Reply to thread

Message

<blockquote data-quote="Gbaby614" data-source="post: 100944" data-attributes="member: 5255">I think you only requested the last 2 logs but I am posting them all in case of any errors.. I didnt realize I still had an iTunes window open until after I clicked the Combo-fix.. I don&#039;t think it harmed anything but here are the logs, also there was 2 Combofix logs but I only see 1, maybe it was supposed to delete the other? or maybe they are both in the one file.. not sure but I&#039;m sure you know why, lol...Combofix:ComboFix 13-01-29.01 - Michelle 01/29/2013&nbsp; 10:18:26.2.2 - x64Microsoft® Windows Vista™ Home Premium&nbsp;&nbsp; 6.0.6002.2.1252.1.1033.18.3998.1648 [GMT -5:00]Running from: c:\users\Michelle\Desktop\Combo-fix.exeCommand switches used :: c:\users\Michelle\Desktop\CFscript.txtAV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::&quot;c:\users\Michelle\AppData\Local\Temp\DNS.exe&quot;&quot;c:\users\Michelle\AppData\Local\Temp\Runner.exe&quot;..(((((((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Other Deletions&nbsp;&nbsp; )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Michelle\AppData\Local\visi_couponc:\users\Michelle\AppData\Local\visi_coupon\merchants.dat2..(((((((((((((((((((((((((&nbsp;&nbsp; Files Created from 2012-12-28 to 2013-01-29&nbsp; )))))))))))))))))))))))))))))))..2013-01-29 15:48 . 2013-01-29 15:48&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\windows\system32\config\systemprofile\AppData\Local\temp2013-01-29 15:48 . 2013-01-29 15:48&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Default\AppData\Local\temp2013-01-29 07:08 . 2013-01-29 07:08&nbsp; &nbsp; 76232&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D4AC6A-B684-481F-8D1C-0F2E5881F17A}\offreg.dll2013-01-29 06:46 . 2013-01-08 05:32&nbsp; &nbsp; 9161176&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D4AC6A-B684-481F-8D1C-0F2E5881F17A}\mpengine.dll2013-01-28 22:02 . 2013-01-28 22:02&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Michelle\AppData\Roaming\CyberLink2013-01-28 22:02 . 2013-01-28 22:02&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Public\CyberLink2013-01-28 19:17 . 2013-01-28 19:17&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; C:\FRST2013-01-27 02:51 . 2013-01-27 02:51&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Michelle\AppData\Roaming\Malwarebytes2013-01-27 02:51 . 2013-01-27 02:51&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\programdata\Malwarebytes2013-01-27 02:51 . 2013-01-27 02:51&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files (x86)\Malwarebytes&#039; Anti-Malware2013-01-27 02:51 . 2012-12-14 21:49&nbsp; &nbsp; 24176&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\mbam.sys2013-01-27 00:29 . 2013-01-27 23:10&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Michelle\AppData\Roaming\QuickScan2013-01-25 18:30 . 2013-01-25 18:30&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Michelle\AppData\Roaming\SUPERAntiSpyware.com2013-01-25 18:28 . 2013-01-25 18:30&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\program files\SUPERAntiSpyware2013-01-25 18:28 . 2013-01-25 18:28&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\programdata\SUPERAntiSpyware.com2013-01-25 04:29 . 2013-01-25 04:28&nbsp; &nbsp; 859552&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\npDeployJava1.dll2013-01-25 04:29 . 2013-01-25 04:28&nbsp; &nbsp; 95648&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-01-09 14:05 . 2012-11-20 04:21&nbsp; &nbsp; 253952&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ncrypt.dll2013-01-09 14:05 . 2012-11-20 04:22&nbsp; &nbsp; 204288&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\ncrypt.dll2013-01-09 14:04 . 2012-11-23 01:54&nbsp; &nbsp; 2770432&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\win32k.sys2013-01-09 14:04 . 2012-11-02 10:47&nbsp; &nbsp; 1869824&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msxml3.dll2013-01-09 14:04 . 2012-11-02 10:47&nbsp; &nbsp; 1794560&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msxml6.dll2013-01-09 14:04 . 2012-11-02 10:19&nbsp; &nbsp; 1400832&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\msxml6.dll2013-01-09 14:04 . 2012-11-02 10:19&nbsp; &nbsp; 1248768&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\msxml3.dll2013-01-09 14:02 . 2012-11-22 04:22&nbsp; &nbsp; 456192&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\shlwapi.dll2013-01-03 01:37 . 2013-01-03 01:37&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; c:\users\Michelle\AppData\Local\IsolatedStorage2012-12-30 21:54 . 2012-11-14 05:52&nbsp; &nbsp; 2382848&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\mshtml.tlb2012-12-30 21:41 . 2012-12-16 13:31&nbsp; &nbsp; 48128&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\atmlib.dll2012-12-30 21:41 . 2012-12-16 13:12&nbsp; &nbsp; 34304&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\atmlib.dll2012-12-30 21:41 . 2012-12-16 11:08&nbsp; &nbsp; 368128&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\atmfd.dll2012-12-30 21:41 . 2012-12-16 10:50&nbsp; &nbsp; 293376&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\atmfd.dll2012-12-30 21:04 . 2012-12-30 21:04&nbsp; &nbsp; 49872&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\bmepmwfm.sys2012-12-30 16:32 . 2012-12-30 16:46&nbsp; &nbsp; --------&nbsp; &nbsp; d-----w-&nbsp; &nbsp; C:\Temp...((((((((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Find3M Report&nbsp;&nbsp; )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-01-25 04:28 . 2011-07-09 15:02&nbsp; &nbsp; 780192&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\deployJava1.dll2013-01-25 04:12 . 2012-06-21 18:20&nbsp; &nbsp; 697864&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\FlashPlayerApp.exe2013-01-25 04:12 . 2011-05-19 13:57&nbsp; &nbsp; 74248&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-24 03:16 . 2006-11-02 12:35&nbsp; &nbsp; 67599240&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\mrt.exe2012-12-19 23:59 . 2012-04-03 21:22&nbsp; &nbsp; 151880&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\WRusr.dll2012-12-19 23:59 . 2012-04-03 21:22&nbsp; &nbsp; 111776&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\drivers\WRkrn.sys2012-12-19 23:59 . 2012-04-03 21:22&nbsp; &nbsp; 105024&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\WRusr.dll2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 161792&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\msls31.dll2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 86528&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\iesysprep.dll2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 76800&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\SetIEInstalledDate.exe2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 74752&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\RegisterIEPKEYs.exe2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 48640&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\mshtmler.dll2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 63488&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\tdc.ocx2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 367104&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\html.iec2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 74752&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\iesetup.dll2012-11-14 18:43 . 2012-11-14 18:43&nbsp; &nbsp; 23552&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\licmgr10.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 152064&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\wextract.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 150528&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\iexpress.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 35840&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\imgutil.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 11776&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\mshta.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 110592&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\IEAdvpack.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 101888&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\admparse.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 222208&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msls31.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 89088&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\RegisterIEPKEYs.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 267776&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ieaksie.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 197120&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msrating.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 163840&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ieakui.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 12288&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\mshta.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 114176&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\admparse.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 91648&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\SetIEInstalledDate.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 76800&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\tdc.ocx2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 55296&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msfeedsbs.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 49664&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\imgutil.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 48640&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\mshtmler.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 452608&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\dxtmsft.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 448512&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\html.iec2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 282112&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\dxtrans.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 160256&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ieakeng.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 145920&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\iepeers.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 136192&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\advpack.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 135168&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\IEAdvpack.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 111616&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\iesysprep.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 10752&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\msfeedssync.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 89088&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ie4uinit.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 85504&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\iesetup.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 82432&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\icardie.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 534528&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ieapfltr.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 403248&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\iedkcs32.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 39936&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\iernonce.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 3695416&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\ieapfltr.dat2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 30720&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\licmgr10.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 249344&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\webcheck.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 165888&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\iexpress.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 160256&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\wextract.exe2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 103936&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\inseng.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 65024&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\pngfilt.dll2012-11-14 18:42 . 2012-11-14 18:42&nbsp; &nbsp; 149504&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\occache.dll2012-11-13 01:45 . 2012-12-12 09:07&nbsp; &nbsp; 2048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\tzres.dll2012-11-13 01:29 . 2012-12-12 09:07&nbsp; &nbsp; 2048&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\tzres.dll2012-11-02 10:45 . 2012-12-13 06:59&nbsp; &nbsp; 477696&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\dpnet.dll2012-11-02 10:45 . 2012-12-13 06:59&nbsp; &nbsp; 68096&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\dpnathlp.dll2012-11-02 10:18 . 2012-12-13 06:59&nbsp; &nbsp; 376320&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\dpnet.dll2012-11-02 08:59 . 2012-12-13 06:59&nbsp; &nbsp; 26112&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\system32\dpnsvr.exe2012-11-02 08:26 . 2012-12-13 06:59&nbsp; &nbsp; 23040&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\windows\SysWow64\dpnsvr.exe..(((((((((((((((((((((((((((((((((((((&nbsp;&nbsp; Reg Loading Points&nbsp;&nbsp; ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries &amp; legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]&quot;{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}&quot;= &quot;c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll&quot; [2012-11-26 1525088].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]&quot;LightScribe Control Panel&quot;=&quot;c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe&quot; [2008-06-09 2363392]&quot;HPAdvisor&quot;=&quot;c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe&quot; [2008-09-30 972080]&quot;Facebook Update&quot;=&quot;c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe&quot; [2012-07-11 138096]&quot;SUPERAntiSpyware&quot;=&quot;c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe&quot; [2012-11-01 5629312].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]&quot;DVDAgent&quot;=&quot;c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe&quot; [2008-09-26 1148200]&quot;TSMAgent&quot;=&quot;c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe&quot; [2008-09-26 1152296]&quot;CLMLServer for HP TouchSmart&quot;=&quot;c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe&quot; [2008-09-26 189736]&quot;QlbCtrl.exe&quot;=&quot;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe&quot; [2008-08-01 202032]&quot;HP Health Check Scheduler&quot;=&quot;c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe&quot; [2008-06-16 75008]&quot;HP Software Update&quot;=&quot;c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe&quot; [2007-05-08 54840]&quot;hpWirelessAssistant&quot;=&quot;c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe&quot; [2008-04-15 488752]&quot;Adobe ARM&quot;=&quot;c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe&quot; [2012-12-03 946352]&quot;ApnUpdater&quot;=&quot;c:\program files (x86)\Ask.com\Updater\Updater.exe&quot; [2011-08-24 887976]&quot;WRSVC&quot;=&quot;c:\program files (x86)\Webroot\WRSA.exe&quot; [2012-12-19 733808]&quot;APSDaemon&quot;=&quot;c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe&quot; [2012-05-31 59280]&quot;iTunesHelper&quot;=&quot;c:\program files (x86)\iTunes\iTunesHelper.exe&quot; [2012-06-07 421776]&quot;SunJavaUpdateSched&quot;=&quot;c:\program files (x86)\Common Files\Java\Java Update\jusched.exe&quot; [2012-07-03 252848].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]&quot;EnableUIADesktopToggle&quot;= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]&quot;NoDevMgrUpdate&quot;= 0 (0x0)&quot;NoDFSTab&quot;= 0 (0x0)&quot;NoEncryptOnMove&quot;= 0 (0x0)&quot;NoResolveTrack&quot;= 0 (0x0)&quot;NoStartMenuSubFolders&quot;= 0 (0x0).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]&quot;NoDevMgrUpdate&quot;= 0 (0x0)&quot;NoDFSTab&quot;= 0 (0x0)&quot;NoEncryptOnMove&quot;= 0 (0x0)&quot;NoResolveTrack&quot;= 0 (0x0)&quot;NoStartMenuSubFolders&quot;= 0 (0x0).[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]&quot;DisableLocalMachineRun&quot;= 0 (0x0)&quot;DisableLocalMachineRunOnce&quot;= 0 (0x0)&quot;DisableCurrentUserRun&quot;= 0 (0x0)&quot;DisableCurrentUserRunOnce&quot;= 0 (0x0)&quot;NoFile&quot;= 0 (0x0)&quot;HideClock&quot;= 0 (0x0)&quot;NoDevMgrUpdate&quot;= 0 (0x0)&quot;NoDFSTab&quot;= 0 (0x0)&quot;NoEncryptOnMove&quot;= 0 (0x0)&quot;NoResolveTrack&quot;= 0 (0x0)&quot;NoStartMenuSubFolders&quot;= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@=&quot;&quot;.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@=&quot;Driver&quot;.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@=&quot;Service&quot;.S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2008-06-27 89088]..HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost&nbsp; - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-06-09 17:14&nbsp; &nbsp; 451872&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-01-25 04:40&nbsp; &nbsp; 1607120&nbsp; &nbsp; ----a-w-&nbsp; &nbsp; c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe.Contents of the &#039;Scheduled Tasks&#039; folder.2013-01-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000Core.job- c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-29 20:46].2013-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000UA.job- c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-29 20:46].2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 21:14].2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 21:14]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]&quot;IgfxTray&quot;=&quot;c:\windows\system32\igfxtray.exe&quot; [2008-08-25 153624]&quot;HotKeysCmds&quot;=&quot;c:\windows\system32\hkcmd.exe&quot; [2008-08-25 225816]&quot;Persistence&quot;=&quot;c:\windows\system32\igfxpers.exe&quot; [2008-08-25 199704]&quot;SynTPEnh&quot;=&quot;c:\program files\Synaptics\SynTP\SynTPEnh.exe&quot; [2008-06-20 1533736]&quot;SmartMenu&quot;=&quot;c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe&quot; [BU]&quot;lxdumon.exe&quot;=&quot;c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe&quot; [2008-09-10 676520]&quot;lxduamon&quot;=&quot;c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe&quot; [2008-09-10 16040]&quot;SysTrayApp&quot;=&quot;c:\program files (x86)\IDT\WDM\sttray64.exe&quot; [BU].------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.com/uLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&amp;tp=iehome&amp;locale=en_us&amp;c=91&amp;bd=Pavilion&amp;pf=cnnbmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&amp;tp=iehome&amp;locale=en_us&amp;c=91&amp;bd=Pavilion&amp;pf=cnnbmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localmSearchAssistant = IE: E&amp;xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\FF - prefs.js: browser.startup.homepage - www.google.com/FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2012-12-30 11:26; plugin@selectionlinks.com; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\extensions\plugin@selectionlinks.comFF - ExtSQL: 2012-12-30 16:02; {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}; c:\program files (x86)\Mozilla Firefox\extensions\{40D65E82-75AC-47CA-8A73-1CEDC2668EFF}FF - ExtSQL: 2013-01-24 18:59; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}FF - ExtSQL: 2013-01-26 22:03; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}user_pref(&#039;extensions.autoDisableScopes&#039;, 0);user_pref(&#039;security.csp.enable&#039;, false);user_pref(&#039;security.OCSP.enabled&#039;, 0);.- - - - ORPHANS REMOVED - - - -.BHO-{300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file)WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)...[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]&quot;ImagePath&quot;=&quot;\&quot;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\&quot; /s \&quot;Norton Internet Security\&quot; /m \&quot;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\&quot; /prefetch:1&quot;.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]&quot;ImagePath&quot;=&quot;\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl&quot;.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)&quot;{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}&quot;=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,&nbsp;&nbsp; 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00&quot;{EF99BD32-C1FB-11D2-892F-0090271D4F88}&quot;=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,&nbsp;&nbsp; eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c&quot;{02478D38-C3F9-4EFB-9B51-7695ECA05670}&quot;=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,&nbsp;&nbsp; 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64&quot;{18DF081C-E8AD-4283-A596-FA578C2EBDC3}&quot;=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,&nbsp;&nbsp; 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7&quot;{D2C5E510-BE6D-42CC-9F61-E4F939078474}&quot;=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,&nbsp;&nbsp; d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60&quot;{D2CE3E00-F94A-4740-988E-03DC2F38C34F}&quot;=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,&nbsp;&nbsp; d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b&quot;{DBC80044-A445-435B-BC74-9C25C1C588A9}&quot;=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,&nbsp;&nbsp; df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd&quot;{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}&quot;=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,&nbsp;&nbsp; f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95&quot;{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}&quot;=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,&nbsp;&nbsp; fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42&quot;{FF059E31-CC5A-4E2E-BF3B-96E929D65503}&quot;=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,&nbsp;&nbsp; fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17&quot;{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}&quot;=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,&nbsp;&nbsp; b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)&quot;Timestamp&quot;=hex:3f,a5,87,e6,1b,ca,cd,01.[HKEY_USERS\S-1-5-21-3488472860-609737526-646370250-1000\È a*Ä*_*w*a*r*e*\Webroot\Log]&quot;WRFrame.exe_lflast&quot;=dword:0000000c.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@=&quot;FlashBroker&quot;&quot;LocalizedString&quot;=&quot;@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101&quot;.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]&quot;Enabled&quot;=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@=&quot;c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe&quot;.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@=&quot;IFlashBroker5&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@=&quot;{00020424-0000-0000-C000-000000000046}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}&quot;&quot;Version&quot;=&quot;1.0&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@=&quot;FlashBroker&quot;&quot;LocalizedString&quot;=&quot;@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]&quot;Enabled&quot;=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@=&quot;Shockwave Flash Object&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx&quot;&quot;ThreadingModel&quot;=&quot;Apartment&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@=&quot;0&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@=&quot;ShockwaveFlash.ShockwaveFlash.11&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@=&quot;{D27CDB6B-AE6D-11cf-96B8-444553540000}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@=&quot;1.0&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@=&quot;ShockwaveFlash.ShockwaveFlash&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@=&quot;Macromedia Flash Factory Object&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx&quot;&quot;ThreadingModel&quot;=&quot;Apartment&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@=&quot;FlashFactory.FlashFactory.1&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@=&quot;{D27CDB6B-AE6D-11cf-96B8-444553540000}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@=&quot;1.0&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@=&quot;FlashFactory.FlashFactory&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@=&quot;IFlashBroker5&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@=&quot;{00020424-0000-0000-C000-000000000046}&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}&quot;&quot;Version&quot;=&quot;1.0&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@=&quot;Shockwave Flash&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@=&quot;&quot;.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@=&quot;FlashBroker&quot;.[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]&quot;SymbolicLinkValue&quot;=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,&nbsp;&nbsp; 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)&quot;BlindDial&quot;=dword:00000000&quot;MSCurrentCountry&quot;=dword:000000b5.Completion time: 2013-01-29&nbsp; 10:50:06ComboFix-quarantined-files.txt&nbsp; 2013-01-29 15:50ComboFix2.txt&nbsp; 2013-01-28 21:37.Pre-Run: 411,508,326,400 bytes freePost-Run: 411,483,148,288 bytes free.- - End Of File - - 2244CC97D89D8568B2CDC3DF007E832BAdware:# AdwCleaner v2.109 - Logfile created 01/29/2013 at 10:59:51# Updated 26/01/2013 by Xplode# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)# User : Michelle - MICHELLE-PC# Boot Mode : Normal# Running from : C:\Users\Michelle\Desktop\AdwCleaner.exe# Option [Delete]***** [Services] ********** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\Ask.comDeleted on reboot : C:\ProgramData\AskDeleted on reboot : C:\Users\Michelle\AppData\Local\ConduitDeleted on reboot : C:\Users\Michelle\AppData\LocalLow\AskToolbarDeleted on reboot : C:\Users\Michelle\AppData\LocalLow\ConduitDeleted on reboot : C:\Users\Michelle\AppData\LocalLow\PriceGongDeleted on reboot : C:\Users\Michelle\AppData\LocalLow\Toolbar4Deleted on reboot : C:\Users\Michelle\AppData\Roaming\iWinDeleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk***** [Registry] *****Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F42D4712-298F-4502-8668-7B9940C3FB00}Key Deleted : HKLM\Software\APNKey Deleted : HKLM\Software\AskToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\IminentKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPKey Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]***** [Internet Browsers] *****-\\ Internet Explorer v9.0.8112.16457[OK] Registry is clean.-\\ Mozilla Firefox v18.0.1 (en-US)File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\prefs.jsC:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\user.js ... Deleted !Deleted : user_pref(&quot;extensions.wajam.affiliate_id&quot;, &quot;5922&quot;);Deleted : user_pref(&quot;extensions.wajam.firstrun&quot;, &quot;false&quot;);Deleted : user_pref(&quot;extensions.wajam.log_send_info&quot;, &quot;false&quot;);Deleted : user_pref(&quot;extensions.wajam.mappingListJsonString&quot;, &quot;{\&quot;version\&quot;:\&quot;0.21083\&quot;,\&quot;supported_sites\&quot;:{\[...]Deleted : user_pref(&quot;extensions.wajam.no_trace&quot;, &quot;false&quot;);Deleted : user_pref(&quot;extensions.wajam.server_current_mapping_version&quot;, &quot;0.21083&quot;);Deleted : user_pref(&quot;extensions.wajam.trace_log&quot;, &quot;1356884951654 - processSiteLookup - Error Message: can&#039;t ac[...]Deleted : user_pref(&quot;extensions.wajam.unique_id&quot;, &quot;E9F44ADF8FEC2D56D096FE41A16EB66B&quot;);Deleted : user_pref(&quot;extensions.wajam.user_current_mapping_version&quot;, &quot;0&quot;);Deleted : user_pref(&quot;extensions.wajam.version&quot;, &quot;1.26&quot;);-\\ Google Chrome v24.0.1312.56File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[S1].txt - [10520 octets] - [29/01/2013 10:59:51]########## EOF - C:\AdwCleaner[S1].txt - [10581 octets] ##########TDSS log 1: 11:08:50.0712 4972&nbsp; TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3511:08:51.0012 4972&nbsp; ============================================================11:08:51.0012 4972&nbsp; Current date / time: 2013/01/29 11:08:51.001211:08:51.0012 4972&nbsp; SystemInfo:11:08:51.0012 4972&nbsp; 11:08:51.0012 4972&nbsp; OS Version: 6.0.6002 ServicePack: 2.011:08:51.0012 4972&nbsp; Product type: Workstation11:08:51.0012 4972&nbsp; ComputerName: MICHELLE-PC11:08:51.0012 4972&nbsp; UserName: Michelle11:08:51.0012 4972&nbsp; Windows directory: C:\Windows11:08:51.0012 4972&nbsp; System windows directory: C:\Windows11:08:51.0012 4972&nbsp; Running under WOW6411:08:51.0012 4972&nbsp; Processor architecture: Intel x6411:08:51.0012 4972&nbsp; Number of processors: 211:08:51.0012 4972&nbsp; Page size: 0x100011:08:51.0012 4972&nbsp; Boot type: Normal boot11:08:51.0012 4972&nbsp; ============================================================11:08:53.0917 4972&nbsp; Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type &#039;K0&#039;, Flags 0x0000004011:08:53.0925 4972&nbsp; ============================================================11:08:53.0925 4972&nbsp; \Device\Harddisk0\DR0:11:08:53.0951 4972&nbsp; MBR partitions:11:08:53.0951 4972&nbsp; \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38A92FC111:08:53.0951 4972&nbsp; \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A93000, BlocksNum 0x18F180011:08:53.0951 4972&nbsp; ============================================================11:08:54.0118 4972&nbsp; C: &lt;-&gt; \Device\Harddisk0\DR0\Partition111:08:55.0113 4972&nbsp; D: &lt;-&gt; \Device\Harddisk0\DR0\Partition211:08:55.0114 4972&nbsp; ============================================================11:08:55.0114 4972&nbsp; Initialize success11:08:55.0114 4972&nbsp; ============================================================11:10:21.0238 3172&nbsp; Deinitialize success&nbsp;TDSS Log 2:11:13:43.0298 0384&nbsp; TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3511:13:43.0844 0384&nbsp; ============================================================11:13:43.0844 0384&nbsp; Current date / time: 2013/01/29 11:13:43.084411:13:43.0844 0384&nbsp; SystemInfo:11:13:43.0844 0384&nbsp; 11:13:43.0844 0384&nbsp; OS Version: 6.0.6002 ServicePack: 2.011:13:43.0844 0384&nbsp; Product type: Workstation11:13:43.0844 0384&nbsp; ComputerName: MICHELLE-PC11:13:43.0844 0384&nbsp; UserName: Michelle11:13:43.0844 0384&nbsp; Windows directory: C:\Windows11:13:43.0844 0384&nbsp; System windows directory: C:\Windows11:13:43.0844 0384&nbsp; Running under WOW6411:13:43.0844 0384&nbsp; Processor architecture: Intel x6411:13:43.0844 0384&nbsp; Number of processors: 211:13:43.0844 0384&nbsp; Page size: 0x100011:13:43.0844 0384&nbsp; Boot type: Normal boot11:13:43.0844 0384&nbsp; ============================================================11:13:47.0229 0384&nbsp; BG loaded11:13:48.0992 0384&nbsp; Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type &#039;K0&#039;, Flags 0x0000004011:13:49.0007 0384&nbsp; ============================================================11:13:49.0007 0384&nbsp; \Device\Harddisk0\DR0:11:13:49.0007 0384&nbsp; MBR partitions:11:13:49.0007 0384&nbsp; \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38A92FC111:13:49.0007 0384&nbsp; \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A93000, BlocksNum 0x18F180011:13:49.0007 0384&nbsp; ============================================================11:13:49.0272 0384&nbsp; C: &lt;-&gt; \Device\Harddisk0\DR0\Partition111:13:49.0616 0384&nbsp; D: &lt;-&gt; \Device\Harddisk0\DR0\Partition211:13:49.0616 0384&nbsp; ============================================================11:13:49.0616 0384&nbsp; Initialize success11:13:49.0616 0384&nbsp; ============================================================11:14:18.0659 4008&nbsp; ============================================================11:14:18.0659 4008&nbsp; Scan started11:14:18.0659 4008&nbsp; Mode: Manual; SigCheck; TDLFS; 11:14:18.0659 4008&nbsp; ============================================================11:14:20.0904 4008&nbsp; ================ Scan system memory ========================11:14:20.0904 4008&nbsp; System memory - ok11:14:20.0910 4008&nbsp; ================ Scan services =============================11:14:21.0439 4008&nbsp; [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE&nbsp; &nbsp; &nbsp; &nbsp; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE11:14:21.0592 4008&nbsp; !SASCORE - ok11:14:22.0539 4008&nbsp; [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer&nbsp;&nbsp; C:\Windows\system32\DRIVERS\Accelerometer.sys11:14:22.0558 4008&nbsp; Accelerometer - ok11:14:22.0769 4008&nbsp; [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\acpi.sys11:14:22.0819 4008&nbsp; ACPI - ok11:14:23.0138 4008&nbsp; [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe11:14:23.0156 4008&nbsp; AdobeARMservice - ok11:14:23.0400 4008&nbsp; [ F14215E37CF124104575073F782111D2 ] adp94xx&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\adp94xx.sys11:14:23.0463 4008&nbsp; adp94xx - ok11:14:23.0741 4008&nbsp; [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\adpahci.sys11:14:23.0789 4008&nbsp; adpahci - ok11:14:23.0830 4008&nbsp; [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\adpu160m.sys11:14:23.0863 4008&nbsp; adpu160m - ok11:14:23.0874 4008&nbsp; [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\adpu320.sys11:14:23.0913 4008&nbsp; adpu320 - ok11:14:24.0031 4008&nbsp; [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc&nbsp; &nbsp;&nbsp; C:\Windows\System32\aelupsvc.dll11:14:24.0801 4008&nbsp; AeLookupSvc - ok11:14:25.0048 4008&nbsp; [ 7F66523A27754AFCFECAE2F5EB643A4A ] AESTFilters&nbsp; &nbsp;&nbsp; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe11:14:25.0185 4008&nbsp; AESTFilters - ok11:14:25.0355 4008&nbsp; [ C4F6CE6087760AD70960C9EB130E7943 ] AFD&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\afd.sys11:14:25.0505 4008&nbsp; AFD - ok11:14:25.0603 4008&nbsp; [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe11:14:25.0753 4008&nbsp; AgereModemAudio - ok11:14:25.0871 4008&nbsp; [ 3627A62B10284FFBF862BFD49928EDF4 ] AgereSoftModem&nbsp; C:\Windows\system32\DRIVERS\agrsm64.sys11:14:25.0942 4008&nbsp; AgereSoftModem - ok11:14:26.0018 4008&nbsp; [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\agp440.sys11:14:26.0050 4008&nbsp; agp440 - ok11:14:26.0090 4008&nbsp; [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\djsvs.sys11:14:26.0122 4008&nbsp; aic78xx - ok11:14:26.0183 4008&nbsp; [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\alg.exe11:14:26.0775 4008&nbsp; ALG - ok11:14:26.0842 4008&nbsp; [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\aliide.sys11:14:26.0873 4008&nbsp; aliide - ok11:14:26.0879 4008&nbsp; [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\amdide.sys11:14:26.0911 4008&nbsp; amdide - ok11:14:26.0956 4008&nbsp; [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\amdk8.sys11:14:27.0058 4008&nbsp; AmdK8 - ok11:14:27.0146 4008&nbsp; [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\appinfo.dll11:14:27.0235 4008&nbsp; Appinfo - ok11:14:28.0118 4008&nbsp; [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe11:14:28.0131 4008&nbsp; Apple Mobile Device - ok11:14:28.0214 4008&nbsp; [ BA8417D4765F3988FF921F30F630E303 ] arc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\arc.sys11:14:28.0248 4008&nbsp; arc - ok11:14:28.0316 4008&nbsp; [ 9D41C435619733B34CC16A511E644B11 ] arcsas&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\arcsas.sys11:14:28.0357 4008&nbsp; arcsas - ok11:14:28.0386 4008&nbsp; [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\asyncmac.sys11:14:28.0455 4008&nbsp; AsyncMac - ok11:14:28.0508 4008&nbsp; [ E68D9B3A3905619732F7FE039466A623 ] atapi&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\atapi.sys11:14:28.0526 4008&nbsp; atapi - ok11:14:28.0674 4008&nbsp; [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll11:14:28.0832 4008&nbsp; AudioEndpointBuilder - ok11:14:28.0905 4008&nbsp; [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\System32\Audiosrv.dll11:14:28.0960 4008&nbsp; AudioSrv - ok11:14:29.0046 4008&nbsp; [ A4815907B039121D8D9221695CDC35F7 ] BCM43XX&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\bcmwl664.sys11:14:29.0123 4008&nbsp; BCM43XX - ok11:14:29.0130 4008&nbsp; Beep - ok11:14:29.0226 4008&nbsp; [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\bfe.dll11:14:29.0334 4008&nbsp; BFE - ok11:14:29.0452 4008&nbsp; [ 6D316F4859634071CC25C4FD4589AD2C ] BITS&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\qmgr.dll11:14:29.0578 4008&nbsp; BITS - ok11:14:29.0659 4008&nbsp; [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\blbdrive.sys11:14:29.0883 4008&nbsp; blbdrive - ok11:14:29.0979 4008&nbsp; [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe11:14:30.0008 4008&nbsp; Bonjour Service - ok11:14:30.0109 4008&nbsp; [ 2348447A80920B2493A9B582A23E81E1 ] bowser&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\bowser.sys11:14:30.0280 4008&nbsp; bowser - ok11:14:30.0365 4008&nbsp; [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\brfiltlo.sys11:14:30.0447 4008&nbsp; BrFiltLo - ok11:14:30.0469 4008&nbsp; [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\brfiltup.sys11:14:30.0546 4008&nbsp; BrFiltUp - ok11:14:30.0621 4008&nbsp; [ A1B39DE453433B115B4EA69EE0343816 ] Browser&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\browser.dll11:14:30.0712 4008&nbsp; Browser - ok11:14:30.0755 4008&nbsp; [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\brserid.sys11:14:31.0077 4008&nbsp; Brserid - ok11:14:31.0132 4008&nbsp; [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\brserwdm.sys11:14:31.0333 4008&nbsp; BrSerWdm - ok11:14:31.0423 4008&nbsp; [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\brusbmdm.sys11:14:31.0584 4008&nbsp; BrUsbMdm - ok11:14:31.0609 4008&nbsp; [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\brusbser.sys11:14:31.0714 4008&nbsp; BrUsbSer - ok11:14:31.0766 4008&nbsp; [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\bthmodem.sys11:14:31.0843 4008&nbsp; BTHMODEM - ok11:14:31.0858 4008&nbsp; catchme - ok11:14:31.0876 4008&nbsp; [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\cdfs.sys11:14:31.0941 4008&nbsp; cdfs - ok11:14:31.0981 4008&nbsp; [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\cdrom.sys11:14:32.0082 4008&nbsp; cdrom - ok11:14:32.0178 4008&nbsp; [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc&nbsp; &nbsp;&nbsp; C:\Windows\System32\certprop.dll11:14:32.0242 4008&nbsp; CertPropSvc - ok11:14:32.0287 4008&nbsp; [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\circlass.sys11:14:32.0373 4008&nbsp; circlass - ok11:14:32.0444 4008&nbsp; [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\CLFS.sys11:14:32.0476 4008&nbsp; CLFS - ok11:14:32.0657 4008&nbsp; [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:14:32.0671 4008&nbsp; clr_optimization_v2.0.50727_32 - ok11:14:32.0705 4008&nbsp; [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe11:14:32.0719 4008&nbsp; clr_optimization_v2.0.50727_64 - ok11:14:32.0847 4008&nbsp; [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:14:33.0438 4008&nbsp; clr_optimization_v4.0.30319_32 - ok11:14:33.0518 4008&nbsp; [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe11:14:33.0625 4008&nbsp; clr_optimization_v4.0.30319_64 - ok11:14:33.0673 4008&nbsp; [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\CmBatt.sys11:14:33.0763 4008&nbsp; CmBatt - ok11:14:33.0779 4008&nbsp; [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\cmdide.sys11:14:33.0794 4008&nbsp; cmdide - ok11:14:33.0885 4008&nbsp; [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx&nbsp; &nbsp; &nbsp;&nbsp; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe11:14:33.0897 4008&nbsp; Com4QLBEx - ok11:14:33.0917 4008&nbsp; [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\compbatt.sys11:14:33.0931 4008&nbsp; Compbatt - ok11:14:33.0937 4008&nbsp; COMSysApp - ok11:14:33.0965 4008&nbsp; [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\crcdisk.sys11:14:33.0979 4008&nbsp; crcdisk - ok11:14:34.0038 4008&nbsp; [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\cryptsvc.dll11:14:34.0139 4008&nbsp; CryptSvc - ok11:14:34.0290 4008&nbsp; [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch&nbsp; &nbsp; &nbsp; C:\Windows\system32\rpcss.dll11:14:34.0397 4008&nbsp; DcomLaunch - ok11:14:34.0435 4008&nbsp; [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\Drivers\dfsc.sys11:14:34.0532 4008&nbsp; DfsC - ok11:14:35.0111 4008&nbsp; [ C647F468F7DE343DF8C143655C5557D4 ] DFSR&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DFSR.exe11:14:35.0959 4008&nbsp; DFSR - ok11:14:36.0085 4008&nbsp; [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\System32\dhcpcsvc.dll11:14:36.0146 4008&nbsp; Dhcp - ok11:14:36.0481 4008&nbsp; [ B0107E40ECDB5FA692EBF832F295D905 ] disk&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\disk.sys11:14:36.0501 4008&nbsp; disk - ok11:14:36.0554 4008&nbsp; [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\System32\dnsrslvr.dll11:14:36.0610 4008&nbsp; Dnscache - ok11:14:36.0653 4008&nbsp; [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\dot3svc.dll11:14:36.0711 4008&nbsp; dot3svc - ok11:14:36.0814 4008&nbsp; [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\dps.dll11:14:36.0881 4008&nbsp; DPS - ok11:14:36.0945 4008&nbsp; [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\drmkaud.sys11:14:36.0994 4008&nbsp; drmkaud - ok11:14:37.0374 4008&nbsp; [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\drivers\dxgkrnl.sys11:14:37.0431 4008&nbsp; DXGKrnl - ok11:14:37.0688 4008&nbsp; [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\E1G6032E.sys11:14:37.0761 4008&nbsp; E1G60 - ok11:14:37.0821 4008&nbsp; [ C2303883FD9BE49DC36A6400643002EA ] EapHost&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\eapsvc.dll11:14:37.0875 4008&nbsp; EapHost - ok11:14:37.0932 4008&nbsp; [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\ecache.sys11:14:37.0957 4008&nbsp; Ecache - ok11:14:38.0092 4008&nbsp; [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\ehome\ehRecvr.exe11:14:38.0212 4008&nbsp; ehRecvr - ok11:14:38.0623 4008&nbsp; [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\ehome\ehsched.exe11:14:38.0796 4008&nbsp; ehSched - ok11:14:39.0016 4008&nbsp; [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\ehome\ehstart.dll11:14:39.0095 4008&nbsp; ehstart - ok11:14:39.0207 4008&nbsp; [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\elxstor.sys11:14:39.0263 4008&nbsp; elxstor - ok11:14:39.0389 4008&nbsp; [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\emdmgmt.dll11:14:39.0530 4008&nbsp; EMDMgmt - ok11:14:39.0586 4008&nbsp; [ F218A3A27ED6592C0E22EC3595554447 ] enecir&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\enecir.sys11:14:39.0727 4008&nbsp; enecir - ok11:14:39.0800 4008&nbsp; [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\errdev.sys11:14:39.0899 4008&nbsp; ErrDev - ok11:14:40.0032 4008&nbsp; [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem&nbsp; &nbsp;&nbsp; C:\Windows\system32\es.dll11:14:40.0151 4008&nbsp; EventSystem - ok11:14:40.0245 4008&nbsp; [ 486844F47B6636044A42454614ED4523 ] exfat&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\exfat.sys11:14:40.0320 4008&nbsp; exfat - ok11:14:40.0375 4008&nbsp; [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\fastfat.sys11:14:40.0501 4008&nbsp; fastfat - ok11:14:40.0583 4008&nbsp; [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\fdc.sys11:14:40.0663 4008&nbsp; fdc - ok11:14:40.0721 4008&nbsp; [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\fdPHost.dll11:14:40.0818 4008&nbsp; fdPHost - ok11:14:40.0835 4008&nbsp; [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\fdrespub.dll11:14:40.0946 4008&nbsp; FDResPub - ok11:14:40.0977 4008&nbsp; [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\fileinfo.sys11:14:41.0012 4008&nbsp; FileInfo - ok11:14:41.0032 4008&nbsp; [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace&nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\filetrace.sys11:14:41.0078 4008&nbsp; Filetrace - ok11:14:41.0158 4008&nbsp; [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\flpydisk.sys11:14:41.0228 4008&nbsp; flpydisk - ok11:14:41.0327 4008&nbsp; [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\fltmgr.sys11:14:41.0349 4008&nbsp; FltMgr - ok11:14:41.0672 4008&nbsp; [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache&nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\FntCache.dll11:14:41.0767 4008&nbsp; FontCache - ok11:14:41.0920 4008&nbsp; [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe11:14:41.0938 4008&nbsp; FontCache3.0.0.0 - ok11:14:42.0079 4008&nbsp; [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\Fs_Rec.sys11:14:42.0143 4008&nbsp; Fs_Rec - ok11:14:42.0162 4008&nbsp; [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\gagp30kx.sys11:14:42.0177 4008&nbsp; gagp30kx - ok11:14:42.0275 4008&nbsp; [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe11:14:42.0291 4008&nbsp; GameConsoleService - ok11:14:42.0382 4008&nbsp; [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM&nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys11:14:42.0392 4008&nbsp; GEARAspiWDM - ok11:14:42.0477 4008&nbsp; [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\gpsvc.dll11:14:42.0536 4008&nbsp; gpsvc - ok11:14:42.0997 4008&nbsp; [ F02A533F517EB38333CB12A9E8963773 ] gupdate&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:14:43.0014 4008&nbsp; gupdate - ok11:14:43.0033 4008&nbsp; [ F02A533F517EB38333CB12A9E8963773 ] gupdatem&nbsp; &nbsp; &nbsp; &nbsp; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:14:43.0050 4008&nbsp; gupdatem - ok11:14:43.0138 4008&nbsp; [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys11:14:43.0411 4008&nbsp; HdAudAddService - ok11:14:43.0501 4008&nbsp; [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\HDAudBus.sys11:14:43.0841 4008&nbsp; HDAudBus - ok11:14:43.0874 4008&nbsp; [ B4881C84A180E75B8C25DC1D726C375F ] HidBth&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\hidbth.sys11:14:44.0003 4008&nbsp; HidBth - ok11:14:44.0203 4008&nbsp; [ 5F47839455D01FF6403B008D481A6F5B ] HidIr&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\hidir.sys11:14:44.0314 4008&nbsp; HidIr - ok11:14:44.0646 4008&nbsp; [ 59361D38A297755D46A540E450202B2A ] hidserv&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\hidserv.dll11:14:44.0703 4008&nbsp; hidserv - ok11:14:44.0762 4008&nbsp; [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\hidusb.sys11:14:44.0846 4008&nbsp; HidUsb - ok11:14:44.0894 4008&nbsp; [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\kmsvc.dll11:14:44.0987 4008&nbsp; hkmsvc - ok11:14:45.0095 4008&nbsp; [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe11:14:45.0183 4008&nbsp; HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning11:14:45.0183 4008&nbsp; HP Health Check Service - detected UnsignedFile.Multi.Generic (1)11:14:45.0233 4008&nbsp; [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\hpcisss.sys11:14:45.0259 4008&nbsp; HpCISSs - ok11:14:45.0354 4008&nbsp; [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\hpdskflt.sys11:14:45.0374 4008&nbsp; hpdskflt - ok11:14:45.0405 4008&nbsp; [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr&nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys11:14:45.0487 4008&nbsp; HpqKbFiltr - ok11:14:45.0575 4008&nbsp; [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex&nbsp; &nbsp; &nbsp; &nbsp; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe11:14:45.0599 4008&nbsp; hpqwmiex - ok11:14:45.0696 4008&nbsp; [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\Hpservice.exe11:14:45.0818 4008&nbsp; hpsrv - ok11:14:45.0868 4008&nbsp; [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\HTTP.sys11:14:45.0973 4008&nbsp; HTTP - ok11:14:46.0004 4008&nbsp; [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\i2omp.sys11:14:46.0049 4008&nbsp; i2omp - ok11:14:46.0087 4008&nbsp; [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\i8042prt.sys11:14:46.0169 4008&nbsp; i8042prt - ok11:14:46.0231 4008&nbsp; [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\iastorv.sys11:14:46.0286 4008&nbsp; iaStorV - ok11:14:46.0433 4008&nbsp; [ 6F95324909B502E2651442C1548AB12F ] IDriverT&nbsp; &nbsp; &nbsp; &nbsp; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe11:14:46.0535 4008&nbsp; IDriverT ( UnsignedFile.Multi.Generic ) - warning11:14:46.0535 4008&nbsp; IDriverT - detected UnsignedFile.Multi.Generic (1)11:14:47.0097 4008&nbsp; [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe11:14:47.0176 4008&nbsp; idsvc - ok11:14:47.0528 4008&nbsp; [ CF00559906E45ECC6F035913880BE2FC ] igfx&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\igdkmd64.sys11:14:47.0874 4008&nbsp; igfx - ok11:14:47.0949 4008&nbsp; [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\iirsp.sys11:14:47.0972 4008&nbsp; iirsp - ok11:14:48.0091 4008&nbsp; [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\System32\ikeext.dll11:14:48.0390 4008&nbsp; IKEEXT - ok11:14:48.0469 4008&nbsp; [ DEA2AB452B4FA773187369C4B6517320 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys11:14:48.0577 4008&nbsp; IntcHdmiAddService - ok11:14:48.0651 4008&nbsp; [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\intelide.sys11:14:48.0699 4008&nbsp; intelide - ok11:14:48.0747 4008&nbsp; [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\intelppm.sys11:14:48.0847 4008&nbsp; intelppm - ok11:14:48.0894 4008&nbsp; [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum&nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\ipbusenum.dll11:14:49.0009 4008&nbsp; IPBusEnum - ok11:14:49.0094 4008&nbsp; [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver&nbsp; C:\Windows\system32\DRIVERS\ipfltdrv.sys11:14:49.0234 4008&nbsp; IpFilterDriver - ok11:14:49.0293 4008&nbsp; [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\System32\iphlpsvc.dll11:14:49.0459 4008&nbsp; iphlpsvc - ok11:14:49.0466 4008&nbsp; IpInIp - ok11:14:49.0529 4008&nbsp; [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\ipmidrv.sys11:14:49.0598 4008&nbsp; IPMIDRV - ok11:14:49.0692 4008&nbsp; [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\ipnat.sys11:14:49.0811 4008&nbsp; IPNAT - ok11:14:50.0108 4008&nbsp; [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service&nbsp; &nbsp; C:\Program Files\iPod\bin\iPodService.exe11:14:50.0240 4008&nbsp; iPod Service - ok11:14:50.0284 4008&nbsp; [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\irenum.sys11:14:50.0364 4008&nbsp; IRENUM - ok11:14:50.0475 4008&nbsp; [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\isapnp.sys11:14:50.0508 4008&nbsp; isapnp - ok11:14:50.0644 4008&nbsp; [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\msiscsi.sys11:14:50.0682 4008&nbsp; iScsiPrt - ok11:14:50.0739 4008&nbsp; [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\iteatapi.sys11:14:50.0759 4008&nbsp; iteatapi - ok11:14:50.0795 4008&nbsp; [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\iteraid.sys11:14:50.0815 4008&nbsp; iteraid - ok11:14:50.0837 4008&nbsp; [ 423696F3BA6472DD17699209B933BC26 ] kbdclass&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\kbdclass.sys11:14:50.0857 4008&nbsp; kbdclass - ok11:14:50.0957 4008&nbsp; [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\kbdhid.sys11:14:51.0088 4008&nbsp; kbdhid - ok11:14:51.0262 4008&nbsp; [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\lsass.exe11:14:51.0368 4008&nbsp; KeyIso - ok11:14:51.0405 4008&nbsp; [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\Drivers\ksecdd.sys11:14:51.0505 4008&nbsp; KSecDD - ok11:14:51.0579 4008&nbsp; [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\ksthunk.sys11:14:51.0747 4008&nbsp; ksthunk - ok11:14:51.0873 4008&nbsp; [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\msdtckrm.dll11:14:51.0952 4008&nbsp; KtmRm - ok11:14:52.0028 4008&nbsp; [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer&nbsp; &nbsp; C:\Windows\System32\srvsvc.dll11:14:52.0184 4008&nbsp; LanmanServer - ok11:14:52.0272 4008&nbsp; [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll11:14:52.0343 4008&nbsp; LanmanWorkstation - ok11:14:52.0538 4008&nbsp; [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe11:14:52.0544 4008&nbsp; LightScribeService ( UnsignedFile.Multi.Generic ) - warning11:14:52.0544 4008&nbsp; LightScribeService - detected UnsignedFile.Multi.Generic (1)11:14:52.0640 4008&nbsp; [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\lltdio.sys11:14:52.0747 4008&nbsp; lltdio - ok11:14:52.0867 4008&nbsp; [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\lltdsvc.dll11:14:52.0977 4008&nbsp; lltdsvc - ok11:14:53.0013 4008&nbsp; [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\System32\lmhsvc.dll11:14:53.0088 4008&nbsp; lmhosts - ok11:14:53.0146 4008&nbsp; [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\lsi_fc.sys11:14:53.0166 4008&nbsp; LSI_FC - ok11:14:53.0181 4008&nbsp; [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\lsi_sas.sys11:14:53.0200 4008&nbsp; LSI_SAS - ok11:14:53.0207 4008&nbsp; [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\lsi_scsi.sys11:14:53.0227 4008&nbsp; LSI_SCSI - ok11:14:53.0234 4008&nbsp; [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\luafv.sys11:14:53.0315 4008&nbsp; luafv - ok11:14:53.0348 4008&nbsp; lxdu_device - ok11:14:53.0381 4008&nbsp; [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\Mcx2Svc.dll11:14:53.0397 4008&nbsp; Mcx2Svc - ok11:14:53.0419 4008&nbsp; [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\megasas.sys11:14:53.0433 4008&nbsp; megasas - ok11:14:53.0458 4008&nbsp; [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\megasr.sys11:14:53.0486 4008&nbsp; MegaSR - ok11:14:53.0522 4008&nbsp; [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\mmcss.dll11:14:53.0588 4008&nbsp; MMCSS - ok11:14:53.0612 4008&nbsp; [ 59848D5CC74606F0EE7557983BB73C2E ] Modem&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\drivers\modem.sys11:14:53.0700 4008&nbsp; Modem - ok11:14:53.0722 4008&nbsp; [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; C:\Windows\system32\DRIVERS\monitor.sys11:14:53.0768 4008&nbsp; monitor - ok11:14:53.0780 4008&nbsp; [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\mouclass.sys11:14:53.0822 4008&nbsp; mouclass - ok11:14:53.0917 4008&nbsp; [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\DRIVERS\mouhid.sys11:14:53.0969 4008&nbsp; mouhid - ok11:14:54.0032 4008&nbsp; [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr&nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\mountmgr.sys11:14:54.0056 4008&nbsp; MountMgr - ok11:14:54.0495 4008&nbsp; [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe11:14:54.0519 4008&nbsp; MozillaMaintenance - ok11:14:54.0614 4008&nbsp; [ F8276EB8698142884498A528DFEA8478 ] mpio&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; C:\Windows\system32\drivers\mpio.sys11:14:54.0641 4008&nbsp; mpio - ok11:14:54.0655 4008&nbsp; [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv</blockquote>

[QUOTE="Gbaby614, post: 100944, member: 5255"] I think you only requested the last 2 logs but I am posting them all in case of any errors.. I didnt realize I still had an iTunes window open until after I clicked the Combo-fix.. I don't think it harmed anything but here are the logs, also there was 2 Combofix logs but I only see 1, maybe it was supposed to delete the other? or maybe they are both in the one file.. not sure but I'm sure you know why, lol... Combofix: ComboFix 13-01-29.01 - Michelle 01/29/2013 10:18:26.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1648 [GMT -5:00] Running from: c:\users\Michelle\Desktop\Combo-fix.exe Command switches used :: c:\users\Michelle\Desktop\CFscript.txt AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Michelle\AppData\Local\Temp\DNS.exe" "c:\users\Michelle\AppData\Local\Temp\Runner.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Michelle\AppData\Local\visi_coupon c:\users\Michelle\AppData\Local\visi_coupon\merchants.dat2 . . ((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 ))))))))))))))))))))))))))))))) . . 2013-01-29 15:48 . 2013-01-29 15:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2013-01-29 15:48 . 2013-01-29 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-29 07:08 . 2013-01-29 07:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D4AC6A-B684-481F-8D1C-0F2E5881F17A}\offreg.dll 2013-01-29 06:46 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D4AC6A-B684-481F-8D1C-0F2E5881F17A}\mpengine.dll 2013-01-28 22:02 . 2013-01-28 22:02 -------- d-----w- c:\users\Michelle\AppData\Roaming\CyberLink 2013-01-28 22:02 . 2013-01-28 22:02 -------- d-----w- c:\users\Public\CyberLink 2013-01-28 19:17 . 2013-01-28 19:17 -------- d-----w- C:\FRST 2013-01-27 02:51 . 2013-01-27 02:51 -------- d-----w- c:\users\Michelle\AppData\Roaming\Malwarebytes 2013-01-27 02:51 . 2013-01-27 02:51 -------- d-----w- c:\programdata\Malwarebytes 2013-01-27 02:51 . 2013-01-27 02:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-27 02:51 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-27 00:29 . 2013-01-27 23:10 -------- d-----w- c:\users\Michelle\AppData\Roaming\QuickScan 2013-01-25 18:30 . 2013-01-25 18:30 -------- d-----w- c:\users\Michelle\AppData\Roaming\SUPERAntiSpyware.com 2013-01-25 18:28 . 2013-01-25 18:30 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-25 18:28 . 2013-01-25 18:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-01-25 04:29 . 2013-01-25 04:28 859552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-25 04:29 . 2013-01-25 04:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-09 14:05 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 14:05 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 14:04 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 14:04 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 14:04 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 14:04 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 14:04 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 14:02 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll 2013-01-03 01:37 . 2013-01-03 01:37 -------- d-----w- c:\users\Michelle\AppData\Local\IsolatedStorage 2012-12-30 21:54 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-30 21:41 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll 2012-12-30 21:41 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-30 21:41 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll 2012-12-30 21:41 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-30 21:04 . 2012-12-30 21:04 49872 ----a-w- c:\windows\system32\drivers\bmepmwfm.sys 2012-12-30 16:32 . 2012-12-30 16:46 -------- d-----w- C:\Temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-25 04:28 . 2011-07-09 15:02 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-25 04:12 . 2012-06-21 18:20 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-25 04:12 . 2011-05-19 13:57 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-24 03:16 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe 2012-12-19 23:59 . 2012-04-03 21:22 151880 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-12-19 23:59 . 2012-04-03 21:22 111776 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-12-19 23:59 . 2012-04-03 21:22 105024 ----a-w- c:\windows\system32\WRusr.dll 2012-11-14 18:43 . 2012-11-14 18:43 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-11-14 18:43 . 2012-11-14 18:43 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-11-14 18:43 . 2012-11-14 18:43 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-11-14 18:43 . 2012-11-14 18:43 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-11-14 18:43 . 2012-11-14 18:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-11-14 18:43 . 2012-11-14 18:43 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-11-14 18:43 . 2012-11-14 18:43 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-11-14 18:43 . 2012-11-14 18:43 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-11-14 18:43 . 2012-11-14 18:43 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-11-14 18:42 . 2012-11-14 18:42 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-11-14 18:42 . 2012-11-14 18:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-11-14 18:42 . 2012-11-14 18:42 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-11-14 18:42 . 2012-11-14 18:42 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-11-14 18:42 . 2012-11-14 18:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-11-14 18:42 . 2012-11-14 18:42 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-11-14 18:42 . 2012-11-14 18:42 222208 ----a-w- c:\windows\system32\msls31.dll 2012-11-14 18:42 . 2012-11-14 18:42 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-11-14 18:42 . 2012-11-14 18:42 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-11-14 18:42 . 2012-11-14 18:42 197120 ----a-w- c:\windows\system32\msrating.dll 2012-11-14 18:42 . 2012-11-14 18:42 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-11-14 18:42 . 2012-11-14 18:42 12288 ----a-w- c:\windows\system32\mshta.exe 2012-11-14 18:42 . 2012-11-14 18:42 114176 ----a-w- c:\windows\system32\admparse.dll 2012-11-14 18:42 . 2012-11-14 18:42 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-11-14 18:42 . 2012-11-14 18:42 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-11-14 18:42 . 2012-11-14 18:42 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-11-14 18:42 . 2012-11-14 18:42 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-11-14 18:42 . 2012-11-14 18:42 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-11-14 18:42 . 2012-11-14 18:42 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-11-14 18:42 . 2012-11-14 18:42 448512 ----a-w- c:\windows\system32\html.iec 2012-11-14 18:42 . 2012-11-14 18:42 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-11-14 18:42 . 2012-11-14 18:42 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-11-14 18:42 . 2012-11-14 18:42 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-11-14 18:42 . 2012-11-14 18:42 136192 ----a-w- c:\windows\system32\advpack.dll 2012-11-14 18:42 . 2012-11-14 18:42 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-11-14 18:42 . 2012-11-14 18:42 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-11-14 18:42 . 2012-11-14 18:42 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-11-14 18:42 . 2012-11-14 18:42 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-11-14 18:42 . 2012-11-14 18:42 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-11-14 18:42 . 2012-11-14 18:42 82432 ----a-w- c:\windows\system32\icardie.dll 2012-11-14 18:42 . 2012-11-14 18:42 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-11-14 18:42 . 2012-11-14 18:42 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-11-14 18:42 . 2012-11-14 18:42 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-11-14 18:42 . 2012-11-14 18:42 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-11-14 18:42 . 2012-11-14 18:42 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-14 18:42 . 2012-11-14 18:42 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-11-14 18:42 . 2012-11-14 18:42 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-11-14 18:42 . 2012-11-14 18:42 160256 ----a-w- c:\windows\system32\wextract.exe 2012-11-14 18:42 . 2012-11-14 18:42 103936 ----a-w- c:\windows\system32\inseng.dll 2012-11-14 18:42 . 2012-11-14 18:42 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-11-14 18:42 . 2012-11-14 18:42 149504 ----a-w- c:\windows\system32\occache.dll 2012-11-13 01:45 . 2012-12-12 09:07 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-13 01:29 . 2012-12-12 09:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-02 10:45 . 2012-12-13 06:59 477696 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 10:45 . 2012-12-13 06:59 68096 ----a-w- c:\windows\system32\dpnathlp.dll 2012-11-02 10:18 . 2012-12-13 06:59 376320 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-11-02 08:59 . 2012-12-13 06:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe 2012-11-02 08:26 . 2012-12-13 06:59 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-11-26 1525088] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080] "Facebook Update"="c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976] "WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2012-12-19 733808] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2008-06-27 89088] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-25 04:40 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000Core.job - c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-29 20:46] . 2013-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3488472860-609737526-646370250-1000UA.job - c:\users\Michelle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-29 20:46] . 2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 21:14] . 2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-29 21:14] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 199704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736] "SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU] "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520] "lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040] "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local mSearchAssistant = IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\ FF - prefs.js: browser.startup.homepage - www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-30 11:26; plugin@selectionlinks.com; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\extensions\plugin@selectionlinks.com FF - ExtSQL: 2012-12-30 16:02; {40D65E82-75AC-47CA-8A73-1CEDC2668EFF}; c:\program files (x86)\Mozilla Firefox\extensions\{40D65E82-75AC-47CA-8A73-1CEDC2668EFF} FF - ExtSQL: 2013-01-24 18:59; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - ExtSQL: 2013-01-26 22:03; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0); . - - - - ORPHANS REMOVED - - - - . BHO-{300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file) WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6, d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:3f,a5,87,e6,1b,ca,cd,01 . [HKEY_USERS\S-1-5-21-3488472860-609737526-646370250-1000\È a*Ä*_*w*a*r*e*\Webroot\Log] "WRFrame.exe_lflast"=dword:0000000c . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-01-29 10:50:06 ComboFix-quarantined-files.txt 2013-01-29 15:50 ComboFix2.txt 2013-01-28 21:37 . Pre-Run: 411,508,326,400 bytes free Post-Run: 411,483,148,288 bytes free . - - End Of File - - 2244CC97D89D8568B2CDC3DF007E832B Adware: # AdwCleaner v2.109 - Logfile created 01/29/2013 at 10:59:51 # Updated 26/01/2013 by Xplode # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # User : Michelle - MICHELLE-PC # Boot Mode : Normal # Running from : C:\Users\Michelle\Desktop\AdwCleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Ask.com Deleted on reboot : C:\ProgramData\Ask Deleted on reboot : C:\Users\Michelle\AppData\Local\Conduit Deleted on reboot : C:\Users\Michelle\AppData\LocalLow\AskToolbar Deleted on reboot : C:\Users\Michelle\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\Michelle\AppData\LocalLow\PriceGong Deleted on reboot : C:\Users\Michelle\AppData\LocalLow\Toolbar4 Deleted on reboot : C:\Users\Michelle\AppData\Roaming\iWin Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F42D4712-298F-4502-8668-7B9940C3FB00} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\prefs.js C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\user.js ... Deleted ! Deleted : user_pref("extensions.wajam.affiliate_id", "5922"); Deleted : user_pref("extensions.wajam.firstrun", "false"); Deleted : user_pref("extensions.wajam.log_send_info", "false"); Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...] Deleted : user_pref("extensions.wajam.no_trace", "false"); Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21083"); Deleted : user_pref("extensions.wajam.trace_log", "1356884951654 - processSiteLookup - Error Message: can't ac[...] Deleted : user_pref("extensions.wajam.unique_id", "E9F44ADF8FEC2D56D096FE41A16EB66B"); Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0"); Deleted : user_pref("extensions.wajam.version", "1.26"); -\\ Google Chrome v24.0.1312.56 File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [10520 octets] - [29/01/2013 10:59:51] ########## EOF - C:\AdwCleaner[S1].txt - [10581 octets] ########## TDSS log 1: 11:08:50.0712 4972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:08:51.0012 4972 ============================================================ 11:08:51.0012 4972 Current date / time: 2013/01/29 11:08:51.0012 11:08:51.0012 4972 SystemInfo: 11:08:51.0012 4972 11:08:51.0012 4972 OS Version: 6.0.6002 ServicePack: 2.0 11:08:51.0012 4972 Product type: Workstation 11:08:51.0012 4972 ComputerName: MICHELLE-PC 11:08:51.0012 4972 UserName: Michelle 11:08:51.0012 4972 Windows directory: C:\Windows 11:08:51.0012 4972 System windows directory: C:\Windows 11:08:51.0012 4972 Running under WOW64 11:08:51.0012 4972 Processor architecture: Intel x64 11:08:51.0012 4972 Number of processors: 2 11:08:51.0012 4972 Page size: 0x1000 11:08:51.0012 4972 Boot type: Normal boot 11:08:51.0012 4972 ============================================================ 11:08:53.0917 4972 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:08:53.0925 4972 ============================================================ 11:08:53.0925 4972 \Device\Harddisk0\DR0: 11:08:53.0951 4972 MBR partitions: 11:08:53.0951 4972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38A92FC1 11:08:53.0951 4972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A93000, BlocksNum 0x18F1800 11:08:53.0951 4972 ============================================================ 11:08:54.0118 4972 C: <-> \Device\Harddisk0\DR0\Partition1 11:08:55.0113 4972 D: <-> \Device\Harddisk0\DR0\Partition2 11:08:55.0114 4972 ============================================================ 11:08:55.0114 4972 Initialize success 11:08:55.0114 4972 ============================================================ 11:10:21.0238 3172 Deinitialize success TDSS Log 2: 11:13:43.0298 0384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:13:43.0844 0384 ============================================================ 11:13:43.0844 0384 Current date / time: 2013/01/29 11:13:43.0844 11:13:43.0844 0384 SystemInfo: 11:13:43.0844 0384 11:13:43.0844 0384 OS Version: 6.0.6002 ServicePack: 2.0 11:13:43.0844 0384 Product type: Workstation 11:13:43.0844 0384 ComputerName: MICHELLE-PC 11:13:43.0844 0384 UserName: Michelle 11:13:43.0844 0384 Windows directory: C:\Windows 11:13:43.0844 0384 System windows directory: C:\Windows 11:13:43.0844 0384 Running under WOW64 11:13:43.0844 0384 Processor architecture: Intel x64 11:13:43.0844 0384 Number of processors: 2 11:13:43.0844 0384 Page size: 0x1000 11:13:43.0844 0384 Boot type: Normal boot 11:13:43.0844 0384 ============================================================ 11:13:47.0229 0384 BG loaded 11:13:48.0992 0384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:13:49.0007 0384 ============================================================ 11:13:49.0007 0384 \Device\Harddisk0\DR0: 11:13:49.0007 0384 MBR partitions: 11:13:49.0007 0384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38A92FC1 11:13:49.0007 0384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A93000, BlocksNum 0x18F1800 11:13:49.0007 0384 ============================================================ 11:13:49.0272 0384 C: <-> \Device\Harddisk0\DR0\Partition1 11:13:49.0616 0384 D: <-> \Device\Harddisk0\DR0\Partition2 11:13:49.0616 0384 ============================================================ 11:13:49.0616 0384 Initialize success 11:13:49.0616 0384 ============================================================ 11:14:18.0659 4008 ============================================================ 11:14:18.0659 4008 Scan started 11:14:18.0659 4008 Mode: Manual; SigCheck; TDLFS; 11:14:18.0659 4008 ============================================================ 11:14:20.0904 4008 ================ Scan system memory ======================== 11:14:20.0904 4008 System memory - ok 11:14:20.0910 4008 ================ Scan services ============================= 11:14:21.0439 4008 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 11:14:21.0592 4008 !SASCORE - ok 11:14:22.0539 4008 [ 60FBB29CCCE48B4C3A6517CAF42C3496 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 11:14:22.0558 4008 Accelerometer - ok 11:14:22.0769 4008 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 11:14:22.0819 4008 ACPI - ok 11:14:23.0138 4008 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:14:23.0156 4008 AdobeARMservice - ok 11:14:23.0400 4008 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 11:14:23.0463 4008 adp94xx - ok 11:14:23.0741 4008 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 11:14:23.0789 4008 adpahci - ok 11:14:23.0830 4008 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 11:14:23.0863 4008 adpu160m - ok 11:14:23.0874 4008 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 11:14:23.0913 4008 adpu320 - ok 11:14:24.0031 4008 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:14:24.0801 4008 AeLookupSvc - ok 11:14:25.0048 4008 [ 7F66523A27754AFCFECAE2F5EB643A4A ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe 11:14:25.0185 4008 AESTFilters - ok 11:14:25.0355 4008 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 11:14:25.0505 4008 AFD - ok 11:14:25.0603 4008 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe 11:14:25.0753 4008 AgereModemAudio - ok 11:14:25.0871 4008 [ 3627A62B10284FFBF862BFD49928EDF4 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 11:14:25.0942 4008 AgereSoftModem - ok 11:14:26.0018 4008 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 11:14:26.0050 4008 agp440 - ok 11:14:26.0090 4008 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 11:14:26.0122 4008 aic78xx - ok 11:14:26.0183 4008 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 11:14:26.0775 4008 ALG - ok 11:14:26.0842 4008 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys 11:14:26.0873 4008 aliide - ok 11:14:26.0879 4008 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys 11:14:26.0911 4008 amdide - ok 11:14:26.0956 4008 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 11:14:27.0058 4008 AmdK8 - ok 11:14:27.0146 4008 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 11:14:27.0235 4008 Appinfo - ok 11:14:28.0118 4008 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:14:28.0131 4008 Apple Mobile Device - ok 11:14:28.0214 4008 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 11:14:28.0248 4008 arc - ok 11:14:28.0316 4008 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 11:14:28.0357 4008 arcsas - ok 11:14:28.0386 4008 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:14:28.0455 4008 AsyncMac - ok 11:14:28.0508 4008 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 11:14:28.0526 4008 atapi - ok 11:14:28.0674 4008 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:14:28.0832 4008 AudioEndpointBuilder - ok 11:14:28.0905 4008 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 11:14:28.0960 4008 AudioSrv - ok 11:14:29.0046 4008 [ A4815907B039121D8D9221695CDC35F7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 11:14:29.0123 4008 BCM43XX - ok 11:14:29.0130 4008 Beep - ok 11:14:29.0226 4008 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 11:14:29.0334 4008 BFE - ok 11:14:29.0452 4008 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll 11:14:29.0578 4008 BITS - ok 11:14:29.0659 4008 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 11:14:29.0883 4008 blbdrive - ok 11:14:29.0979 4008 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 11:14:30.0008 4008 Bonjour Service - ok 11:14:30.0109 4008 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:14:30.0280 4008 bowser - ok 11:14:30.0365 4008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 11:14:30.0447 4008 BrFiltLo - ok 11:14:30.0469 4008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 11:14:30.0546 4008 BrFiltUp - ok 11:14:30.0621 4008 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 11:14:30.0712 4008 Browser - ok 11:14:30.0755 4008 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 11:14:31.0077 4008 Brserid - ok 11:14:31.0132 4008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 11:14:31.0333 4008 BrSerWdm - ok 11:14:31.0423 4008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 11:14:31.0584 4008 BrUsbMdm - ok 11:14:31.0609 4008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 11:14:31.0714 4008 BrUsbSer - ok 11:14:31.0766 4008 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 11:14:31.0843 4008 BTHMODEM - ok 11:14:31.0858 4008 catchme - ok 11:14:31.0876 4008 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:14:31.0941 4008 cdfs - ok 11:14:31.0981 4008 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:14:32.0082 4008 cdrom - ok 11:14:32.0178 4008 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 11:14:32.0242 4008 CertPropSvc - ok 11:14:32.0287 4008 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 11:14:32.0373 4008 circlass - ok 11:14:32.0444 4008 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 11:14:32.0476 4008 CLFS - ok 11:14:32.0657 4008 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:14:32.0671 4008 clr_optimization_v2.0.50727_32 - ok 11:14:32.0705 4008 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:14:32.0719 4008 clr_optimization_v2.0.50727_64 - ok 11:14:32.0847 4008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:14:33.0438 4008 clr_optimization_v4.0.30319_32 - ok 11:14:33.0518 4008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:14:33.0625 4008 clr_optimization_v4.0.30319_64 - ok 11:14:33.0673 4008 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:14:33.0763 4008 CmBatt - ok 11:14:33.0779 4008 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:14:33.0794 4008 cmdide - ok 11:14:33.0885 4008 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 11:14:33.0897 4008 Com4QLBEx - ok 11:14:33.0917 4008 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 11:14:33.0931 4008 Compbatt - ok 11:14:33.0937 4008 COMSysApp - ok 11:14:33.0965 4008 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 11:14:33.0979 4008 crcdisk - ok 11:14:34.0038 4008 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:14:34.0139 4008 CryptSvc - ok 11:14:34.0290 4008 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 11:14:34.0397 4008 DcomLaunch - ok 11:14:34.0435 4008 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:14:34.0532 4008 DfsC - ok 11:14:35.0111 4008 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 11:14:35.0959 4008 DFSR - ok 11:14:36.0085 4008 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 11:14:36.0146 4008 Dhcp - ok 11:14:36.0481 4008 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 11:14:36.0501 4008 disk - ok 11:14:36.0554 4008 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:14:36.0610 4008 Dnscache - ok 11:14:36.0653 4008 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 11:14:36.0711 4008 dot3svc - ok 11:14:36.0814 4008 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 11:14:36.0881 4008 DPS - ok 11:14:36.0945 4008 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:14:36.0994 4008 drmkaud - ok 11:14:37.0374 4008 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:14:37.0431 4008 DXGKrnl - ok 11:14:37.0688 4008 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 11:14:37.0761 4008 E1G60 - ok 11:14:37.0821 4008 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 11:14:37.0875 4008 EapHost - ok 11:14:37.0932 4008 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 11:14:37.0957 4008 Ecache - ok 11:14:38.0092 4008 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:14:38.0212 4008 ehRecvr - ok 11:14:38.0623 4008 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 11:14:38.0796 4008 ehSched - ok 11:14:39.0016 4008 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 11:14:39.0095 4008 ehstart - ok 11:14:39.0207 4008 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 11:14:39.0263 4008 elxstor - ok 11:14:39.0389 4008 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 11:14:39.0530 4008 EMDMgmt - ok 11:14:39.0586 4008 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys 11:14:39.0727 4008 enecir - ok 11:14:39.0800 4008 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:14:39.0899 4008 ErrDev - ok 11:14:40.0032 4008 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 11:14:40.0151 4008 EventSystem - ok 11:14:40.0245 4008 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 11:14:40.0320 4008 exfat - ok 11:14:40.0375 4008 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:14:40.0501 4008 fastfat - ok 11:14:40.0583 4008 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 11:14:40.0663 4008 fdc - ok 11:14:40.0721 4008 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 11:14:40.0818 4008 fdPHost - ok 11:14:40.0835 4008 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 11:14:40.0946 4008 FDResPub - ok 11:14:40.0977 4008 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:14:41.0012 4008 FileInfo - ok 11:14:41.0032 4008 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:14:41.0078 4008 Filetrace - ok 11:14:41.0158 4008 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 11:14:41.0228 4008 flpydisk - ok 11:14:41.0327 4008 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:14:41.0349 4008 FltMgr - ok 11:14:41.0672 4008 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 11:14:41.0767 4008 FontCache - ok 11:14:41.0920 4008 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:14:41.0938 4008 FontCache3.0.0.0 - ok 11:14:42.0079 4008 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:14:42.0143 4008 Fs_Rec - ok 11:14:42.0162 4008 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 11:14:42.0177 4008 gagp30kx - ok 11:14:42.0275 4008 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe 11:14:42.0291 4008 GameConsoleService - ok 11:14:42.0382 4008 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:14:42.0392 4008 GEARAspiWDM - ok 11:14:42.0477 4008 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 11:14:42.0536 4008 gpsvc - ok 11:14:42.0997 4008 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:14:43.0014 4008 gupdate - ok 11:14:43.0033 4008 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:14:43.0050 4008 gupdatem - ok 11:14:43.0138 4008 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:14:43.0411 4008 HdAudAddService - ok 11:14:43.0501 4008 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 11:14:43.0841 4008 HDAudBus - ok 11:14:43.0874 4008 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 11:14:44.0003 4008 HidBth - ok 11:14:44.0203 4008 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 11:14:44.0314 4008 HidIr - ok 11:14:44.0646 4008 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll 11:14:44.0703 4008 hidserv - ok 11:14:44.0762 4008 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:14:44.0846 4008 HidUsb - ok 11:14:44.0894 4008 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 11:14:44.0987 4008 hkmsvc - ok 11:14:45.0095 4008 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 11:14:45.0183 4008 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 11:14:45.0183 4008 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 11:14:45.0233 4008 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 11:14:45.0259 4008 HpCISSs - ok 11:14:45.0354 4008 [ 4A435CA815A54639CA09DDF75D751EBC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 11:14:45.0374 4008 hpdskflt - ok 11:14:45.0405 4008 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 11:14:45.0487 4008 HpqKbFiltr - ok 11:14:45.0575 4008 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 11:14:45.0599 4008 hpqwmiex - ok 11:14:45.0696 4008 [ 6BF024EA61D7894BF4AF0B10A90B546E ] hpsrv C:\Windows\system32\Hpservice.exe 11:14:45.0818 4008 hpsrv - ok 11:14:45.0868 4008 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:14:45.0973 4008 HTTP - ok 11:14:46.0004 4008 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 11:14:46.0049 4008 i2omp - ok 11:14:46.0087 4008 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 11:14:46.0169 4008 i8042prt - ok 11:14:46.0231 4008 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 11:14:46.0286 4008 iaStorV - ok 11:14:46.0433 4008 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 11:14:46.0535 4008 IDriverT ( UnsignedFile.Multi.Generic ) - warning 11:14:46.0535 4008 IDriverT - detected UnsignedFile.Multi.Generic (1) 11:14:47.0097 4008 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:14:47.0176 4008 idsvc - ok 11:14:47.0528 4008 [ CF00559906E45ECC6F035913880BE2FC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 11:14:47.0874 4008 igfx - ok 11:14:47.0949 4008 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 11:14:47.0972 4008 iirsp - ok 11:14:48.0091 4008 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 11:14:48.0390 4008 IKEEXT - ok 11:14:48.0469 4008 [ DEA2AB452B4FA773187369C4B6517320 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 11:14:48.0577 4008 IntcHdmiAddService - ok 11:14:48.0651 4008 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys 11:14:48.0699 4008 intelide - ok 11:14:48.0747 4008 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:14:48.0847 4008 intelppm - ok 11:14:48.0894 4008 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:14:49.0009 4008 IPBusEnum - ok 11:14:49.0094 4008 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:14:49.0234 4008 IpFilterDriver - ok 11:14:49.0293 4008 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:14:49.0459 4008 iphlpsvc - ok 11:14:49.0466 4008 IpInIp - ok 11:14:49.0529 4008 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 11:14:49.0598 4008 IPMIDRV - ok 11:14:49.0692 4008 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 11:14:49.0811 4008 IPNAT - ok 11:14:50.0108 4008 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:14:50.0240 4008 iPod Service - ok 11:14:50.0284 4008 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:14:50.0364 4008 IRENUM - ok 11:14:50.0475 4008 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:14:50.0508 4008 isapnp - ok 11:14:50.0644 4008 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 11:14:50.0682 4008 iScsiPrt - ok 11:14:50.0739 4008 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 11:14:50.0759 4008 iteatapi - ok 11:14:50.0795 4008 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 11:14:50.0815 4008 iteraid - ok 11:14:50.0837 4008 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:14:50.0857 4008 kbdclass - ok 11:14:50.0957 4008 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:14:51.0088 4008 kbdhid - ok 11:14:51.0262 4008 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 11:14:51.0368 4008 KeyIso - ok 11:14:51.0405 4008 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:14:51.0505 4008 KSecDD - ok 11:14:51.0579 4008 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 11:14:51.0747 4008 ksthunk - ok 11:14:51.0873 4008 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 11:14:51.0952 4008 KtmRm - ok 11:14:52.0028 4008 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll 11:14:52.0184 4008 LanmanServer - ok 11:14:52.0272 4008 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:14:52.0343 4008 LanmanWorkstation - ok 11:14:52.0538 4008 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 11:14:52.0544 4008 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 11:14:52.0544 4008 LightScribeService - detected UnsignedFile.Multi.Generic (1) 11:14:52.0640 4008 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:14:52.0747 4008 lltdio - ok 11:14:52.0867 4008 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:14:52.0977 4008 lltdsvc - ok 11:14:53.0013 4008 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:14:53.0088 4008 lmhosts - ok 11:14:53.0146 4008 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 11:14:53.0166 4008 LSI_FC - ok 11:14:53.0181 4008 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 11:14:53.0200 4008 LSI_SAS - ok 11:14:53.0207 4008 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 11:14:53.0227 4008 LSI_SCSI - ok 11:14:53.0234 4008 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 11:14:53.0315 4008 luafv - ok 11:14:53.0348 4008 lxdu_device - ok 11:14:53.0381 4008 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:14:53.0397 4008 Mcx2Svc - ok 11:14:53.0419 4008 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 11:14:53.0433 4008 megasas - ok 11:14:53.0458 4008 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 11:14:53.0486 4008 MegaSR - ok 11:14:53.0522 4008 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 11:14:53.0588 4008 MMCSS - ok 11:14:53.0612 4008 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 11:14:53.0700 4008 Modem - ok 11:14:53.0722 4008 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:14:53.0768 4008 monitor - ok 11:14:53.0780 4008 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:14:53.0822 4008 mouclass - ok 11:14:53.0917 4008 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:14:53.0969 4008 mouhid - ok 11:14:54.0032 4008 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 11:14:54.0056 4008 MountMgr - ok 11:14:54.0495 4008 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:14:54.0519 4008 MozillaMaintenance - ok 11:14:54.0614 4008 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 11:14:54.0641 4008 mpio - ok 11:14:54.0655 4008 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv [/QUOTE]

Verification