Hi,
Thanks for helping, see below for requested information:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.24 removed from extensions.enabledItems
Prefs.js: {03ED094E-6546-4294-96BD-7714E87DA888}:3.6.4 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 53616 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{03ED094E-6546-4294-96BD-7714E87DA888}: C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant\ not found.
C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\skin folder moved successfully.
C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content\locale folder moved successfully.
C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome\content folder moved successfully.
C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}\chrome folder moved successfully.
C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\F16.exe deleted successfully.
C:\Program Files (x86)\LP\09E4\F16.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VkIIBBrzO8234A deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F16.exe deleted successfully.
C:\Users\the4egos\AppData\Roaming\Microsoft\09E4\F16.exe moved successfully.
C:\Users\the4egos\AppData\Roaming\25B84\lvvm.exe moved successfully.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\the4egos\AppData\Roaming\25B84\lvvm.exe deleted successfully.
File \Users\the4egos\AppData\Roaming\25B84\lvvm.exe) -C:\Users\the4egos\AppData\Roaming\25B84\lvvm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\the4egos\AppData\Roaming\25B84\lvvm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\the4egos\AppData\Roaming\4CD25\DB209.exe deleted successfully.
File \Users\the4egos\AppData\Roaming\4CD25\DB209.exe) -C:\Users\the4egos\AppData\Roaming\4CD25\DB209.exe not found.
C:\Support\EruntBackups\Users\00000002 folder moved successfully.
C:\Support\EruntBackups\Users\00000001 folder moved successfully.
C:\Support\EruntBackups\Users folder moved successfully.
C:\Support\EruntBackups folder moved successfully.
C:\Support folder moved successfully.
C:\ProgramData\hpe4A58.dll moved successfully.
C:\ProgramData\MQ73cg.dat moved successfully.
C:\Users\the4egos\AppData\Roaming\iTunes.exe moved successfully.
C:\Users\the4egos\AppData\Roaming\firefox.exe moved successfully.
C:\Users\the4egos\AppData\Roaming\chrome.exe moved successfully.
C:\Users\the4egos\AppData\Roaming\java.exe moved successfully.
C:\Users\the4egos\AppData\Roaming\iexplore.exe moved successfully.
C:\Users\the4egos\AppData\Roaming\25B84 folder moved successfully.
C:\Users\the4egos\AppData\Roaming\4CD25 folder moved successfully.
C:\Users\the4egos\AppData\Roaming\emHH55sWJ7dELg folder moved successfully.
C:\Users\the4egos\AppData\Roaming\ezPNyxA1uSoFpGa folder moved successfully.
C:\Users\the4egos\AppData\Roaming\IvD3onF4aHsJdLg folder moved successfully.
C:\Users\the4egos\AppData\Roaming\jUVrlOBtx0c1v3n folder moved successfully.
C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant\defaults\preferences folder moved successfully.
C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant\defaults folder moved successfully.
C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant\chrome\content folder moved successfully.
C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant\chrome folder moved successfully.
C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant folder moved successfully.
C:\Users\the4egos\AppData\Roaming\n66ddEKK8fR9 folder moved successfully.
C:\Users\the4egos\AppData\Roaming\NYCkUVrlOtP folder moved successfully.
C:\Users\the4egos\AppData\Roaming\NzOONNyxA0u folder moved successfully.
C:\Users\the4egos\AppData\Roaming\p5aQH6dWK folder moved successfully.
C:\Users\the4egos\AppData\Roaming\pbF3pmG5a folder moved successfully.
C:\Users\the4egos\AppData\Roaming\pIBrzPNyx1v2b3m folder moved successfully.
C:\Users\the4egos\AppData\Roaming\r9hTXwjUC folder moved successfully.
C:\Users\the4egos\AppData\Roaming\SH5sQJ7dE8R9YwU folder moved successfully.
C:\Users\the4egos\AppData\Roaming\T4amH6sWJfLgZhC folder moved successfully.
C:\Users\the4egos\AppData\Roaming\TDD33pnGG4QH6W7 folder moved successfully.
C:\Users\the4egos\AppData\Roaming\THH66dWWK folder moved successfully.
C:\Users\the4egos\AppData\Roaming\tZqhYXwkUrOtPyS folder moved successfully.
C:\Users\the4egos\AppData\Roaming\UYCCwwkIVrlOtx0 folder moved successfully.
C:\Users\the4egos\AppData\Roaming\vD2obF4pm5 folder moved successfully.
C:\Users\the4egos\AppData\Roaming\WTTXXwjUUClIBzN folder moved successfully.
C:\Users\the4egos\AppData\Roaming\Y5aQJ6dWKfLhXjC folder moved successfully.
C:\Users\the4egos\AppData\Roaming\ZSSS2iibD3pn folder moved successfully.
ADS C:\ProgramData\Temp:ECF54A0E deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
C:\Users\the4egos\AppData\Roaming\Microsoft\09E4 folder moved successfully.
C:\Program Files (x86)\LP\09E4 folder moved successfully.
C:\Program Files (x86)\LP folder moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At49.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\the4egos\Desktop\cmd.bat deleted successfully.
C:\Users\the4egos\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: the4egos
->Temp folder emptied: 91867653 bytes
->Temporary Internet Files folder emptied: 53056269 bytes
->Java cache emptied: 2883727 bytes
->FireFox cache emptied: 37373732 bytes
->Flash cache emptied: 379240 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103462692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46570 bytes
RecycleBin emptied: 19709 bytes
Total Files Cleaned = 276.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 01082012_084517
Files\Folders moved on Reboot...
C:\Users\the4egos\AppData\Local\Temp\ehmsas.txt moved successfully.
Registry entries deleted on Reboot...
OTL logfile created on: 1/8/2012 8:53:21 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\the4egos\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.90 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 70.89% Memory free
7.98 Gb Paging File | 6.64 Gb Available in Paging File | 83.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.81 Gb Total Space | 167.73 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
Drive D: | 12.28 Gb Total Space | 1.96 Gb Free Space | 15.93% Space Free | Partition Type: NTFS
Drive F: | 15.11 Gb Total Space | 7.44 Gb Free Space | 49.24% Space Free | Partition Type: FAT32
Computer Name: THE4EGOS-PC | User Name: the4egos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/01/07 11:29:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\the4egos\Desktop\OTL.exe
PRC - [2011/09/05 16:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2009/10/19 14:51:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\U.S. Cellular Broadband Connect\AvqAutorun.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
========== Modules (No Company Name) ========== MOD - [2011/10/12 02:47:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 02:47:50 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 02:47:50 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011/10/12 02:47:50 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/12 02:47:46 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/12 02:47:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 02:39:32 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 02:39:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 02:39:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 02:38:53 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/10/12 02:38:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 02:38:41 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/12 02:38:23 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/12 02:38:07 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/12 02:38:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 02:37:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/19 14:51:14 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\U.S. Cellular Broadband Connect\AvqAutorun.exe
MOD - [2009/04/11 00:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/11 00:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/04/10 20:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 22:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2010/11/11 13:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2010/11/11 13:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2007/10/17 17:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2011/09/05 16:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2010/10/24 20:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/10/27 01:29:46 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)
DRV:
64bit: - [2009/10/27 01:29:34 | 000,144,912 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWNET.sys -- (PTUMWNET)
DRV:
64bit: - [2009/10/27 01:29:26 | 000,173,456 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)
DRV:
64bit: - [2009/10/27 01:29:20 | 000,012,688 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)
DRV:
64bit: - [2009/10/27 01:29:08 | 000,024,976 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWCDF.sys -- (PTUMWCDF)
DRV:
64bit: - [2009/10/27 01:29:00 | 000,071,056 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTUMWBus.sys -- (PTUMWBus)
DRV:
64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2008/12/20 01:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:
64bit: - [2008/09/19 18:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:
64bit: - [2008/06/29 08:52:44 | 000,126,976 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:
64bit: - [2008/06/10 13:58:48 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:
64bit: - [2008/06/05 10:59:50 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:
64bit: - [2008/04/17 12:05:20 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:
64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:
64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:
64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:
64bit: - [2007/10/31 20:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:
64bit: - [2007/10/31 20:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:
64bit: - [2007/10/31 20:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:
64bit: - [2007/10/17 17:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:
64bit: - [2007/06/18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:
64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:
64bit: - [2006/06/18 16:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cnnbIE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cnnbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cnnbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...avilion&pf=cnnb IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4072156152-315080062-3839382964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...avilion&pf=cnnbIE - HKU\S-1-5-21-4072156152-315080062-3839382964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.facebook.com/?ref=hpIE - HKU\S-1-5-21-4072156152-315080062-3839382964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4072156152-315080062-3839382964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "
http://www.google.com/"FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\the4egos\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\the4egos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 18:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/07 15:18:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{03ED094E-6546-4294-96BD-7714E87DA888}: C:\Users\the4egos\AppData\Roaming\My.Freeze.com NetAssistant\
[2010/02/23 15:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the4egos\AppData\Roaming\Mozilla\Extensions
[2012/01/08 08:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions
[2010/07/07 19:09:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/08 05:53:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(548)
[2011/11/13 18:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\THE4EGOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MP39MJC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/13 18:49:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/12 16:45:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/13 18:49:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Program Files (x86)\Sony Online Entertainment\npsoe.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\the4egos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\the4egos\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\the4egos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Poppit = C:\Users\the4egos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2012/01/08 08:45:30 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:
64bit: - HKU\S-1-5-21-4072156152-315080062-3839382964-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:
64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [{E9AE9B9A-A99F-AA8F-27E8-A8E99BAE8b85}] C:\Program Files (x86)\U.S. Cellular Broadband Connect\AvqAutoRun.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4072156152-315080062-3839382964-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O8:
64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4072156152-315080062-3839382964-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1}
http://www-cdn.freer...ller.cab?v=1045 (SonyOnlineInstallerX)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C}: DhcpNameServer = 192.168.1.5 192.168.1.1 204.29.202.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE15E4CC-8520-4433-A514-543AEC01B2B7}: DhcpNameServer = 192.168.1.254
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4072156152-315080062-3839382964-1000 Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\the4egos\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\the4egos\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5cfb1f93-966c-11df-9292-001f16db209e}\Shell - "" = AutoRun
O33 - MountPoints2\{5cfb1f93-966c-11df-9292-001f16db209e}\Shell\AutoRun\command - "" = F:\Start.exe
O33 - MountPoints2\{5cfb1f93-966c-11df-9292-001f16db209e}\Shell\menu1\command - "" = F:\Start.exe
O33 - MountPoints2\{f670b5f8-f1d4-11de-a9d2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f670b5f8-f1d4-11de-a9d2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2012/01/08 08:45:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/08 08:41:30 | 004,374,678 | ---- | C] (Swearware) -- C:\Users\the4egos\Desktop\ComboFix.exe
[2012/01/08 08:41:30 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\the4egos\Desktop\tdsskiller.exe
[2012/01/08 08:41:26 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\the4egos\Desktop\aswMBR.exe
[2012/01/07 11:35:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\the4egos\Desktop\OTL.exe
[2011/12/20 20:35:08 | 000,000,000 | ---D | C] -- C:\Users\the4egos\AppData\Local\Apple
[2011/12/20 19:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/12/20 17:39:49 | 000,000,000 | ---D | C] -- C:\Users\the4egos\AppData\Local\temp(499)
[2011/12/20 17:39:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/15 17:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/15 17:28:17 | 000,000,000 | ---D | C] -- C:\Users\the4egos\AppData\Local\Temp(527)
[2011/12/14 22:06:13 | 000,000,000 | ---D | C] -- C:\Users\the4egos\AppData\Local\Adobe(518)
[2011/12/14 21:07:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/14 21:07:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 20:54:12 | 000,000,000 | ---D | C] -- C:\Users\the4egos\AppData\Roaming\SmartPCTools
[2011/12/13 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\the4egos\AppData\Roaming\Malwarebytes
[2011/12/13 17:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
========== Files - Modified Within 30 Days ========== [2012/01/08 08:51:40 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/01/08 08:51:11 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/01/08 08:51:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 08:49:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 08:49:43 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 08:49:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 08:49:20 | 4193,460,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 08:45:30 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/01/08 08:29:58 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\the4egos\Desktop\aswMBR.exe
[2012/01/08 08:29:28 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\the4egos\Desktop\tdsskiller.exe
[2012/01/08 08:28:00 | 004,374,678 | ---- | M] (Swearware) -- C:\Users\the4egos\Desktop\ComboFix.exe
[2012/01/07 19:12:37 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/07 19:12:26 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForthe4egos.job
[2012/01/07 11:29:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\the4egos\Desktop\OTL.exe
[2012/01/05 20:32:28 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/05 20:32:28 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/05 20:32:28 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/03 18:01:49 | 000,000,732 | ---- | M] () -- C:\Users\the4egos\AppData\Local\d3d9caps64.dat
[2011/12/14 20:59:32 | 029,387,712 | ---- | M] () -- C:\Users\the4egos\Documents\registrybackup.cab
[2011/12/13 19:43:40 | 000,007,052 | ---- | M] () -- C:\Users\the4egos\AppData\Local\d3d9caps.dat
[2011/12/11 20:39:51 | 000,024,576 | ---- | M] () -- C:\Users\the4egos\Documents\RAdio waves.wps
[2011/12/11 20:39:51 | 000,001,360 | ---- | M] () -- C:\Users\the4egos\AppData\Roaming\wklnhst.dat
========== Files Created - No Company Name ========== [2012/01/04 20:06:24 | 4193,460,224 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/03 18:01:49 | 000,000,732 | ---- | C] () -- C:\Users\the4egos\AppData\Local\d3d9caps64.dat
[2011/12/14 20:59:32 | 029,387,712 | ---- | C] () -- C:\Users\the4egos\Documents\registrybackup.cab
[2011/12/11 20:38:57 | 000,024,576 | ---- | C] () -- C:\Users\the4egos\Documents\RAdio waves.wps
[2011/05/11 08:50:48 | 000,001,360 | ---- | C] () -- C:\Users\the4egos\AppData\Roaming\wklnhst.dat
[2011/05/11 08:47:50 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/04/05 20:23:52 | 000,081,408 | ---- | C] () -- C:\Users\the4egos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/04 19:34:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/01/04 19:34:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/01/04 19:33:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/01/02 14:27:21 | 000,007,052 | ---- | C] () -- C:\Users\the4egos\AppData\Local\d3d9caps.dat
[2009/06/28 10:33:35 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/20 17:31:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/06 14:20:48 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ========== [2010/06/12 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\Facebook
[2012/01/05 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\FinalMediaPlayer
[2011/05/11 09:05:35 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\OpenOffice.org
[2011/12/14 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\SmartPCTools
[2011/06/09 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\SPORE Creature Creator
[2011/09/05 12:23:59 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\Temp
[2011/05/11 08:50:49 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\Template
[2011/01/22 13:33:32 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\Unity
[2011/07/16 15:11:17 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\Utherverse
[2010/08/22 17:05:42 | 000,000,000 | ---D | M] -- C:\Users\the4egos\AppData\Roaming\WB Games
[2012/01/08 08:51:11 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012/01/08 08:48:17 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >
ComboFix 12-01-07.03 - the4egos 01/08/2012 9:09.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2376 [GMT -6:00]
Running from: c:\users\the4egos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\the4egos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
c:\users\the4egos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-08 14:45 . 2012-01-08 14:45 -------- d-----w- C:\_OTL
2012-01-06 00:17 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3FF12D8-33E3-40FA-92D6-FE958B7C2192}\mpengine.dll
2011-12-21 02:35 . 2011-12-21 02:35 -------- d-----w- c:\users\the4egos\AppData\Local\Apple
2011-12-21 01:55 . 2011-12-21 01:55 -------- d-----w- c:\programdata\Hitman Pro
2011-12-20 23:39 . 2012-01-05 02:43 -------- d-----w- c:\users\the4egos\AppData\Local\temp(499)
2011-12-15 23:43 . 2012-01-06 00:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-15 23:28 . 2012-01-05 23:57 -------- d-----w- c:\users\the4egos\AppData\Local\Temp(527)
2011-12-15 04:06 . 2011-12-15 04:22 -------- d-----w- c:\users\the4egos\AppData\Local\Adobe(518)
2011-12-15 02:54 . 2011-12-15 02:54 -------- d-----w- c:\users\the4egos\AppData\Roaming\SmartPCTools
2011-12-13 23:47 . 2011-12-13 23:47 -------- d-----w- c:\users\the4egos\AppData\Roaming\Malwarebytes
2011-12-13 23:46 . 2011-12-13 23:46 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 17:59 . 2011-11-19 17:59 53760 ----a-w- c:\windows\SysWow64\UbuNQA.com
2011-11-17 12:59 . 2011-08-17 01:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-18 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"{E9AE9B9A-A99F-AA8F-27E8-A8E99BAE8b85}"="c:\program files (x86)\U.S. Cellular Broadband Connect\AvqAutoRun.exe" [2009-10-19 73728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-09-01 18:37]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 13:47]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-18 13:47]
.
2012-01-08 c:\windows\Tasks\HPCeeScheduleForthe4egos.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-09-02 3198464]
"combofix"="c:\combofix\CF14167.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\the4egos\AppData\Roaming\Mozilla\Firefox\Profiles\1mp39mjc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NSS - c:\progra~2\NORTON~2\Engine\313~1.6\InstWrap.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-01-08 09:27:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 15:27
ComboFix2.txt 2011-12-20 23:49
.
Pre-Run: 179,925,356,544 bytes free
Post-Run: 178,991,251,456 bytes free
.
- - End Of File - - 9F4C586CEEEBBD39028A506EA6AE85CE
09:35:15.0237 3032 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:35:15.0253 3032 ============================================================
09:35:15.0253 3032 Current date / time: 2012/01/08 09:35:15.0253
09:35:15.0253 3032 SystemInfo:
09:35:15.0253 3032
09:35:15.0253 3032 OS Version: 6.0.6002 ServicePack: 2.0
09:35:15.0253 3032 Product type: Workstation
09:35:15.0253 3032 ComputerName: THE4EGOS-PC
09:35:15.0253 3032 UserName: the4egos
09:35:15.0253 3032 Windows directory: C:\Windows
09:35:15.0253 3032 System windows directory: C:\Windows
09:35:15.0253 3032 Running under WOW64
09:35:15.0253 3032 Processor architecture: Intel x64
09:35:15.0253 3032 Number of processors: 2
09:35:15.0253 3032 Page size: 0x1000
09:35:15.0253 3032 Boot type: Normal boot
09:35:15.0253 3032 ============================================================
09:35:16.0953 3032 Initialize success
09:35:40.0369 4076 ============================================================
09:35:40.0369 4076 Scan started
09:35:40.0369 4076 Mode: Manual; SigCheck; TDLFS;
09:35:40.0369 4076 ============================================================
09:35:41.0476 4076 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
09:35:41.0648 4076 ACPI - ok
09:35:41.0851 4076 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:35:41.0929 4076 adp94xx - ok
09:35:42.0116 4076 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:35:42.0163 4076 adpahci - ok
09:35:42.0334 4076 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:35:42.0350 4076 adpu160m - ok
09:35:42.0568 4076 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:35:42.0584 4076 adpu320 - ok
09:35:42.0787 4076 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
09:35:42.0849 4076 AFD - ok
09:35:43.0068 4076 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:35:43.0083 4076 agp440 - ok
09:35:43.0161 4076 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:35:43.0192 4076 aic78xx - ok
09:35:43.0317 4076 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
09:35:43.0333 4076 aliide - ok
09:35:43.0458 4076 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
09:35:43.0473 4076 amdide - ok
09:35:43.0660 4076 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:35:43.0723 4076 AmdK8 - ok
09:35:43.0926 4076 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:35:43.0957 4076 arc - ok
09:35:44.0082 4076 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:35:44.0113 4076 arcsas - ok
09:35:44.0222 4076 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:35:44.0284 4076 AsyncMac - ok
09:35:44.0425 4076 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
09:35:44.0440 4076 atapi - ok
09:35:44.0659 4076 athr (90524c76a8f32f656cf73af0509f693a) C:\Windows\system32\DRIVERS\athrx.sys
09:35:44.0846 4076 athr - ok
09:35:45.0033 4076 Beep - ok
09:35:45.0220 4076 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:35:45.0283 4076 blbdrive - ok
09:35:45.0486 4076 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
09:35:45.0501 4076 bowser - ok
09:35:45.0688 4076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:35:45.0704 4076 BrFiltLo - ok
09:35:45.0829 4076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:35:45.0844 4076 BrFiltUp - ok
09:35:45.0938 4076 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:35:46.0016 4076 Brserid - ok
09:35:46.0032 4076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:35:46.0094 4076 BrSerWdm - ok
09:35:46.0110 4076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:35:46.0172 4076 BrUsbMdm - ok
09:35:46.0188 4076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:35:46.0250 4076 BrUsbSer - ok
09:35:46.0312 4076 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:35:46.0359 4076 BTHMODEM - ok
09:35:46.0390 4076 catchme - ok
09:35:46.0468 4076 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:35:46.0500 4076 CAXHWAZL - ok
09:35:46.0515 4076 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:35:46.0562 4076 cdfs - ok
09:35:46.0624 4076 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
09:35:46.0656 4076 cdrom - ok
09:35:46.0718 4076 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
09:35:46.0765 4076 circlass - ok
09:35:46.0812 4076 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
09:35:46.0843 4076 CLFS - ok
09:35:46.0936 4076 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
09:35:46.0983 4076 CmBatt - ok
09:35:46.0999 4076 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
09:35:47.0014 4076 cmdide - ok
09:35:47.0202 4076 CnxtHdAudService (09699dc18521bcd82a7b39b187ba4c91) C:\Windows\system32\drivers\CHDRT64.sys
09:35:47.0233 4076 CnxtHdAudService - ok
09:35:47.0404 4076 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
09:35:47.0420 4076 Compbatt - ok
09:35:47.0576 4076 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:35:47.0592 4076 crcdisk - ok
09:35:47.0794 4076 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
09:35:47.0826 4076 DfsC - ok
09:35:48.0044 4076 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
09:35:48.0075 4076 disk - ok
09:35:48.0278 4076 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:35:48.0325 4076 drmkaud - ok
09:35:48.0496 4076 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
09:35:48.0590 4076 DXGKrnl - ok
09:35:48.0793 4076 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:35:48.0840 4076 E1G60 - ok
09:35:49.0074 4076 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
09:35:49.0105 4076 Ecache - ok
09:35:49.0276 4076 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:35:49.0339 4076 elxstor - ok
09:35:49.0495 4076 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
09:35:49.0557 4076 ErrDev - ok
09:35:49.0776 4076 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
09:35:49.0807 4076 exfat - ok
09:35:49.0978 4076 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
09:35:50.0025 4076 fastfat - ok
09:35:50.0244 4076 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:35:50.0306 4076 fdc - ok
09:35:50.0353 4076 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:35:50.0384 4076 FileInfo - ok
09:35:50.0478 4076 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:35:50.0524 4076 Filetrace - ok
09:35:50.0587 4076 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:35:50.0634 4076 flpydisk - ok
09:35:50.0680 4076 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
09:35:50.0712 4076 FltMgr - ok
09:35:50.0930 4076 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:35:50.0961 4076 Fs_Rec - ok
09:35:51.0024 4076 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:35:51.0039 4076 gagp30kx - ok
09:35:51.0195 4076 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:35:51.0211 4076 GEARAspiWDM - ok
09:35:51.0429 4076 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
09:35:51.0523 4076 HdAudAddService - ok
09:35:51.0710 4076 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:35:51.0835 4076 HDAudBus - ok
09:35:51.0991 4076 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:35:52.0053 4076 HidBth - ok
09:35:52.0116 4076 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
09:35:52.0162 4076 HidIr - ok
09:35:52.0272 4076 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
09:35:52.0303 4076 HidUsb - ok
09:35:52.0365 4076 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:35:52.0381 4076 HpCISSs - ok
09:35:52.0506 4076 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:35:52.0506 4076 HpqKbFiltr - ok
09:35:52.0584 4076 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:35:52.0755 4076 HSF_DPV - ok
09:35:53.0005 4076 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
09:35:53.0098 4076 HTTP - ok
09:35:53.0239 4076 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:35:53.0254 4076 i2omp - ok
09:35:53.0457 4076 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:35:53.0504 4076 i8042prt - ok
09:35:53.0707 4076 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:35:53.0738 4076 iaStorV - ok
09:35:54.0190 4076 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:35:55.0672 4076 igfx - ok
09:35:55.0860 4076 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:35:55.0891 4076 iirsp - ok
09:35:56.0094 4076 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
09:35:56.0109 4076 IntcHdmiAddService - ok
09:35:56.0281 4076 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
09:35:56.0296 4076 intelide - ok
09:35:56.0328 4076 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:35:56.0359 4076 intelppm - ok
09:35:56.0546 4076 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:56.0577 4076 IpFilterDriver - ok
09:35:56.0593 4076 IpInIp - ok
09:35:56.0640 4076 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:35:56.0686 4076 IPMIDRV - ok
09:35:56.0702 4076 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:35:56.0733 4076 IPNAT - ok
09:35:56.0780 4076 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:35:56.0811 4076 IRENUM - ok
09:35:56.0874 4076 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:35:56.0889 4076 isapnp - ok
09:35:57.0045 4076 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
09:35:57.0061 4076 iScsiPrt - ok
09:35:57.0108 4076 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:35:57.0108 4076 iteatapi - ok
09:35:57.0264 4076 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:35:57.0279 4076 iteraid - ok
09:35:57.0295 4076 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:57.0310 4076 kbdclass - ok
09:35:57.0326 4076 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:35:57.0373 4076 kbdhid - ok
09:35:57.0544 4076 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
09:35:57.0607 4076 KSecDD - ok
09:35:57.0763 4076 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:35:57.0825 4076 ksthunk - ok
09:35:58.0059 4076 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:35:58.0122 4076 lltdio - ok
09:35:58.0293 4076 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:35:58.0309 4076 LSI_FC - ok
09:35:58.0465 4076 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:35:58.0480 4076 LSI_SAS - ok
09:35:58.0668 4076 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:35:58.0699 4076 LSI_SCSI - ok
09:35:58.0792 4076 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:35:58.0855 4076 luafv - ok
09:35:58.0980 4076 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:35:58.0995 4076 mdmxsdk - ok
09:35:59.0073 4076 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:35:59.0089 4076 megasas - ok
09:35:59.0136 4076 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:35:59.0198 4076 MegaSR - ok
09:35:59.0354 4076 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:35:59.0401 4076 Modem - ok
09:35:59.0510 4076 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:35:59.0557 4076 monitor - ok
09:35:59.0713 4076 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:35:59.0728 4076 mouclass - ok
09:35:59.0916 4076 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:35:59.0978 4076 mouhid - ok
09:36:00.0009 4076 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:36:00.0025 4076 MountMgr - ok
09:36:00.0118 4076 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
09:36:00.0150 4076 MpFilter - ok
09:36:00.0290 4076 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:36:00.0306 4076 mpio - ok
09:36:00.0384 4076 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:36:00.0399 4076 MpNWMon - ok
09:36:00.0446 4076 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:36:00.0493 4076 mpsdrv - ok
09:36:00.0524 4076 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:36:00.0540 4076 Mraid35x - ok
09:36:00.0602 4076 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
09:36:00.0618 4076 MRxDAV - ok
09:36:00.0649 4076 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:36:00.0680 4076 mrxsmb - ok
09:36:00.0711 4076 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:36:00.0742 4076 mrxsmb10 - ok
09:36:00.0789 4076 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:36:00.0805 4076 mrxsmb20 - ok
09:36:01.0023 4076 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
09:36:01.0054 4076 msahci - ok
09:36:01.0070 4076 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:36:01.0101 4076 msdsm - ok
09:36:01.0226 4076 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:36:01.0288 4076 Msfs - ok
09:36:01.0304 4076 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:36:01.0320 4076 msisadrv - ok
09:36:01.0476 4076 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:36:01.0538 4076 MSKSSRV - ok
09:36:01.0600 4076 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:36:01.0663 4076 MSPCLOCK - ok
09:36:01.0803 4076 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:36:01.0866 4076 MSPQM - ok
09:36:01.0912 4076 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
09:36:01.0944 4076 MsRPC - ok
09:36:01.0975 4076 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:36:01.0990 4076 mssmbios - ok
09:36:02.0146 4076 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:36:02.0193 4076 MSTEE - ok
09:36:02.0240 4076 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
09:36:02.0256 4076 Mup - ok
09:36:02.0334 4076 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
09:36:02.0365 4076 NativeWifiP - ok
09:36:02.0490 4076 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
09:36:02.0568 4076 NDIS - ok
09:36:02.0646 4076 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:36:02.0692 4076 NdisTapi - ok
09:36:02.0755 4076 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:36:02.0817 4076 Ndisuio - ok
09:36:02.0864 4076 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
09:36:02.0911 4076 NdisWan - ok
09:36:03.0020 4076 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:36:03.0067 4076 NDProxy - ok
09:36:03.0098 4076 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:36:03.0160 4076 NetBIOS - ok
09:36:03.0207 4076 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
09:36:03.0254 4076 netbt - ok
09:36:03.0441 4076 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
09:36:03.0660 4076 NETw3v64 - ok
09:36:03.0769 4076 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:36:03.0784 4076 nfrd960 - ok
09:36:03.0862 4076 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:36:03.0878 4076 NisDrv - ok
09:36:04.0050 4076 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
09:36:04.0096 4076 Npfs - ok
09:36:04.0128 4076 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:36:04.0190 4076 nsiproxy - ok
09:36:04.0252 4076 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
09:36:04.0362 4076 Ntfs - ok
09:36:04.0518 4076 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:36:04.0580 4076 Null - ok
09:36:04.0611 4076 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:36:04.0642 4076 nvraid - ok
09:36:04.0674 4076 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:36:04.0689 4076 nvstor - ok
09:36:04.0720 4076 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:36:04.0736 4076 nv_agp - ok
09:36:04.0752 4076 NwlnkFlt - ok
09:36:04.0767 4076 NwlnkFwd - ok
09:36:04.0830 4076 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
09:36:04.0876 4076 ohci1394 - ok
09:36:05.0032 4076 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:36:05.0095 4076 Parport - ok
09:36:05.0126 4076 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
09:36:05.0142 4076 partmgr - ok
09:36:05.0173 4076 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
09:36:05.0188 4076 pci - ok
09:36:05.0220 4076 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
09:36:05.0235 4076 pciide - ok
09:36:05.0266 4076 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:36:05.0282 4076 pcmcia - ok
09:36:05.0344 4076 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:36:05.0485 4076 PEAUTH - ok
09:36:05.0657 4076 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
09:36:05.0704 4076 PptpMiniport - ok
09:36:05.0720 4076 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:36:05.0767 4076 Processor - ok
09:36:05.0813 4076 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
09:36:05.0845 4076 PSched - ok
09:36:05.0938 4076 PTUMWBus (452c20382df763f966c12dc48259f34e) C:\Windows\system32\DRIVERS\PTUMWBus.sys
09:36:05.0985 4076 PTUMWBus - ok
09:36:06.0047 4076 PTUMWCDF (3754c646bbdaedafc09f793c6b38e877) C:\Windows\system32\DRIVERS\PTUMWCDF.sys
09:36:06.0063 4076 PTUMWCDF - ok
09:36:06.0219 4076 PTUMWFLT (ac86bb916fbea16b0005efc3ba3adb58) C:\Windows\system32\DRIVERS\PTUMWFLT.sys
09:36:06.0235 4076 PTUMWFLT - ok
09:36:06.0281 4076 PTUMWMdm (cb146794bc3b96661a32cbd68673b479) C:\Windows\system32\DRIVERS\PTUMWMdm.sys
09:36:06.0313 4076 PTUMWMdm - ok
09:36:06.0344 4076 PTUMWNET (329e77868a92bb6f97c119050d97e9ec) C:\Windows\system32\DRIVERS\PTUMWNET.sys
09:36:06.0375 4076 PTUMWNET - ok
09:36:06.0422 4076 PTUMWVsp (4ffd7e6d2cb293849c1181d08717ea09) C:\Windows\system32\DRIVERS\PTUMWVsp.sys
09:36:06.0453 4076 PTUMWVsp - ok
09:36:06.0531 4076 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:36:06.0671 4076 ql2300 - ok
09:36:06.0812 4076 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:36:06.0827 4076 ql40xx - ok
09:36:06.0937 4076 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:36:06.0952 4076 QWAVEdrv - ok
09:36:06.0999 4076 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:36:07.0061 4076 RasAcd - ok
09:36:07.0155 4076 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:36:07.0202 4076 Rasl2tp - ok
09:36:07.0249 4076 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
09:36:07.0295 4076 RasPppoe - ok
09:36:07.0327 4076 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
09:36:07.0358 4076 RasSstp - ok
09:36:07.0389 4076 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
09:36:07.0436 4076 rdbss - ok
09:36:07.0467 4076 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:36:07.0498 4076 RDPCDD - ok
09:36:07.0529 4076 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:36:07.0576 4076 rdpdr - ok
09:36:07.0592 4076 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:36:07.0623 4076 RDPENCDD - ok
09:36:07.0685 4076 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
09:36:07.0717 4076 RDPWD - ok
09:36:07.0919 4076 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:36:07.0966 4076 rspndr - ok
09:36:08.0060 4076 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys
09:36:08.0091 4076 RTL8169 - ok
09:36:08.0169 4076 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
09:36:08.0200 4076 RTSTOR - ok
09:36:08.0231 4076 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:36:08.0247 4076 sbp2port - ok
09:36:08.0325 4076 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
09:36:08.0356 4076 sdbus - ok
09:36:08.0497 4076 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:36:08.0543 4076 secdrv - ok
09:36:08.0606 4076 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:36:08.0668 4076 Serenum - ok
09:36:08.0684 4076 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:36:08.0746 4076 Serial - ok
09:36:08.0762 4076 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:36:08.0793 4076 sermouse - ok
09:36:08.0840 4076 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:36:08.0871 4076 sffdisk - ok
09:36:08.0887 4076 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:36:08.0933 4076 sffp_mmc - ok
09:36:08.0949 4076 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:36:08.0980 4076 sffp_sd - ok
09:36:09.0011 4076 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:36:09.0058 4076 sfloppy - ok
09:36:09.0089 4076 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:36:09.0105 4076 SiSRaid2 - ok
09:36:09.0121 4076 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:36:09.0136 4076 SiSRaid4 - ok
09:36:09.0183 4076 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
09:36:09.0214 4076 Smb - ok
09:36:09.0401 4076 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
09:36:09.0417 4076 spldr - ok
09:36:09.0448 4076 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
09:36:09.0511 4076 srv - ok
09:36:09.0667 4076 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
09:36:09.0682 4076 srv2 - ok
09:36:09.0838 4076 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
09:36:09.0869 4076 srvnet - ok
09:36:10.0088 4076 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
09:36:10.0135 4076 StillCam - ok
09:36:10.0197 4076 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:36:10.0213 4076 swenum - ok
09:36:10.0228 4076 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:36:10.0259 4076 Symc8xx - ok
09:36:10.0291 4076 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:36:10.0306 4076 Sym_hi - ok
09:36:10.0337 4076 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:36:10.0353 4076 Sym_u3 - ok
09:36:10.0400 4076 SynTP (e33b57c4aa60288e9971277d88ce9b67) C:\Windows\system32\DRIVERS\SynTP.sys
09:36:10.0431 4076 SynTP - ok
09:36:10.0525 4076 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
09:36:10.0696 4076 Tcpip - ok
09:36:10.0899 4076 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
09:36:11.0195 4076 Tcpip6 - ok
09:36:11.0383 4076 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
09:36:11.0398 4076 tcpipreg - ok
09:36:11.0429 4076 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:36:11.0476 4076 TDPIPE - ok
09:36:11.0507 4076 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:36:11.0539 4076 TDTCP - ok
09:36:11.0585 4076 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
09:36:11.0617 4076 tdx - ok
09:36:11.0788 4076 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
09:36:11.0804 4076 TermDD - ok
09:36:11.0866 4076 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:36:11.0913 4076 tssecsrv - ok
09:36:11.0975 4076 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:36:11.0991 4076 tunmp - ok
09:36:12.0163 4076 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
09:36:12.0178 4076 tunnel - ok
09:36:12.0209 4076 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:36:12.0225 4076 uagp35 - ok
09:36:12.0272 4076 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
09:36:12.0303 4076 udfs - ok
09:36:12.0350 4076 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:36:12.0365 4076 uliagpkx - ok
09:36:12.0397 4076 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:36:12.0412 4076 uliahci - ok
09:36:12.0443 4076 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:36:12.0459 4076 UlSata - ok
09:36:12.0475 4076 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:36:12.0490 4076 ulsata2 - ok
09:36:12.0506 4076 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:36:12.0537 4076 umbus - ok
09:36:12.0584 4076 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:36:12.0615 4076 usbccgp - ok
09:36:12.0646 4076 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:36:12.0693 4076 usbcir - ok
09:36:12.0771 4076 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
09:36:12.0787 4076 usbehci - ok
09:36:12.0865 4076 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
09:36:12.0896 4076 usbhub - ok
09:36:12.0943 4076 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:36:13.0005 4076 usbohci - ok
09:36:13.0036 4076 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
09:36:13.0099 4076 usbprint - ok
09:36:13.0130 4076 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:36:13.0161 4076 USBSTOR - ok
09:36:13.0208 4076 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:36:13.0223 4076 usbuhci - ok
09:36:13.0395 4076 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
09:36:13.0442 4076 usbvideo - ok
09:36:13.0520 4076 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:36:13.0551 4076 vga - ok
09:36:13.0582 4076 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:36:13.0613 4076 VgaSave - ok
09:36:13.0629 4076 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
09:36:13.0645 4076 viaide - ok
09:36:13.0707 4076 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
09:36:13.0723 4076 volmgr - ok
09:36:13.0769 4076 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
09:36:13.0832 4076 volmgrx - ok
09:36:13.0894 4076 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
09:36:13.0910 4076 volsnap - ok
09:36:13.0957 4076 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:36:13.0972 4076 vsmraid - ok
09:36:14.0050 4076 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:36:14.0113 4076 WacomPen - ok
09:36:14.0175 4076 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:36:14.0222 4076 Wanarp - ok
09:36:14.0222 4076 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:36:14.0253 4076 Wanarpv6 - ok
09:36:14.0393 4076 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:36:14.0409 4076 Wd - ok
09:36:14.0440 4076 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:36:14.0565 4076 Wdf01000 - ok
09:36:14.0768 4076 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:36:14.0861 4076 winachsf - ok
09:36:15.0049 4076 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:36:15.0095 4076 WmiAcpi - ok
09:36:15.0329 4076 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
09:36:15.0376 4076 WpdUsb - ok
09:36:15.0548 4076 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:36:15.0595 4076 ws2ifsl - ok
09:36:15.0673 4076 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:36:15.0735 4076 WUDFRd - ok
09:36:15.0797 4076 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
09:36:15.0813 4076 XAudio - ok
09:36:15.0969 4076 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
09:36:16.0063 4076 yukonx64 - ok
09:36:16.0125 4076 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
09:36:16.0250 4076 \Device\Harddisk0\DR0 - ok
09:36:16.0265 4076 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:36:17.0155 4076 \Device\Harddisk1\DR1 - ok
09:36:17.0513 4076 Boot (0x1200) (975c894edd0aa863996712ba5223a018) \Device\Harddisk0\DR0\Partition0
09:36:17.0513 4076 \Device\Harddisk0\DR0\Partition0 - ok
09:36:17.0545 4076 Boot (0x1200) (35000ebbe60d5a95500182d7fed685f1) \Device\Harddisk0\DR0\Partition1
09:36:17.0545 4076 \Device\Harddisk0\DR0\Partition1 - ok
09:36:17.0560 4076 Boot (0x1200) (24aca91f285b6853d2550cb38b242bcf) \Device\Harddisk1\DR1\Partition0
09:36:17.0560 4076 \Device\Harddisk1\DR1\Partition0 - ok
09:36:17.0560 4076 ============================================================
09:36:17.0560 4076 Scan finished
09:36:17.0560 4076 ============================================================
09:36:17.0576 3184 Detected object count: 0
09:36:17.0576 3184 Actual detected object count: 0
09:37:45.0232 1640 Deinitialize success
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-08 09:38:53
-----------------------------
09:38:53.245 OS Version: Windows x64 6.0.6002 Service Pack 2
09:38:53.245 Number of processors: 2 586 0x170A
09:38:53.245 ComputerName: THE4EGOS-PC UserName: the4egos
09:38:55.507 Initialize success
09:41:23.076 AVAST engine defs: 12010800
09:41:56.928 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:41:56.928 Disk 0 Vendor: ST9320325AS 0003HPM1 Size: 305245MB BusType: 3
09:41:57.287 Disk 0 MBR read successfully
09:41:57.303 Disk 0 MBR scan
09:41:57.303 Disk 0 unknown MBR code
09:41:57.318 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292665 MB offset 2048
09:41:57.350 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12576 MB offset 599379968
09:41:57.365 Service scanning
09:42:00.017 Modules scanning
09:42:00.017 Disk 0 trace - called modules:
09:42:00.033 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:42:00.033 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800501c790]
09:42:00.033 3 CLASSPNP.SYS[fffffa6000a60c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bcf940]
09:42:06.741 AVAST engine scan C:\Windows
09:42:09.377 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
09:42:12.060 AVAST engine scan C:\Windows\system32
09:45:19.416 AVAST engine scan C:\Windows\system32\drivers
09:45:40.851 AVAST engine scan C:\Users\the4egos
09:53:36.028 AVAST engine scan C:\ProgramData
09:55:27.537 Scan finished successfully
10:02:51.820 Disk 0 MBR has been saved successfully to "C:\Users\the4egos\Desktop\MBR.dat"
10:02:51.836 The log file has been saved successfully to "C:\Users\the4egos\Desktop\aswMBR.txt"