 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/12 08:41:35.811|00000A60|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 12/04/2012 10:57:58 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/12 09:57:58.593|00000814|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/04/2012 04:09:07 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/15 03:09:07.030|00001534|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/04/2012 06:35:07 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/15 05:35:07.962|000015AC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/04/2012 06:42:09 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/15 05:42:09.919|00001D44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state Error - 15/04/2012 11:09:42 | Computer Name = Chava-HP | Source = CaslWmi | ID = 5 Description = 2012/04/15 10:09:42.254|000016D8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state [ System Events ] Error - 02/04/2012 09:42:27 | Computer Name = Chava-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1686.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.8101.0&avdelta=1.121.1686.0&asdelta=1.121.1686.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 02/04/2012 09:42:27 | Computer Name = Chava-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1686.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 02/04/2012 09:42:27 | Computer Name = Chava-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1686.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 02/04/2012 09:42:27 | Computer Name = Chava-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1686.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 02/04/2012 09:42:27 | Computer Name = Chava-HP | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1686.0 Update Source: %%851 Update Stage: %%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=2.0.8001.0&sig=11.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Error - 05/04/2012 00:54:36 | Computer Name = Chava-HP | Source = EventLog | ID = 6008 Description = The previous system shutdown at 8:55:23 AM on ?4/?2/?2012 was unexpected. Error - 05/04/2012 00:55:07 | Computer Name = Chava-HP | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 09/04/2012 12:14:53 | Computer Name = Chava-HP | Source = DCOM | ID = 10010 Description = Error - 09/04/2012 12:35:05 | Computer Name = Chava-HP | Source = Service Control Manager | ID = 7030 Description = The HPWMISVC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 09/04/2012 13:40:15 | Computer Name = Chava-HP | Source = DCOM | ID = 10010 Description = < End of report >

Hello Maniac! Thank you for addressing my problem. Attached are the files that were produced. May we have success... Avrohom Extras.Txt OTL.Txt

Hello Maniac! Thank you for replying to my problem. I have done as you said. Attached are the files that came out from the scan. May we have success... Avrohom

Hello! I keep getting this xmarks Pop up window requesting authentication. I don't find a program to uninstall. Nor do I see any startup program to disable. I have run a full scan of malwarebytes and of AVG. But still no help. I am attaching a dds file for your inspection. I would be very appreciative if you could help! Avrohom http://choveveitzion.net/ DDS - 2.txt

We have a new Windows 7 computer. We keep getting this nagging popup: Xmarks Authentication login window. I have tried the normal chanels to get rid of it -- to no avail. I don't find this listed in add/remove programs. I don't find it in list of startup programs. I tried a fast scan of Malwarebytes. It didn't get rid of it. Any suggestions?