Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

for rkinner


  • Please log in to reply

#31
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
ComboFix 13-02-01.04 - Raw from Noluv 02/02/2013 3:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.4428 [GMT -5:00]
Running from: c:\users\Raw from Noluv\Downloads\ComboFix.exe
Command switches used :: c:\users\Raw from Noluv\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk"
"c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe"
"c:\windows\system32\drivers\fhwdlbbb.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_fhwdlbbb
-------\Service_PCTINDIS5X64
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 09:04 . 2013-02-02 09:04 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F42E6305-27C2-4EF1-BCBB-C941792DAC6F}\offreg.dll
2013-02-02 09:00 . 2013-02-02 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 09:00 . 2013-02-02 09:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-01 12:47 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F42E6305-27C2-4EF1-BCBB-C941792DAC6F}\mpengine.dll
2013-01-21 21:27 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 21:27 . 2013-01-21 21:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-21 20:13 . 2013-01-21 20:13 -------- d-----w- c:\users\Raw from Noluv\AppData\Local\Programs
2013-01-21 17:23 . 2013-01-21 17:23 -------- d-----w- C:\_OTL
2013-01-21 09:32 . 2013-01-21 09:32 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2013-01-18 06:04 . 2013-01-18 06:04 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Acer
2013-01-18 03:01 . 2013-01-18 03:01 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5F46323-F1B1-4B24-8FB0-86E2FBBE304D}\gapaengine.dll
2013-01-18 03:01 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-15 13:27 . 2011-03-01 20:30 443040 ----a-w- c:\windows\system32\athihvs.dll
2013-01-15 13:25 . 2010-05-07 16:19 245792 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2013-01-15 13:25 . 2010-03-04 21:30 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2013-01-15 12:33 . 2013-01-15 12:33 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2013-01-15 12:28 . 2013-01-15 12:28 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\WinBatch
2013-01-14 07:45 . 2013-01-14 07:41 120320 ----a-w- c:\windows\system32\E_YLMH3A.DLL
2013-01-14 06:37 . 2013-01-14 06:37 -------- d-----w- c:\programdata\CLSoft LTD
2013-01-14 06:17 . 2013-01-14 06:17 -------- d-----w- c:\program files (x86)\Lavalys
2013-01-14 05:49 . 2013-01-14 05:49 -------- d-----we c:\windows\system64
2013-01-13 23:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-13 23:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-13 23:02 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-13 23:02 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-13 23:02 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-13 23:02 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-13 23:02 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-13 23:02 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-13 23:02 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-13 19:45 . 2013-01-13 19:45 -------- d-----w- c:\users\Raw from Noluv\AppData\Local\ABBYY
2013-01-13 19:44 . 2013-01-13 19:46 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2013-01-13 19:44 . 2013-01-13 19:44 -------- d-----w- c:\programdata\ABBYY
2013-01-13 19:44 . 2013-01-13 19:44 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2013-01-13 19:19 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2013-01-13 19:19 . 2007-03-28 23:26 65536 ----a-w- c:\windows\SysWow64\EEBUtil.dll
2013-01-13 19:08 . 2013-01-13 19:08 -------- d-----w- c:\program files (x86)\Epson America Inc
2013-01-13 19:04 . 2009-12-09 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2013-01-13 19:04 . 2009-10-16 05:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2013-01-13 19:04 . 2009-10-16 05:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2013-01-13 14:03 . 2013-01-13 19:03 83968 ----a-w- c:\windows\system32\E_YD4BH3A.DLL
2013-01-12 03:51 . 2013-01-12 03:51 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Leader Technologies
2013-01-12 02:37 . 2013-01-14 07:49 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Epson
2013-01-12 02:17 . 2013-01-12 02:17 -------- d-----w- c:\users\Raw from Noluv\AppData\Local\Unizeal_Corp
2013-01-12 02:16 . 2013-01-12 02:16 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\Leadertech
2013-01-12 02:13 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-01-12 02:13 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-01-12 02:13 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-01-12 02:13 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-01-12 02:13 . 2004-03-16 18:05 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-01-12 02:13 . 2013-01-18 06:03 -------- d-----w- c:\program files (x86)\LTCM Client
2013-01-12 02:13 . 2013-01-12 02:13 -------- d-----w- c:\programdata\UDL
2013-01-12 02:07 . 2013-01-13 19:07 -------- d-----w- c:\program files (x86)\epson
2013-01-12 02:06 . 2013-01-13 19:51 -------- d-----w- c:\program files (x86)\Epson Software
2013-01-12 02:03 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2013-01-12 02:03 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2013-01-12 02:03 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2013-01-12 02:03 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2013-01-12 02:03 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2013-01-12 02:03 . 2013-01-12 02:03 -------- d-----w- c:\users\Raw from Noluv\AppData\Roaming\InstallShield
2013-01-12 02:03 . 2008-08-08 03:09 108032 ----a-w- c:\windows\system32\E_ILMFFA.DLL
2013-01-12 02:02 . 2007-12-07 02:01 81408 ----a-w- c:\windows\system32\E_IBCBFFA.DLL
2013-01-12 02:02 . 2013-01-13 19:23 -------- d-----w- c:\programdata\EPSON
2013-01-12 02:00 . 2006-05-09 13:58 615984 ----a-w- c:\windows\SysWow64\vsflex8n.ocx
2013-01-12 02:00 . 2007-07-30 16:28 847872 ----a-w- c:\windows\SysWow64\PowerButton.ocx
2013-01-12 02:00 . 2006-09-20 20:21 497488 ----a-w- c:\windows\SysWow64\XceedZip.dll
2013-01-12 02:00 . 2013-01-12 02:00 -------- d-----w- c:\program files (x86)\Final Publisher Pro
2013-01-12 01:58 . 2013-01-12 01:58 709719 ----a-w- c:\windows\unins000.exe
2013-01-12 01:52 . 2005-08-03 21:05 35892 ----a-w- c:\windows\SysWow64\SER9PL.sys
2013-01-12 01:52 . 2005-08-03 21:04 26719 ----a-w- c:\windows\SysWow64\SERSPL.VXD
2013-01-05 05:47 . 2013-01-05 05:53 -------- d-----w- c:\users\Raw from Noluv\The Walking Dead Season 3 Complete(Ep 1-8) HDTV x264 [VectoR]
2013-01-05 02:03 . 2013-01-05 02:31 -------- d-----w- c:\users\Raw from Noluv\Seven.Psychopaths.2012.DVDSCR.XviD-AbSurdiTy
2013-01-05 01:16 . 2013-01-05 01:17 -------- d-----w- c:\users\Raw from Noluv\Flight.2012.DVDSCR.x264.AAC-BiGKATS
2013-01-05 01:16 . 2013-01-05 01:20 -------- d-----w- c:\users\Raw from Noluv\Lincoln.2012.DVDSCR.XViD.AC3-FooKaS
2013-01-05 01:15 . 2013-01-05 01:20 -------- d-----w- c:\users\Raw from Noluv\Killing.Them.Softly.2012.DVDRip.XviD.AC3-nLiBRA
2013-01-05 00:12 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-05 00:12 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-05 00:12 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-05 00:12 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-05 00:12 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-05 00:12 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-05 00:12 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-05 00:12 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-05 00:12 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-05 00:12 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-05 00:10 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-05 00:10 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-12-28 16:45 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 23:51 . 2012-04-21 04:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-04 23:51 . 2011-06-11 09:10 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 22:31 . 2010-12-26 18:51 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-24 09:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 09:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 09:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 09:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-05 00:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-26 20:07 . 2012-05-01 15:47 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-11-14 07:06 . 2012-12-13 08:23 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:23 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:23 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:23 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:23 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:23 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:23 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:23 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:23 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:23 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:23 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:23 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:23 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:23 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:23 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:23 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:23 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 08:41 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 08:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
.
c:\users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe [2011-3-26 2561024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-06-21 36328]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2010-03-27 359040]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-03-27 62976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2012-05-26 438376]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2010-05-12 126952]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEMSD0227;ZTE Dummy MSD Device 0227;c:\windows\system32\Drivers\ZTEMSD0227.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-02-28 82560]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-02-28 42624]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-20 203264]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\HPCeeScheduleForRaw from Noluv.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-23 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\
FF - ExtSQL: !HIDDEN! 2011-01-19 09:24; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\standard_1.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
.
**************************************************************************
.
Completion time: 2013-02-02 04:14:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-02 09:13
ComboFix2.txt 2013-01-21 19:50
ComboFix3.txt 2013-01-14 05:34
.
Pre-Run: 45,703,315,456 bytes free
Post-Run: 44,664,774,656 bytes free
.
- - End Of File - - 6C976D6DC9D64C9E219BCF5FEECA77C3
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
I think we got all of it but let's be sure.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#33
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\2CA0.tmp.vir Win64/Olmarik.AD trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\2CB0.tmp.vir Win64/Olmarik.AD trojan
C:\Qoobox\Quarantine\C\Users\Raw from Noluv\wevtapi.dll.vir Win64/Agent.AC trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Default\aaiaablaonjkeckfoppahjojnlpmfmic\background.html Win32/BHO.OEI trojan
C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaiganokmhcbflohljmpfjojfonlkijk\1\5100f93defc511.33143796.js Win32/Adware.MultiPlug.H application
C:\Users\Raw from Noluv\Downloads\xtra misc stuff\Android_Apps_and_Games_Pack_Jan_09_2011.rar Android/TrojanSMS.Agent.GA trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379 Java/Exploit.CVE-2012-0507.AM trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379 Java/Exploit.CVE-2012-0507.AM trojan
C:\_OTL\MovedFiles\01212013_122359\C_ProgramData\continuetosave\5100f93defeb8.dll a variant of Win32/Adware.MultiPlug.I application
C:\_OTL\MovedFiles\01212013_122359\C_Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application
C:\_OTL\MovedFiles\01212013_122359\C_Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] Win32/Adware.MultiPlug.H application
C:\_OTL\MovedFiles\01212013_122359\C_Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions\[email protected] Win32/Adware.MultiPlug.H application
  • 0

#34
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
QuickScan 64-bit v0.9.9.118
---------------------------
Scan date: Sun Feb 03 20:35:44 2013
Machine ID: E24B9178



No infection found.
-------------------



Processes
---------
(unsigned) EPSON PC-FAX SOFTWARE 4376 C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(unsigned) EPSON PC-FAX SOFTWARE 4416 C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

(verified) AAM Updates Notifier Application 2396 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(verified) EEventManager Application 4368 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(verified) HP Wireless Assistant 4544 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(verified) hpCaslNotification 2376 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(verified) Microsoft® Windows® Operating System 2000 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 2792 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 4628 C:\Windows\System32\notepad.exe
(verified) Microsoft® Windows® Operating System 2472 C:\Windows\System32\taskhost.exe
(verified) Realtek HD Audio Manager 3332 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(verified) Synaptics Pointing Device Driver 3860 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Windows® Internet Explorer 868 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2124 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4240 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (868) connected on port 80 (HTTP) --> 69.25.24.24
Process iexplore.exe (868) connected on port 80 (HTTP) --> 74.125.137.101
Process iexplore.exe (868) connected on port 80 (HTTP) --> 74.125.137.101
Process iexplore.exe (868) connected on port 80 (HTTP) --> 173.194.37.58
Process iexplore.exe (868) connected on port 80 (HTTP) --> 72.21.81.253
Process iexplore.exe (868) connected on port 80 (HTTP) --> 173.194.37.58
Process iexplore.exe (868) connected on port 80 (HTTP) --> 74.125.134.156
Process iexplore.exe (868) connected on port 80 (HTTP) --> 74.125.134.156
Process iexplore.exe (868) connected on port 80 (HTTP) --> 74.125.225.241
Process iexplore.exe (868) connected on port 80 (HTTP) --> 74.125.225.241
Process iexplore.exe (2124) connected on port 80 (HTTP) --> 209.167.231.15
Process iexplore.exe (2124) connected on port 80 (HTTP) --> 173.222.176.79

Process EEventManager.exe (4368) listens on ports: 2968


Autoruns and critical files
---------------------------
(unsigned) DelayedAppStarter.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
(unsigned) EPSON PC-FAX SOFTWARE C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(unsigned) EPSON PC-FAX SOFTWARE C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(unsigned) PowerReg C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe
(unsigned) SBSV 2010/02/19-11:02:07 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

(verified) Adobe CS6 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(verified) Adobe Updater Startup Utility C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
(verified) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(verified) EEventManager Application C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(verified) HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
(verified) LTCM Communications Client C:\Program Files (x86)\LTCM Client\ltcmClient.exe
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll
(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\grooveex.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\Cmd.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\Mystify.scr
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Browser plugins
---------------
(unsigned) bdsrip ActiveX Control Module C:\Windows\Downloaded Program Files\bdsrip.ocx

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll
(verified) Google Update C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\grooveex.dll
(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll


Missing files
-------------
File not found: c:\Program Files\Microsoft Security Client\mssecex.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"MSC"

File not found: c:\program files (x86)\google\google toolbar\googletoolbar_64.dll
--> HKLM\Software\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InprocServer32\"(default)"

File not found: c:\program files\java\jre6\bin\jp2ssv.dll
--> HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"


Scan
----
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: abdd5ad016affd34ad40e944ce94bf59 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
MD5: fa4a45c179ab0e0f1a31b9751d4b18d7 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: b84fc6b9a1a7c620f3c1ed771125e68d C:\Program Files (x86)\Epson Software\Event Manager\EPNSM.dll
MD5: 637124cdbff5819cb8a8478838a33048 C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
MD5: 2031dcc0083a134af9451cd1402ffce3 C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
MD5: cc5cf2f2b39344bec48259568d2e3617 C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
MD5: 9da048718b2520b419f18e19fda3cae9 C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
MD5: ff2aa9a817482aec14980f07c94e26d0 C:\Program Files (x86)\Epson Software\FAX Utility\EbpD4Fax.dll
MD5: 96a2bc1598f48a9e98e08f916e44d56c C:\Program Files (x86)\Epson Software\FAX Utility\FUADRFIL.dll
MD5: 6bbe33a02520886cc93cfe8b774042d9 C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCFG.dll
MD5: 4c340fd995c9e7cc3e0c627002c801d4 C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXCSR.dll
MD5: e60149f54033e6d477268b48a9c0797a C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXLDB.dll
MD5: 7fa30b0de75d61b4e8e8734b2bb6ca6c C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
MD5: e476f00c910c1a96978fb30859e10919 C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
MD5: 3de08b4824cf4249c1f20479399c4555 C:\Program Files (x86)\Epson Software\FAX Utility\fufaxtif.dll
MD5: 2191577279a4f88afc45be9ff8f6ef3b C:\Program Files (x86)\Epson Software\FAX Utility\FUIMGCDC.dll
MD5: 5eebe77f6cd689a93ec985ccdbf8173c C:\Program Files (x86)\Epson Software\FAX Utility\FULEPP.dll
MD5: 0d261b5a62d93b67118e93f868d3ae27 C:\Program Files (x86)\Epson Software\FAX Utility\FUSTMMSG.dll
MD5: bd29dad457e7058751d428407f5cff13 C:\Program Files (x86)\Epson Software\FAX Utility\FUSVCCLT.dll
MD5: d9d3a383847ddec5cc46160c9b87f5fc C:\Program Files (x86)\Epson Software\FAX Utility\FUUSBHLP.dll
MD5: db20ae3653f8df8463c588e355380a21 C:\Program Files (x86)\Epson Software\FAX Utility\FUVERDLG.dll
MD5: 70234b0be41c7a10945a789f645094c3 C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENCM.dll
MD5: 70db6ea90a2b3265228959d5a8dc5139 C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENNW.dll
MD5: b2673a122c7021be74b056a3ff82d273 C:\Program Files (x86)\Epson Software\FAX Utility\Library\ENUTIL.dll
MD5: 8f0171b75cc56862f8ebfb91dc62474e C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDEVCOM.dll
MD5: 1ceae8e24e2c75be6d1e3c830cb817d3 C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUDRVUTL.dll
MD5: 8cd7080e6cac72e4d4942b1d0164e28c C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUPRBDEV.dll
MD5: 70c29173414a371daed950194b25123c C:\Program Files (x86)\Epson Software\FAX Utility\Library\FUSNMPUT.dll
MD5: 308c14bb2824688906530c93979fe302 C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
MD5: 68f41cc4a1e0362972eca0991eb31f4b C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
MD5: 628c54488fffaae71f9b1c0b553bbaa3 C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
MD5: 3146c07a0a27e49269822d53c6602ab5 C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
MD5: 196f7d8cf9aac66f84421a24856aa4d9 C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
MD5: cc76986f16b2c1def95f0f174d5cddb9 C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
MD5: 1dae5c46d42b02a6d5862e1482efb390 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 99e8eef42fe2f4af29b08c3355dd7685 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: f37882f128efacefe353e0bae2766909 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
MD5: 32fb817dfbee1ba2589aa3964718dcfc C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
MD5: a0abbad8ce99cbf8467d697073b38e87 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
MD5: 4ea7e5df0cb237156176fa0349e6e87f C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
MD5: 323414ddeb7583226d5646138f43e78f C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe
MD5: 2c1bb3ad51826aa96c9802cbc123814f C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll
MD5: 7bb710183aad6c420a8faf7c4abc6384 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\68f908f70841f6159b1124f89029ef77\PresentationCore.ni.dll
MD5: e5840a20cab43276a2f58ca6f541d5df C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\a50f3d1b7985318568ecec58ba24e409\PresentationFramework.Aero.ni.dll
MD5: 1d5a06280e3e6c07950faaa4d153269b C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\f30de4ac82d4a89c959a7f525ba05aed\PresentationFramework.ni.dll
MD5: 8323b32a6fc3fcd7e5c8ba94b36ce162 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\3762e80651ff8d0bbcdb0ccebfb3b3f7\System.Configuration.ni.dll
MD5: c68a9ed2b7269f91a75bce10894186eb C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\7e75cd0b412dd2ac432f0ffbfaa7e55e\System.Core.ni.dll
MD5: 28638660e651578c354bf43cd646ef6d C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll
MD5: 8965a4caa8e006f5f32d084cabd3679e C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\ad25afb3a0820b92f311d6897df82e5f\System.Runtime.Remoting.ni.dll
MD5: 2774222afa6fb9f9940f2211ce7ccc29 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8e03b29f6562f1b7ce14fa3337d9cee2\System.Runtime.Serialization.Formatters.Soap.ni.dll
MD5: a6071fcac74db12d8ce03d78d6154d86 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\cd91841321f9942330b6097dcd96dce9\System.Web.ni.dll
MD5: 107243179484027540978f075f6941d4 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\24a22e5e6d47c2509aae62c7e9da0500\System.Windows.Forms.ni.dll
MD5: 5ccd5b62076d4432d4728bb6cb3debfd C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll
MD5: 9682d5b9d9309377c1a7e08c3e6b7b3d C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll
MD5: 89344657836f91640f3ddb235d0e7f73 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\5f684be17ae6b826f6f9eaa170b41b05\WindowsBase.ni.dll
MD5: 9dc683c02e853aff476bb4836b24d6b1 C:\Windows\Downloaded Program Files\bdsrip.ocx
MD5: 2334dc48997ba203b794df3ee70521db C:\Windows\system32\HPZinw12.dll
MD5: ac78df349f0e4cfb8b667c0cfff83cce C:\Windows\system32\HPZipm12.dll
MD5: 875e4e0661f3a5994df9e5e3a0a4f96b C:\Windows\SysWOW64\IoctlSvc.exe


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.06 MB sent, 3.04 KB recvd
Scanned 1366 files and modules - 116 seconds

==============================================================================
  • 0

#35
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
OTL logfile created on: 2/3/2013 8:41:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 70.35% Memory free
11.74 Gb Paging File | 9.91 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 41.15 Gb Free Space | 14.67% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 09:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.exe
PRC - [2012/07/11 16:12:18 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Raw from Noluv\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/04/04 05:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/04 18:51:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/25 21:23:14 | 000,438,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 08:38:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/28 08:38:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/20 22:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D2B1EE8F-3646-466A-8407-78DA4AAE7B32}: "URL" = http://www.google.co...1I7ADFA_enUS422
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 19:32:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 12:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions
[2012/08/21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/26 22:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/26 22:47:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/11 19:32:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 19:32:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/11 19:32:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaiganokmhcbflohljmpfjojfonlkijk\1\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: No name found = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/02 04:04:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235AA25-4B56-4A1B-A6B5-2B4EF4597E21}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpReg: (default) - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: FileServe Manager Task - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: FlashGet 3 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HP Quick Launch - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: Raptr - hkey= - key= - C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: vProt - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: 63585510.sys - Driver
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 63585510.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: 63585510.sys - Driver
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 63585510.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2013/02/02 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/02 04:05:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/21 16:27:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/21 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/21 16:18:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Programs
[2013/01/21 14:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/21 14:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/21 14:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/21 12:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 04:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2013/01/18 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2013/01/15 08:27:56 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/01/15 08:25:58 | 000,245,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2013/01/15 08:25:56 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2013/01/15 07:33:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013/01/15 07:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013/01/15 07:28:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2013/01/14 15:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/01/14 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/14 07:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/01/14 07:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 07:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/14 02:45:37 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/14 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/01/14 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013/01/14 00:49:38 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2013/01/13 23:54:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 18:05:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/13 18:05:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/01/13 18:05:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/01/13 18:05:29 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/01/13 18:05:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/01/13 18:05:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/01/13 18:05:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/01/13 18:05:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/01/13 18:05:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/01/13 18:05:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/01/13 18:05:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/01/13 18:05:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/01/13 18:05:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/01/13 18:05:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/01/13 18:05:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/01/13 18:05:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/01/13 18:05:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/01/13 18:05:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/01/13 18:05:27 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/13 18:05:27 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/01/13 18:05:26 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/01/13 18:05:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/01/13 18:02:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/01/13 18:02:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/01/13 18:02:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/13 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\ABBYY
[2013/01/13 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/01/13 14:19:10 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2013/01/13 14:19:10 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2013/01/13 14:19:10 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2013/01/13 14:19:10 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2013/01/13 14:19:10 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2013/01/13 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/01/13 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/01/13 14:10:38 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2013/01/13 14:10:38 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2013/01/13 14:10:37 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2013/01/13 14:10:37 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2013/01/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/01/13 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/01/13 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/01/13 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/01/13 14:04:50 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013/01/13 14:04:50 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013/01/13 14:04:50 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2013/01/13 09:03:20 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2013/01/11 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Unizeal_Corp
[2013/01/11 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2013/01/11 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2013/01/11 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013/01/11 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/01/11 21:03:21 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2013/01/11 21:03:21 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2013/01/11 21:03:21 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2013/01/11 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2013/01/11 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/01/11 21:03:02 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMFFA.DLL
[2013/01/11 21:02:59 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBFFA.DLL
[2013/01/11 21:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/01/11 21:00:38 | 000,615,984 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8n.ocx
[2013/01/11 21:00:37 | 000,847,872 | ---- | C] (Arcadia Software Development) -- C:\Windows\SysWow64\PowerButton.ocx
[2013/01/11 21:00:37 | 000,497,488 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Publisher Pro
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Publisher Pro
[2013/01/11 20:52:06 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys
[2013/01/05 00:47:04 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\The Walking Dead Season 3 Complete(Ep 1-8) HDTV x264 [VectoR]
[2013/01/04 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\Seven.Psychopaths.2012.DVDSCR.XviD-AbSurdiTy

========== Files - Modified Within 30 Days ==========

[2013/02/03 14:32:27 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 14:32:27 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 14:26:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 14:26:32 | 514,133,244 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/03 14:26:27 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/02 10:16:09 | 000,738,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/02 10:16:09 | 000,632,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/02 10:16:09 | 000,109,972 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/02 04:04:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/02 03:26:40 | 000,001,210 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/01 21:40:25 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2013/01/21 16:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 16:18:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:14:39 | 000,001,133 | ---- | M] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 13:16:51 | 000,001,204 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/18 02:17:54 | 000,230,665 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/15 07:33:13 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 08:37:39 | 005,057,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 02:47:44 | 000,000,106 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/01/14 02:43:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/14 02:41:23 | 000,120,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:17:28 | 000,001,102 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 20:10:37 | 000,026,674 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2013/01/13 20:10:22 | 000,001,955 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2013/01/13 18:39:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/13 18:12:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/13 14:42:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:03:20 | 000,083,968 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:08:11 | 000,002,374 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 22:07:30 | 000,229,714 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:16:46 | 000,000,044 | ---- | M] () -- C:\Windows\EPART50.ini
[2013/01/11 21:13:54 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:00:10 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:56 | 000,007,962 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/11 20:58:52 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:14 | 000,792,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/01/21 16:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:14:39 | 000,001,133 | ---- | C] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 14:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/21 14:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/21 14:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/21 14:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/21 14:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 13:16:51 | 000,001,204 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/15 07:33:13 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 01:17:28 | 000,001,102 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 18:12:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/13 18:11:53 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/13 14:51:45 | 000,001,210 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:04:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/13 13:58:04 | 000,000,106 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/01/11 22:07:44 | 000,230,665 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/11 22:07:30 | 000,229,714 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:35:00 | 000,002,374 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 21:13:54 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:36 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2013/01/11 21:13:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:03:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/01/11 21:03:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/01/11 21:03:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/01/11 21:03:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/01/11 21:03:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/01/11 21:03:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/01/11 21:03:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/01/11 21:03:21 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/01/11 21:03:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/01/11 21:03:21 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/01/11 21:03:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/11 21:03:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/11 21:03:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/11 21:03:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/01/11 21:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPART50.ini
[2013/01/11 21:00:10 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:52 | 000,007,962 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/11 20:52:06 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/27 09:10:57 | 1964,290,048 | ---- | C] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso
[2012/10/06 09:59:31 | 000,011,230 | ---- | C] () -- C:\Users\Raw from Noluv\NFO.NFO
[2012/05/09 19:19:35 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/05/03 07:48:30 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/03 07:48:30 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/25 12:21:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 12:21:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/24 08:06:17 | 000,026,674 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2012/04/22 10:18:15 | 000,026,197 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp38.html
[2012/04/22 10:14:48 | 000,001,955 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2012/01/09 16:35:17 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,082 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/14 18:21:54 | 000,001,024 | ---- | C] () -- C:\Users\Raw from Noluv\.rnd

========== ZeroAccess Check ==========

[2012/08/09 17:28:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST932032 5AS SATA Disk Device
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 199.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 280.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 17.00GB
Starting Offset: 301339770880
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 103.00MB
Starting Offset: 319963529216
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2008/05/08 01:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 19:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2008/05/08 01:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 19:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/01/18 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2011/10/13 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Acoustica
[2012/11/07 19:13:58 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Adobe
[2011/01/14 14:59:06 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Ahead
[2010/12/25 16:47:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\ATI
[2012/04/30 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Azureus
[2011/12/16 18:57:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\B9178
[2012/04/30 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\BITS
[2011/03/13 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/25 15:29:51 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\CyberLink
[2011/01/10 17:12:06 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\DMCache
[2010/12/31 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\DVDCreator
[2012/08/22 01:41:45 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\dvdcss
[2013/01/21 13:36:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\E24B9
[2013/01/14 02:49:18 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2012/04/30 10:41:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FlashGet
[2012/04/30 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FlashGetBHO
[2012/04/30 10:41:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FrostWire
[2011/03/12 03:06:55 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Google
[2013/01/15 07:37:00 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Hewlett-Packard
[2011/01/19 09:31:27 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\HP
[2011/11/26 07:25:55 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\hpqLog
[2012/07/30 13:10:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\HpUpdate
[2010/12/25 16:44:56 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Identities
[2013/01/11 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2012/04/30 10:41:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Intuit
[2012/04/30 10:58:12 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\KJJJ7ffEL8
[2013/01/11 22:51:52 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2010/12/25 04:57:43 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Macromedia
[2012/04/30 10:41:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Malwarebytes
[2010/11/20 04:25:31 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Media Center Programs
[2011/06/20 19:57:36 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Media Player Classic
[2013/01/14 09:09:13 | 000,000,000 | --SD | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft
[2012/04/30 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla
[2011/07/11 20:35:00 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\MPEG Streamclip
[2012/04/30 10:41:06 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Nero
[2012/01/20 21:23:05 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\NeroDCTemplates
[2011/08/16 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\ooVoo Details
[2011/03/17 13:25:58 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\PACE Anti-Piracy
[2013/02/03 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2012/04/30 10:58:14 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Raptr
[2011/01/04 00:02:40 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Real
[2012/01/08 22:42:12 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011/04/08 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Sierra Wireless
[2012/04/30 10:41:08 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\SoftGrid Client
[2011/03/17 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/19 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\TP
[2013/01/21 12:20:24 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\uTorrent
[2011/01/02 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\VitySoft
[2012/12/03 23:58:31 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\vlc
[2013/01/10 22:06:52 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Vso
[2011/01/14 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\WildTangent
[2013/01/15 07:28:53 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2011/02/08 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Windows Live Writer
[2010/12/25 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\WinRAR
[2012/10/13 21:25:32 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Xilisoft
[2012/12/23 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\system64\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\system64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\system64\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\SysWOW64\nlaapi.dll
[2012/01/13 02:12:03 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0BA65122FFA7E37564EE86422DBF7AE8 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_cfca9d84561311f2\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_d07f52216f10753a\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\SysNative\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\system64\nlaapi.dll
[2012/10/03 12:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=46BB91A169B9B31FF44EB04C48EC1D41 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_c575f33221b24ff7\nlaapi.dll
[2012/10/03 12:32:48 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=C98BCE54F31113D5E736C1097FD086DC -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_c62aa7cf3aafb33f\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\system64\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\system64\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\system64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\system64\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\system64\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/11 19:32:55 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/11 19:32:55 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/11 19:32:55 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/31 17:12:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/31 17:12:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/31 17:12:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/11 19:32:55 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/11 19:32:55 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/11 19:32:55 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\RAW FROM NOLUV\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/31 17:12:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/31 17:12:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/31 17:12:23 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2009/07/13 20:16:20 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\WordpadFilter.dll
[2009/07/13 21:06:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/07/13 20:16:15 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2009/06/10 16:43:18 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/06/10 16:43:18 | 001,272,822 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/06/10 16:43:18 | 000,980,102 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/06/10 16:43:19 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/06/10 16:43:19 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/06/10 16:43:19 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2009/06/10 16:43:19 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/07/13 21:05:26 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

#36
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
OTL Extras logfile created on: 2/3/2013 8:41:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 70.35% Memory free
11.74 Gb Paging File | 9.91 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 41.15 Gb Free Space | 14.67% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\SysWow64\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\SysWow64\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17884248-F9A0-441F-9311-51E336E753DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{358ECCCC-A18B-438E-BC0C-EE40E9E9FD3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F5FEE9C-EDD4-4454-98F5-F1BEA59AB61E}" = lport=138 | protocol=17 | dir=in | app=system |
"{468E925D-A0AC-4FC0-AC7E-8221E3EA7AF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{5AFB5BCE-F0D9-4031-8C80-D4AEFA79C4D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F0E9512-D2CE-433F-92B7-2928A825199F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D79BB43-68A4-47BD-8A6F-1F49F7A7D8DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7F6ED1BA-DF1A-4407-B313-DFFC0EE0008A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{87EB6CD1-BC2B-44F6-A16C-D897C87B04C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D9402C5-ADF3-46BF-8575-325145B2DDAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{924E0254-AFF1-4E09-B14A-756BEEE256A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A50F8892-444F-4D5D-A41F-2D23B89AF4B0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A72FCD18-45D9-4E7D-BB17-EEBB0E1249DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A7C605FA-026A-42FD-8115-EF9040A3F428}" = rport=445 | protocol=6 | dir=out | app=system |
"{AED7E11D-8520-48B3-971F-29D31B888AC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B18C0A5D-E37D-4451-BCEB-FB494B945791}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B194FE32-24CF-4471-9F35-DAF70CF8F8C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C56B3FC4-9D92-41B9-908B-EA84B17FD33C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0C3D301-A5E5-436D-8506-324D89535986}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D19B609A-6CA9-4B30-8524-5C0DD78C554B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D85D392A-99A5-4190-A9C3-5EEDAC2A7C32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E35E8A07-44EA-4D7D-8C9A-279F4898AB1F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E45458F3-38CC-4E0C-ACA6-6B7C40B57351}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EFD7D516-F4E3-475A-AB01-54ED54C7F66E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F36F3B33-F00F-41C4-BC4F-F1E6A92761F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8C26164-0524-4171-B2BD-ED264DF98969}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0B9B6-37AC-44AC-B2CA-63B746BEB4B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0426BA6A-B061-40B1-8696-9CB5B4CCD467}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{0AF075FD-2B51-4FEC-80C5-7E9922103DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1744A51D-6318-45AA-95E0-E2FE7CB7237C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{1744C9FA-A5B8-4EE8-997E-C82BE150FEEF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{21AA5D2B-EF96-4505-A561-FC4FCBEB14DE}" = protocol=58 | dir=out | [email protected],-28546 |
"{21C7A9B5-5F21-423B-BCE1-465BB151783F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{22B433A9-EEB5-4DC7-8C23-127B3B718C05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{252B39E8-6925-43DC-8227-6A3A57ED8223}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{27FC23F0-59F9-437C-B4F9-A725F98DE44C}" = protocol=58 | dir=in | [email protected],-148 |
"{28945957-ADF8-4160-8BE4-622666F0A35F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2AEE7F58-6786-40E9-BB0D-BADB10573BC2}" = protocol=1 | dir=out | [email protected],-28544 |
"{2F63BCA1-77E1-43CB-AF2E-11AD19ACCC4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3AC4DFC9-4285-440F-BA85-CC43FCFF9759}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{44A16188-B662-40F5-9AD5-92514CC1279C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47386422-61AC-4347-A69D-2443C7C5F2A7}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{4D478F47-7B54-45F3-A1AF-F7DD469A4AF5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{50AF1995-511D-4B58-A90E-A05F70B63AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{58DC8AFD-57A9-4D8F-AB2B-6359ACE73593}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5CE69A5B-A0A6-48E7-B111-32DC87C3D686}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D5FB36D-AA60-4C8D-B0A4-18B76C47B00A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{6E2A430E-41B8-4970-9896-E5137A06EF68}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7857951A-A28A-4F2D-AADC-0AAEC0BA335A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{78BF4A59-6688-4C31-88D2-E71202D9F7F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7EEBAF2B-A881-4EDC-806D-E64DF23F6ADC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{7F72FBC8-5C28-4357-8A80-546D5E560D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7FA49A01-956C-485D-B541-770F67A65ADC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81A08614-943B-4D64-BEF5-88FE579D0126}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{87801043-A665-4077-BC4C-A722621F4589}" = dir=in | app=c:\users\raw from noluv\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{8DA04844-D168-42A0-AB78-5DA4EDE9A84A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{9026E000-566C-4DFE-B43E-EBB014AF730D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{94091789-1212-43F2-8F90-6351D7CB7D53}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{9C195E25-2F01-4283-BF4F-A5BBC7712E18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FBA261C-245F-46C8-82F0-464FE6919941}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A2C68EC7-5A3F-47CD-BDA0-A8644C85D914}" = protocol=1 | dir=in | [email protected],-28543 |
"{A305632E-BE9D-4429-AFAA-C88B26D58951}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{AA79FED2-E795-48F3-9CE8-E41E7BE4FD72}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AF4191D3-44C2-4FA7-9F96-C6C9A9A10A66}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{B6E1D671-E7B3-45C7-8A79-6D542A98166B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B755A04D-825C-4CFE-84EC-E0E8711042F9}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{BB25593E-4548-4DA6-B77C-B63D1C2C80C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{BBF69A78-A604-4136-9696-F742B7AE4778}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFB31FE3-6E18-47AC-98A6-3600537B3FFE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{CB8AEB65-965C-400F-BC03-79CC860C101A}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{CE66726E-A628-4351-A979-3290573B204A}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{CF014D1F-D054-430B-AB40-4AD308487A4D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D0238489-03E0-489F-AF3B-4B368DEB9A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{DA408509-87C4-4B35-83A0-8D596B80C5E9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{DDCA507D-B9C8-4428-B06B-CB654F55FA69}" = protocol=58 | dir=in | [email protected],-28545 |
"{DE2D20DC-0C35-4ECF-9242-6BED5277656D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{E7944C9B-BFA8-4AC0-8273-4D05163F97A2}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{EAEAB54C-5978-445D-9CA4-F209731623F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EB0A0066-CDD8-4C69-B15D-EB58DFF3DCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{EFE391F6-ED28-445B-A0AD-9189A6B6354A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F86FC563-680E-4571-8FF4-08B834A3D44E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FB7E4F57-0B36-4F1A-9C35-5A56B6152606}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{225DE5BF-DDDC-4EA2-9019-F6C8D591DDAA}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |
"TCP Query User{24C443B1-240E-4105-828B-76F2DD0B439A}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{3D77A33F-2F7F-49BE-869C-72F9F0EF0DA8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3D7D3074-E112-4008-A427-5CA794F483CF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{44506D77-46CB-41BF-B104-6DFA4CAFBFB1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{4F05FD6C-470E-4449-9636-1D990B1024BC}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{503B3223-5D68-4B3B-81DD-B55B3F6A45C5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{50FFB52D-9750-4954-9874-D3FB22805053}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8BD3D22F-FE78-4C6E-A5E1-48E96BA17463}C:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe |
"TCP Query User{A58AF966-99F3-4135-8A5B-A36F1876452B}C:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe |
"TCP Query User{AA4210BC-3D01-481C-BDEF-77CF0E230F10}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{D3209E98-0FDA-4713-AF87-A00B05795D4C}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"TCP Query User{DBE0A617-4D70-4C83-9F04-A05C1BE9F3E2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{EEE4D474-6714-475D-A072-D8125309FB2B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{1633D582-6CB0-42BB-B692-5D55520A6965}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BBDAD8D-DB92-48B1-BB4D-ADC273E2AA14}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{4DA86CE5-9352-44E5-A39B-B1FCF8284D79}C:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\kmsact\pack\keygen\keygen.exe |
"UDP Query User{605806B6-7C96-459E-A0C4-059DAA9C6F51}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6D948A03-2D0F-472E-8418-836E3BEEFEE1}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{770941D8-606C-44BE-BB7C-860216CEC32E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{95656DEB-E1A9-436F-BCB7-3B9BAB87C9CC}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{963B5DD9-7191-4474-9005-A91144F9B21B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{A840DFCD-FE67-4137-98B6-C1208FB48B96}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{B99CA8FB-C7FE-49A1-9A37-BC0AD58EAF5F}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{BCE5B5DF-177E-40E0-BB51-9CD57A444E4C}C:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\raw from noluv\appdata\local\temp\7zipsfx.000\pack\keygen\keygen.exe |
"UDP Query User{C3A1F3E4-A837-4E07-BC84-97BE5ADF773F}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{DD1667B4-8E95-4474-AE3B-73613292587B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{E04E0D45-581C-4DE8-92CB-6EFBB8E34B1B}C:\program files\java\jre6\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\frd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F2B8F3E-70FA-AA71-4526-3BFDEDE502EF}" = AMD Fuel
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F69E48F2-94B0-4272-845C-5F21F2A9815F}" = HP Photosmart Printer Driver Software 13.0 Rel. 2
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"EPSON Artisan 50 Series" = EPSON Artisan 50 Series Printer Uninstall
"EPSON WP-4530 Series" = EPSON WP-4530 Series Printer Uninstall
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WhoCrashed_is1" = WhoCrashed 4.01
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{154F0971-04E6-49DB-9E9D-EE0108EC213A}" = PS_SF_02_ProductContext
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = AMD VISION Engine Control Center
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{73CDA9BC-DE4D-4D01-A036-BB7B4BB4E9DF}" = Final Publisher Pro
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8232F780-08F1-4894-AA3E-76529901E391}" = PS_SF_02_Software
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96F9B265-1367-4E1A-B8B9-F8530EF3AA62}" = Add or Remove Adobe Premiere Pro CS5
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B38E9B55-7136-4E66-A084-320512FF3F6F}" = LTCM Client
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C64A995B-1A93-48CE-B93B-1EEDB096CBD7}" = PS_SF_02_Software_Min
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E797E7D2-D68C-4cb1-80D2-16049A8FBFB8}" = D5300_Help
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F306C5B6-70C5-4FDC-8C22-BEC5957579E4}" = D5300
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cinema Craft Encoder SP3" = Cinema Craft Encoder SP3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 2975] [2009-05-28]
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Raptr" = Raptr
"RealAlt_is1" = Real Alternative 1.9.0
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"uTorrent" = µTorrent
"Video Convert Master_is1" = Video Convert Master 11.0.11.27
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6
"Xilisoft CD Ripper 6" = Xilisoft CD Ripper 6
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6
"Xilisoft DVD Ripper Platinum 6" = Xilisoft DVD Ripper Platinum 6
"Xilisoft Video Converter Standard 6" = Xilisoft Video Converter Standard 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/3/2013 4:02:55 PM | Computer Name = MMG | Source = Application Hang | ID = 1002
Description = The program PDApp.exe version 6.0.335.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 10a0 Start Time:
01ce024952d285fa Termination Time: 24 Application Path: C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\..\core\PDApp.exe Report Id: ad49e171-6e3c-11e2-8f0b-78acc03e8bd9


[ Hewlett-Packard Events ]
Error - 7/26/2012 9:27:58 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 10/26/2012 11:49:30 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 7:06:26 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 7:06:40 PM | Computer Name = MMG | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088HPSF.exe at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5882
Ram
Utilization: 30 TargetSite: Void loadXML()

Error - 11/20/2012 7:07:19 PM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 12/26/2012 5:49:58 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 12/26/2012 6:15:44 AM | Computer Name = MMG | Source = HPSF.exe | ID = 4000
Description =

Error - 1/21/2013 7:59:10 PM | Computer Name = MMG | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.InitRegItem()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: HPAsset has not been installed, ACLM will depend on
this component. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.InitRegItem()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5882 Ram Utilization: TargetSite: Void InitRegItem()

Error - 2/1/2013 9:12:45 AM | Computer Name = MMG | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSFConfigReader.ConfigHelper.loadXML()

at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Message: Object reference not set to an instance of an object. StackTrace:
at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5882
Ram
Utilization: TargetSite: Void loadXML()

Error - 2/1/2013 9:12:55 AM | Computer Name = MMG | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.InitRegItem()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: HPAsset has not been installed, ACLM will depend on
this component. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.InitRegItem()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 5882 Ram Utilization: 30 TargetSite: Void InitRegItem()

[ HP Wireless Assistant Events ]
Error - 4/30/2012 7:22:37 AM | Computer Name = MMG | Source = HP WA Application | ID = 0
Description =

Error - 5/3/2012 6:31:31 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x800706BA): The RPC
server is unavailable. (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

Error - 5/7/2012 7:35:56 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2012 7:35:57 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/7/2012 7:35:59 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/8/2012 5:30:46 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 5/8/2012 5:30:48 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/26/2012 4:01:51 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Threading.ThreadAbortException Thread was being aborted. at
System.Management.IEnumWbemClassObject.Next_(Int32 lTimeout, UInt32 uCount, IWbemClassObject_DoNotMarshal[]
apObjects, UInt32& puReturned) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware radio)

at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/26/2012 4:01:52 PM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x80010108): The object
invoked has disconnected from its clients. (Exception from HRESULT: 0x80010108
(RPC_E_DISCONNECTED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.SinkForEventQuery.Cancel()
at System.Management.ManagementEventWatcher.Stop() at System.Management.ManagementEventWatcher.Finalize()

Error - 12/1/2012 6:06:16 AM | Computer Name = MMG | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 2/2/2013 5:06:48 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%31

Error - 2/2/2013 5:06:48 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The HP Wireless Assistant Service service failed to start due to the
following error: %%31

Error - 2/2/2013 5:06:48 AM | Computer Name = MMG | Source = Service Control Manager | ID = 7000
Description = The RtVOsdService Installer service failed to start due to the following
error: %%31

Error - 2/2/2013 11:41:00 AM | Computer Name = MMG | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:25:32 AM on ?2/?2/?2013 was unexpected.

Error - 2/2/2013 11:41:05 AM | Computer Name = MMG | Source = BugCheck | ID = 1001
Description =

Error - 2/2/2013 6:17:53 PM | Computer Name = MMG | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:04:34 PM on ?2/?2/?2013 was unexpected.

Error - 2/2/2013 6:17:58 PM | Computer Name = MMG | Source = BugCheck | ID = 1001
Description =

Error - 2/3/2013 3:26:44 PM | Computer Name = MMG | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:23:55 PM on ?2/?3/?2013 was unexpected.

Error - 2/3/2013 3:26:46 PM | Computer Name = MMG | Source = BugCheck | ID = 1001
Description =

Error - 2/3/2013 9:47:01 PM | Computer Name = MMG | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.


< End of report >
  • 0

#37
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
AERTSr64.exe 1144 984 K 2,600 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 1312 2,168 K 5,992 K AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe 968 1,464 K 4,096 K AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
audiodg.exe 232 18,112 K 17,352 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1448 888 K 2,592 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CVHSVC.EXE 3484 3,988 K 9,084 K Microsoft Office Client Virtualization Service Microsoft Corporation (Verified) Microsoft Corporation
EPCP.exe 1768 7,164 K 13,080 K Epson Customer Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
FacebookUpdate.exe 4128 2,676 K 1,848 K Facebook Installer Facebook Inc. (Verified) Facebook
Fuel.Service.exe 704 1,968 K 5,820 K AMD Fuel Service Advanced Micro Devices, Inc. (Unable to verify) Advanced Micro Devices, Inc.
GoogleUpdate.exe 2600 2,072 K 528 K Google Installer Google Inc. (Verified) Google Inc
hpCaslNotification.exe 2376 30,360 K 14,104 K hpCaslNotification Hewlett-Packard Development Company L.P. (Verified) Hewlett-Packard Company
hpqWmiEx.exe 4320 1,932 K 6,508 K hpqwmiex Module Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPSA_Service.exe 4744 24,472 K 18,276 K HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
iexplore.exe 2124 58,164 K 71,516 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
IoctlSvc.exe 2800 1,016 K 3,552 K PLFlash DeviceIoControl Service Prolific Technology Inc. (Unable to verify) Prolific Technology Inc.
LSSrvc.exe 2104 1,244 K 4,168 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
MsMpEng.exe 828 68,800 K 18,352 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
NBService.exe 2172 2,988 K 7,996 K Nero BackItUp Nero AG (Verified) Nero AG
NetworkLicenseServer.exe 1972 5,040 K 8,900 K ABBYY network license server ABBYY (Verified) ABBYY SOLUTIONS LIMITED
procexp.exe 1776 2,436 K 6,648 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RtkNGUI64.exe 3332 9,480 K 10,692 K Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RtVOsd.exe 3672 2,472 K 7,568 K Realtek OSD for Volume/Mute Realtek Semiconductor Corp. (Unable to verify) Realtek Semiconductor Corp.
RtVOsdService.exe 4616 20,512 K 14,704 K RtVOsdService Realtek Semiconductor Corp. (Unable to verify) Realtek Semiconductor Corp.
services.exe 516 5,864 K 9,752 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
sftvsa.exe 2440 1,436 K 4,776 K Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 272 444 K 1,116 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1536 7,868 K 13,560 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2072 3,516 K 8,432 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1036 2,260 K 5,280 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1412 11,264 K 14,660 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2844 1,844 K 5,368 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1012 24,108 K 24,384 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 780 4,320 K 8,272 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2392 2,052 K 6,280 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 3020 1,200 K 3,264 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
taskeng.exe 2408 1,796 K 5,076 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 4508 2,024 K 5,964 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 2472 8,384 K 9,960 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 452 1,484 K 4,320 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 552 2,984 K 7,496 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1440 2,032 K 5,504 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1984 3,052 K 7,492 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5080 3,852 K 8,260 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 944 < 0.01 5,132 K 7,340 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 400 < 0.01 2,140 K 4,432 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 308 < 0.01 167,620 K 174,476 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2692 < 0.01 42,844 K 27,640 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1708 < 0.01 6,796 K 16,060 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AAM Updates Notifier.exe 2396 < 0.01 7,864 K 6,732 K AAM Updates Notifier Application Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
svchost.exe 408 0.01 30,124 K 47,880 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 600 0.01 2,456 K 4,160 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3712 0.01 3,820 K 7,844 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sftlist.exe 3368 0.01 5,588 K 12,880 K Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 1084 0.01 9,920 K 16,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1232 0.01 29,704 K 32,980 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
eEBSvc.exe 1812 0.01 4,872 K 6,968 K eEBAPI Core Process module SEIKO EPSON CORPORATION (Unable to verify) SEIKO EPSON CORPORATION
iexplore.exe 4240 0.01 21,212 K 42,812 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
EEventManager.exe 4368 0.02 2,904 K 10,312 K EEventManager Application SEIKO EPSON CORPORATION (Verified) SEIKO EPSON Corporation
NOBuAgent.exe 2676 0.02 2,424 K 5,540 K Norton Online Backup Service Symantec Corporation (Verified) Symantec Corporation
HPWA_Main.exe 4544 0.03 53,440 K 53,120 K HP Wireless Assistant Hewlett-Packard Company (Verified) Hewlett-Packard Company
lsass.exe 592 0.03 5,392 K 11,964 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 868 0.04 147,960 K 177,024 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
HPWA_Service.exe 3768 0.04 46,812 K 33,348 K HPPA_Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
svchost.exe 696 0.04 4,584 K 9,752 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 2000 0.09 67,252 K 70,912 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 4 0.30 112 K 304 K
csrss.exe 472 0.50 2,888 K 22,232 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
CinemaNowSvc.exe 1176 0.50 6,928 K 6,524 K CinemaNow Service Application CinemaNow, Inc. (Verified) Sonic Solutions
dwm.exe 2792 0.76 31,540 K 29,644 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 1.04 0 K 0 K Hardware Interrupts and DPCs
SynTPEnh.exe 3860 1.10 8,668 K 13,868 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp64.exe 2380 7.05 38,656 K 47,880 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
System Idle Process 0 88.34 0 K 24 K
  • 0

#38
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Summary
Operating System
Microsoft Windows 7 Home Premium 64-bit SP1
CPU
AMD K10 56 °C
45nm Technology
RAM
6.00 GB Dual-Channel DDR3 @ 536MHz (7-7-7-20)
Motherboard
Hewlett-Packard 1444 (Socket S1G4) 56 °C
Graphics
Generic PnP Monitor ([email protected])
AMD M880G with ATI Mobility Radeon HD 4250 (HP)
Hard Drives
298GB Seagate ST932032 5AS SATA Disk Device (SATA) 29 °C
Optical Drives
hp DVDRAM GT30L SATA CdRom Device
Audio
Realtek High Definition Audio
Operating System
Microsoft Windows 7 Home Premium 64-bit SP1
Computer type: Notebook
Installation Date : 12/25/2010 4:31:48 PM
Serial Number:
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Disabled
Windows Update
AutoUpdate Not configured
Windows Defender
Windows Defender Disabled
Antivirus
Antivirus Disabled
Company Name Microsoft
Display Name Microsoft Security Essentials
Product Version 4.1.522.0
Virus Signature Database Up to date
.NET Frameworks installed
v4.0 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 9.0.8112.16421
PowerShell
Version 2.0
Java
Java Runtime Environment
Path C:\Program Files (x86)\Java\jre6\bin\java.exe
Version 6.0
Update 26
Build 03
Environment Variables
USERPROFILE C:\Users\Raw from Noluv
SystemRoot C:\Windows
User Variables
TEMP C:\Users\Raw from Noluv\AppData\Local\Temp
TMP C:\Users\Raw from Noluv\AppData\Local\Temp
Machine Variables
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\Windows\system32
C:\Windows
C:\Windows\system32\wbem
C:\Program Files (x86)\AMD APP\bin\x86_64
C:\Program Files (x86)\AMD APP\bin\x86
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared
C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared
C:\Program Files (x86)\Windows Live\Shared
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\Windows\TEMP
TMP C:\Windows\TEMP
USERNAME SYSTEM
windir C:\Windows
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 2
PROCESSOR_LEVEL 16
PROCESSOR_IDENTIFIER AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
PROCESSOR_REVISION 0603
OnlineServices Online Services
Platform MCD
PCBRAND Pavilion
AMDAPPSDKROOT C:\Program Files (x86)\AMD APP\
Battery
AC Line Online
Battery Charge % Unknown
Battery State No Battery
Remaining Battery Time Unknown
Power Profile
Active power scheme Power saver
Hibernation Enabled
Turn Off Monitor after: (On AC Power) 5 min
Turn Off Monitor after: (On Battery Power) 2 min
Turn Off Hard Disk after: (On AC Power) 15 min
Turn Off Hard Disk after: (On Battery Power) 3 min
Suspend after: (On AC Power) 10 min
Suspend after: (On Battery Power) 5 min
Screen saver Enabled
Uptime
Current Session
Current Time 2/3/2013 11:47:21 PM
Current Uptime 25,651 sec (0 d, 07 h, 07 m, 31 s)
Last Boot Time 2/3/2013 4:39:50 PM
TimeZone
TimeZone GMT -5:00 Hours
Language English (United States)
Location United States
Format English (United States)
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
aam updates notifier.exe
Process ID 2396
User Raw from Noluv
Domain MMG
Path C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
Memory Usage 6.57 MB
Peak Memory Usage 17 MB
aertsr64.exe
Process ID 1144
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
Memory Usage 2.54 MB
Peak Memory Usage 2.57 MB
atieclxx.exe
Process ID 1312
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\atieclxx.exe
Memory Usage 5.85 MB
Peak Memory Usage 5.85 MB
atiesrxx.exe
Process ID 968
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\atiesrxx.exe
Memory Usage 4.00 MB
Peak Memory Usage 4.04 MB
audiodg.exe
Process ID 4228
cinemanowsvc.exe
Process ID 1176
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
Memory Usage 6.39 MB
Peak Memory Usage 7.43 MB
conhost.exe
Process ID 1448
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\conhost.exe
Memory Usage 2.53 MB
Peak Memory Usage 2.53 MB
csrss.exe
Process ID 400
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 4.34 MB
Peak Memory Usage 4.35 MB
csrss.exe
Process ID 472
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 14 MB
Peak Memory Usage 34 MB
cvhsvc.exe
Process ID 3484
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
Memory Usage 8.87 MB
Peak Memory Usage 8.96 MB
dwm.exe
Process ID 2792
User Raw from Noluv
Domain MMG
Path C:\Windows\system32\Dwm.exe
Memory Usage 29 MB
Peak Memory Usage 39 MB
eebsvc.exe
Process ID 1812
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
Memory Usage 6.80 MB
Peak Memory Usage 6.81 MB
eeventmanager.exe
Process ID 4368
User Raw from Noluv
Domain MMG
Path C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
Memory Usage 10 MB
Peak Memory Usage 10 MB
epcp.exe
Process ID 1768
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
Memory Usage 13 MB
Peak Memory Usage 24 MB
explorer.exe
Process ID 2000
User Raw from Noluv
Domain MMG
Path C:\Windows\Explorer.EXE
Memory Usage 72 MB
Peak Memory Usage 75 MB
facebookupdate.exe
Process ID 4128
User Raw from Noluv
Domain MMG
Path C:\Users\Raw from Noluv\AppData\Local\Facebook\Update\FacebookUpdate.exe
Memory Usage 1.80 MB
Peak Memory Usage 7.89 MB
firefox.exe
Process ID 688
User Raw from Noluv
Domain MMG
Path C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Memory Usage 107MB
Peak Memory Usage 114MB
flashplayerplugin_11_5_502_146.exe
Process ID 4796
User Raw from Noluv
Domain MMG
Path C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
Memory Usage 9.70 MB
Peak Memory Usage 9.70 MB
flashplayerplugin_11_5_502_146.exe
Process ID 3364
User Raw from Noluv
Domain MMG
Path C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
Memory Usage 10 MB
Peak Memory Usage 10 MB
fuel.service.exe
Process ID 704
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Memory Usage 5.68 MB
Peak Memory Usage 7.27 MB
googleupdate.exe
Process ID 2600
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Memory Usage 744KB
Peak Memory Usage 6.15 MB
hpcaslnotification.exe
Process ID 2376
User Raw from Noluv
Domain MMG
Path C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
Memory Usage 14 MB
Peak Memory Usage 30 MB
hpqwmiex.exe
Process ID 4320
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
Memory Usage 6.33 MB
Peak Memory Usage 6.42 MB
hpsa_service.exe
Process ID 4744
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Memory Usage 18 MB
Peak Memory Usage 18 MB
hpwa_main.exe
Process ID 4544
User Raw from Noluv
Domain MMG
Path C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
Memory Usage 52 MB
Peak Memory Usage 52 MB
hpwa_service.exe
Process ID 3768
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
Memory Usage 33 MB
Peak Memory Usage 37 MB
iexplore.exe
Process ID 868
User Raw from Noluv
Domain MMG
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 170MB
Peak Memory Usage 183MB
iexplore.exe
Process ID 4240
User Raw from Noluv
Domain MMG
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 42 MB
Peak Memory Usage 47 MB
iexplore.exe
Process ID 2124
User Raw from Noluv
Domain MMG
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 70 MB
Peak Memory Usage 80 MB
iexplore.exe
Process ID 3340
User Raw from Noluv
Domain MMG
Path C:\Program Files\Internet Explorer\iexplore.exe
Memory Usage 124MB
Peak Memory Usage 127MB
ioctlsvc.exe
Process ID 2800
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\SysWOW64\IoctlSvc.exe
Memory Usage 3.47 MB
Peak Memory Usage 3.49 MB
lsass.exe
Process ID 592
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsass.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
lsm.exe
Process ID 600
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsm.exe
Memory Usage 4.10 MB
Peak Memory Usage 4.10 MB
lssrvc.exe
Process ID 2104
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
Memory Usage 4.07 MB
Peak Memory Usage 4.12 MB
msmpeng.exe
Process ID 828
User SYSTEM
Domain NT AUTHORITY
Path c:\Program Files\Microsoft Security Client\MsMpEng.exe
Memory Usage 18 MB
Peak Memory Usage 340MB
nbservice.exe
Process ID 2172
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
Memory Usage 7.81 MB
Peak Memory Usage 7.91 MB
networklicenseserver.exe
Process ID 1972
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
Memory Usage 8.69 MB
Peak Memory Usage 8.72 MB
nobuagent.exe
Process ID 2676
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
Memory Usage 5.41 MB
Peak Memory Usage 5.42 MB
notepad.exe
Process ID 2864
User Raw from Noluv
Domain MMG
Path C:\Windows\system32\NOTEPAD.EXE
Memory Usage 6.81 MB
Peak Memory Usage 6.81 MB
plugin-container.exe
Process ID 4608
User Raw from Noluv
Domain MMG
Path C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
printisolationhost.exe
Process ID 3964
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\PrintIsolationHost.exe
Memory Usage 4.25 MB
Peak Memory Usage 4.25 MB
procexp.exe
Process ID 1776
User Raw from Noluv
Domain MMG
Path C:\Users\Raw from Noluv\Downloads\procexp.exe
Memory Usage 6.49 MB
Peak Memory Usage 6.52 MB
procexp64.exe
Process ID 2380
User Raw from Noluv
Domain MMG
Path C:\Users\Raw from Noluv\Downloads\procexp64.exe
Memory Usage 46 MB
Peak Memory Usage 53 MB
rtkngui64.exe
Process ID 3332
User Raw from Noluv
Domain MMG
Path C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
Memory Usage 10 MB
Peak Memory Usage 10 MB
rtvosd.exe
Process ID 3672
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
Memory Usage 7.39 MB
Peak Memory Usage 7.39 MB
rtvosdservice.exe
Process ID 4616
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
searchfilterhost.exe
Process ID 3540
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchFilterHost.exe
Memory Usage 7.80 MB
Peak Memory Usage 7.80 MB
searchindexer.exe
Process ID 2692
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchIndexer.exe
Memory Usage 28 MB
Peak Memory Usage 29 MB
searchprotocolhost.exe
Process ID 3700
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchProtocolHost.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
services.exe
Process ID 516
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\services.exe
Memory Usage 9.59 MB
Peak Memory Usage 16 MB
sftlist.exe
Process ID 3368
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
sftvsa.exe
Process ID 2440
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
Memory Usage 4.66 MB
Peak Memory Usage 4.72 MB
smss.exe
Process ID 272
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 1.09 MB
Peak Memory Usage 1.14 MB
speccy64.exe
Process ID 1072
User Raw from Noluv
Domain MMG
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 36 MB
Peak Memory Usage 38 MB
spoolsv.exe
Process ID 1536
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\spoolsv.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
svchost.exe
Process ID 1412
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 45 MB
svchost.exe
Process ID 1232
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 32 MB
Peak Memory Usage 54 MB
svchost.exe
Process ID 1084
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 16 MB
Peak Memory Usage 16 MB
svchost.exe
Process ID 1036
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 5.27 MB
Peak Memory Usage 5.27 MB
svchost.exe
Process ID 408
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 48 MB
Peak Memory Usage 426MB
svchost.exe
Process ID 308
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 165MB
Peak Memory Usage 219MB
svchost.exe
Process ID 1012
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 23 MB
Peak Memory Usage 24 MB
svchost.exe
Process ID 780
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 8.14 MB
Peak Memory Usage 8.19 MB
svchost.exe
Process ID 2392
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 6.13 MB
Peak Memory Usage 6.15 MB
svchost.exe
Process ID 2844
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 5.24 MB
Peak Memory Usage 5.31 MB
svchost.exe
Process ID 696
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 9.71 MB
Peak Memory Usage 9.94 MB
svchost.exe
Process ID 2072
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\SysWOW64\svchost.exe
Memory Usage 8.23 MB
Peak Memory Usage 8.47 MB
svchost.exe
Process ID 1708
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 21 MB
Peak Memory Usage 21 MB
svchost.exe
Process ID 3212
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 6.37 MB
Peak Memory Usage 6.37 MB
svchost.exe
Process ID 3712
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 7.66 MB
Peak Memory Usage 7.72 MB
syntpenh.exe
Process ID 3860
User Raw from Noluv
Domain MMG
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 14 MB
Peak Memory Usage 14 MB
syntphelper.exe
Process ID 3020
User Raw from Noluv
Domain MMG
Path C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
Memory Usage 3.19 MB
Peak Memory Usage 3.20 MB
system
Process ID 4
system idle process
Process ID 0
taskeng.exe
Process ID 4508
User Raw from Noluv
Domain MMG
Path C:\Windows\system32\taskeng.exe
Memory Usage 5.82 MB
Peak Memory Usage 5.98 MB
taskeng.exe
Process ID 2408
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\taskeng.exe
Memory Usage 4.96 MB
Peak Memory Usage 5.14 MB
taskhost.exe
Process ID 2472
User Raw from Noluv
Domain MMG
Path C:\Windows\system32\taskhost.exe
Memory Usage 9.75 MB
Peak Memory Usage 10 MB
wininit.exe
Process ID 452
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wininit.exe
Memory Usage 4.22 MB
Peak Memory Usage 4.29 MB
winlogon.exe
Process ID 552
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\winlogon.exe
Memory Usage 7.36 MB
Peak Memory Usage 7.96 MB
wlanext.exe
Process ID 1440
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\WLANExt.exe
Memory Usage 5.38 MB
Peak Memory Usage 5.40 MB
wmiprvse.exe
Process ID 1984
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 7.32 MB
Peak Memory Usage 7.66 MB
wmiprvse.exe
Process ID 5080
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 16 MB
Peak Memory Usage 19 MB
wmpnetwk.exe
Process ID 944
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 7.17 MB
Peak Memory Usage 12 MB
Scheduler
2/4/2013 12:30 AM; GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA
2/4/2013 12:34 AM; GoogleUpdateTaskMachineUA
2/4/2013 12:42 AM; Adobe Flash Player Updater
2/4/2013 2:00 AM; AdobeAAMUpdater-1.0-MMG-Raw from Noluv
2/4/2013 2:17 AM; FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000UA
2/4/2013 3:34 AM; GoogleUpdateTaskMachineCore
2/4/2013 5:17 PM; FacebookUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core
2/4/2013 5:30 PM; GoogleUpdateTaskUserS-1-5-21-3789529034-363299993-1152762269-1000Core
2/12/2013 1:56 PM; ROC_JAN2013_TB_rmv
4/2/2013 8:13 AM; HPCeeScheduleForRaw from Noluv
At1
RecoveryCDWin7
ServicePlan
Hotfixes
2/3/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.1453.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
2/2/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.1414.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
2/1/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.1339.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/18/2013 Prolific - Other hardware - Prolific USB-to-Serial Comm Port
Prolific Other hardware software update released in July, 2012
1/18/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.971.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/18/2013 Realtek - Network - Realtek PCIe FE Family Controller
Realtek Network software update released in June, 2011
1/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.919.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.919.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.919.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/16/2013 Prolific - Other hardware - Prolific USB-to-Serial Comm Port
Prolific Other hardware software update released in July, 2012
1/16/2013 Realtek - Network - Realtek PCIe FE Family Controller
Realtek Network software update released in June, 2011
1/16/2013 Prolific - Other hardware - Prolific USB-to-Serial Comm Port
Prolific Other hardware software update released in July, 2012
1/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.919.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/16/2013 Realtek - Network - Realtek PCIe FE Family Controller
Realtek Network software update released in June, 2011
1/16/2013 Prolific - Other hardware - Prolific USB-to-Serial Comm Port
Prolific Other hardware software update released in July, 2012
1/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.919.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/16/2013 Realtek - Network - Realtek PCIe FE Family Controller
Realtek Network software update released in June, 2011
1/16/2013 Prolific - Other hardware - Prolific USB-to-Serial Comm Port
Prolific Other hardware software update released in July, 2012
1/16/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.919.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/16/2013 Realtek - Network - Realtek PCIe FE Family Controller
Realtek Network software update released in June, 2011
1/16/2013 Prolific - Other hardware - Prolific USB-to-Serial Comm Port
Prolific Other hardware software update released in July, 2012
1/14/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.705.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/14/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.705.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/14/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.705.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/14/2013 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.705.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
1/13/2013 Qualcomm Atheros Communications Inc. - Network - Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
Qualcomm Atheros Communications Inc. Network software update
released in June, 2012
1/13/2013 Update for Windows 7 for x64-based Systems (KB2709981)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/13/2013 Microsoft Security Essentials - KB2754295
You may not be running an anti-malware solution and this may
leave your PC vulnerable to viruses, spyware and other malicious
software. Microsoft Security Essentials is a free anti-malware
software offered to Windows users who have purchased a Genuine
copy of Windows. Microsoft Security Essentials is licensed for
use on home PCs and by small businesses with 10 or fewer PCs.
You can download alternative languages directly from www.microsoft.com/security_essentials
with the “more information” link below.
1/13/2013 Update for Windows 7 for x64-based Systems (KB2574819)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/13/2013 ATI Technologies Inc. - Display - AMD M880G with ATI Mobility Radeon HD 4250
ATI Technologies Inc. Display software update released in September,
2010
1/13/2013 Update for Windows 7 for x64-based Systems (KB2592687)
The Remote Desktop Protocol 8.0 update enables you to use the
new Remote Desktop Services features. These features are introduced
in Windows 8 and in Windows Server 2012 and are available for
computers that are running Windows 7 Service Pack 1 or Windows
Server 2008 R2 Service Pack 1. After you install this item, you
may have to restart your computer.
1/13/2013 Synaptics - Input - Synaptics PS/2 Port TouchPad
Synaptics Input software update released in October, 2011
1/13/2013 Windows Malicious Software Removal Tool x64 - January 2013 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
1/5/2013 Security Update for Windows 7 for x64-based Systems (KB2769369)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/5/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2756921)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/5/2013 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2742595)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/5/2013 Security Update for Windows 7 for x64-based Systems (KB2757638)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/5/2013 Security Update for Windows 7 for x64-based Systems (KB2785220)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
1/5/2013 Update for Windows 7 for x64-based Systems (KB2786400)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/5/2013 Update for Windows 7 for x64-based Systems (KB2773072)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/5/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/5/2013 Update for Windows 7 for x64-based Systems (KB2726535)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/5/2013 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
This update provides the latest junk email and malicious links
filter definitions for Microsoft Office 2010 32-Bit Edition.
1/5/2013 Update for Windows 7 for x64-based Systems (KB2786081)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
1/5/2013 Security Update for Windows 7 for x64-based Systems (KB2778930)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
1/5/2013 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2736422)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
12/24/2012 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/19/2012 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Update for Windows 7 for x64-based Systems (KB2779562)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
12/13/2012 Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Windows 7 for x64-based Systems (KB2779030)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
A security vulnerability exists in Microsoft Word 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Security Update for Windows 7 for x64-based Systems (KB2753842)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Windows 7 for x64-based Systems (KB2758857)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Security Update for Windows 7 for x64-based Systems (KB2770660)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
12/13/2012 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2761465)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
12/13/2012 Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
A security vulnerability exists in Microsoft Visio 2010 32-Bit
Edition that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
12/13/2012 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
This update provides the latest junk email and malicious links
filter definitions for Microsoft Office 2010 32-Bit Edition.
12/13/2012 Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Microsoft has released an update for Microsoft Office 2010 32-Bit
Edition. This update provides the latest fixes to Microsoft Office
2010 32-Bit Edition. Additionally, this update contains stability
and performance improvements.
11/28/2012 Update for Windows 7 for x64-based Systems (KB2762895)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
System Folders
Path for burning CD C:\Users\Raw from Noluv\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\Raw from Noluv\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\Raw from Noluv\Desktop
Physical Desktop C:\Users\Raw from Noluv\Desktop
User Favorites C:\Users\Raw from Noluv\Favorites
Fonts C:\Windows\Fonts
Internet History C:\Users\Raw from Noluv\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\Raw from Noluv\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\Raw from Noluv\AppData\Local
Windows Directory C:\Windows
Windows/System C:\Windows\system32
Program Files C:\Program Files
Services
Running ABBYY FineReader 9.0 Sprint Licensing Service
Running AMD External Events Utility
Running AMD FUEL Service
Running Andrea RT Filters Service
Running Application Experience
Running Application Information
Running Application Virtualization Client
Running Application Virtualization Service Agent
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running CinemaNow Service
Running Client Virtualization Handler
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Distributed Link Tracking Client
Running DNS Client
Running EpsonBidirectionalService
Running EpsonCustomerParticipation
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running Group Policy Client
Running HomeGroup Provider
Running HP CUE DeviceDiscovery Service
Running HP Network Devices Support
Running HP Software Framework Service
Running HP Support Assistant Service
Running HP Wireless Assistant Service
Running hpqcxs08
Running IKE and AuthIP IPsec Keying Modules
Running IP Helper
Running IPsec Policy Agent
Running LightScribeService Direct Disc Labeling Service
Running Microsoft Antimalware Service
Running Multimedia Class Scheduler
Running Nero BackItUp Scheduler 3
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Norton Online Backup
Running Peer Name Resolution Protocol
Running Peer Networking Identity Manager
Running PLFlash DeviceIoControl Service
Running Plug and Play
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running RtVOsdService Installer
Running Secondary Logon
Running Secure Socket Tunneling Protocol Service
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Themes
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Connect Now - Config Registrar
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Image Acquisition (WIA)
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Update
Running WLAN AutoConfig
Running Workstation
Running WWAN AutoConfig
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Adobe Flash Player Update Service
Stopped Adobe SwitchBoard
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped ASP.NET State Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Certificate Propagation
Stopped COM+ System Application
Stopped Credential Manager
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Dpc_srv_webcast
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped GameConsoleService
Stopped Google Software Updater
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management
Stopped HomeGroup Listener
Stopped Human Interface Device Access
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X64
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X64
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Network Inspection
Stopped Microsoft SharePoint Workspace Audit Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Mozilla Maintenance Service
Stopped Net Driver HPZ12
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped NMIndexingService
Stopped Office Source Engine
Stopped Office Software Protection Platform
Stopped Parental Controls
Stopped Peer Networking Grouping
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped Pml Driver HPZ12
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped Tablet PC Input Service
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped UPnP Device Host
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Activation Technologies Service
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Defender
Stopped Windows Driver Foundation - User-mode Driver Framework
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Installer
Stopped Windows Live Family Safety Service
Stopped Windows Live ID Sign-in Assistant
Stopped Windows Live Mesh remote connections service
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped WinHTTP Web Proxy Auto-Discovery Service
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Security Options
Accounts: Administrator account status Disabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Not Defined
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not Defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Not Defined
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only Not Defined
Devices: Restrict floppy access to locally logged-on user only Not Defined
Domain controller: Allow server operators to schedule tasks Not Defined
Domain controller: LDAP server signing requirements Not Defined
Domain controller: Refuse machine account password changes Not Defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Enabled
Interactive logon: Display user information when the session is locked Not Defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not Defined
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 5 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Disabled
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Microsoft network server: Server SPN target name validation level Not Defined
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of passwords and credentials for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Network access: Remotely accessible registry paths and sub-paths System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Network access: Restrict anonymous access to Named Pipes and Shares Enabled
Network access: Shares that can be accessed anonymously Not Defined
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Network security: Allow Local System to use computer identity for NTLM Not Defined
Network security: Allow LocalSystem NULL session fallback Not Defined
Network Security: Allow PKU2U authentication requests to this computer to use online identities Not Defined
Network security: Configure encryption types allowed for Kerberos Not Defined
Network security: Do not store LAN Manager hash value on next password change Enabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Not Defined
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Require 128-bit encryption
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Require 128-bit encryption
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Not Defined
Network security: Restrict NTLM: Add server exceptions in this domain Not Defined
Network security: Restrict NTLM: Audit Incoming NTLM Traffic Not Defined
Network security: Restrict NTLM: Audit NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Incoming NTLM traffic Not Defined
Network security: Restrict NTLM: NTLM authentication in this domain Not Defined
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Not Defined
Recovery console: Allow automatic administrative logon Disabled
Recovery console: Allow floppy copy and access to all drives and all folders Disabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Force strong key protection for user keys stored on the computer Not Defined
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
System settings: Optional subsystems
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies Disabled
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent for non-Windows binaries
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Device Tree
ACPI x64-based PC
Microsoft ACPI-Compliant System
AMD Athlon II P340 Dual-Core Processor
AMD Athlon II P340 Dual-Core Processor
ACPI Power Button
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
ACPI Lid
Microsoft Windows Management Interface for ACPI
Direct Application Launch Button
ACPI Thermal Zone
ACPI Fixed Feature Button
AMD PCI Express (3GIO) Filter Driver
PCI standard host CPU bridge
AMD SMBus
PCI standard PCI-to-PCI bridge (Matrox Filtered)
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
Motherboard resources
High precision event timer
PCI standard PCI-to-PCI bridge (Matrox Filtered)
AMD M880G with ATI Mobility Radeon HD 4250
Generic PnP Monitor
High Definition Audio Controller
AMD High Definition Audio Device
PCI standard PCI-to-PCI bridge (Matrox Filtered)
Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
Microsoft Virtual WiFi Miniport Adapter
PCI standard PCI-to-PCI bridge (Matrox Filtered)
Realtek PCIe FE Family Controller
AMD SATA Controller
ST932032 5AS SATA Disk Device
hp DVDRAM GT30L SATA CdRom Device
Standard OpenHCD USB Host Controller
USB Root Hub
Unknown Device
Standard Enhanced PCI to USB Host Controller
USB Root Hub
Standard OpenHCD USB Host Controller
USB Root Hub
Standard Enhanced PCI to USB Host Controller
USB Root Hub
High Definition Audio Controller
Realtek High Definition Audio
LPC Interface Controller
Direct memory access controller
Numeric data processor
Programmable interrupt controller
System CMOS/real time clock
System speaker
System timer
Standard PS/2 Keyboard
Synaptics PS/2 Port TouchPad
Motherboard resources
System board
Microsoft ACPI-Compliant Embedded Controller
Standard OpenHCD USB Host Controller
USB Root Hub
Standard OpenHCD USB Host Controller
USB Root Hub
Standard Enhanced PCI to USB Host Controller
USB Root Hub
CPU
AMD K10
Cores 2
Threads 2
Name AMD K10
Package Socket S1 (638)
Technology 45nm
Specification AMD Athlon II P340 Dual-Core Processor
Family F
Extended Family 10
Model 6
Extended Model 6
Stepping 3
Revision DA-C3
Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64
Virtualization Supported, Enabled
Hyperthreading Not supported
Bus Speed 201.2 MHz
Rated Bus Speed 1609.3 MHz
Stock Core Speed 2200 MHz
Stock Bus Speed 200 MHz
Average Temperature 56 °C
Caches
L1 Data Cache Size 2 x 64 KBytes
L1 Instructions Cache Size 2 x 64 KBytes
L2 Unified Cache Size 2 x 512 KBytes
Core 0
Core Speed 804.7 MHz
Multiplier x 4.0
Bus Speed 201.2 MHz
Rated Bus Speed 1609.3 MHz
Temperature 56 °C
Thread 1
APIC ID 0
Core 1
Core Speed 804.7 MHz
Multiplier x 4.0
Bus Speed 201.2 MHz
Rated Bus Speed 1609.3 MHz
Temperature 56 °C
Thread 1
APIC ID 1
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR3
Size 6144 MBytes
Channels # Dual
DRAM Frequency 536.4 MHz
CAS# Latency (CL) 7 clocks
RAS# to CAS# Delay (tRCD) 7 clocks
RAS# Precharge (tRP) 7 clocks
Cycle Time (tRAS) 20 clocks
Bank Cycle Time (tRC) 27 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 36 %
Total Physical 5.75 GB
Available Physical 3.63 GB
Total Virtual 12 GB
Available Virtual 9.47 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR3
Size 2048 MBytes
Manufacturer Micron Technology
Max Bandwidth PC3-10700 (667 MHz)
Part Number 8JSF25664HZ-1G4D1
Serial Number E26666D5
Week/year 33 / 10
SPD Ext. EPP
JEDEC #6
Frequency 761.9 MHz
CAS# Latency 10.0
RAS# To CAS# 10
RAS# Precharge 10
tRAS 28
tRC 38
Voltage 1.500 V
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Slot #2
Type DDR3
Size 4096 MBytes
Manufacturer Nanya Technology
Max Bandwidth PC3-10700 (667 MHz)
Part Number M2S4G64CB8HB5N-CG
Serial Number 6DD51C7E
Week/year 03 / 11
SPD Ext. EPP
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Motherboard
Manufacturer Hewlett-Packard
Model 1444 (Socket S1G4)
Version 0595110000242710010020100
Chipset Vendor AMD
Chipset Model 785GX
Chipset Revision 00
Southbridge Vendor AMD
Southbridge Model SB800
Southbridge Revision 40
System Temperature 56 °C
BIOS
Brand Hewlett-Packard
Version F.27
Date 2/16/2011
PCI Data
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width Unknown
Slot Designation PCI Express Slot 1
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width Unknown
Slot Designation PCI Express Slot 2
Slot Number 1
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width Unknown
Slot Designation PCI Express Slot 3
Slot Number 2
Graphics
Monitor
Name Generic PnP Monitor on AMD M880G with ATI Mobility Radeon HD 4250
Current Resolution 1366x768 pixels
Work Resolution 1366x728 pixels
State enabled, primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
AMD M880G with ATI Mobility Radeon HD 4250
GPU RS880M
Device ID 1002-9712
Subvendor HP (103C)
Current Performance Level Level 1
Die Size 73 mm˛
Release Date Sep 10, 2009
DirectX Support 10.1
DirectX Shader Model 4.1
OpenGL Support 3.3
GPU Clock 0.0 MHz
Bios Core Clock 500.00
Bios Mem Clock 533.00
Driver version 8.770.2.1000
ROPs 4
Shaders 40 unified
Count of performance levels : 1
Level 1
OpenGL
Version 3.3.10179 Compatibility Profile Context
Vendor ATI Technologies Inc.
Renderer AMD M880G with ATI Mobility Radeon HD 4250
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 8
GL_MAX_TEXTURE_SIZE 8192
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_AMDX_debug_output
GL_AMD_conservative_depth
GL_AMD_debug_output
GL_AMD_draw_buffers_blend
GL_AMD_name_gen_delete
GL_AMD_performance_monitor
GL_AMD_sample_positions
GL_AMD_shader_stencil_export
GL_ARB_blend_func_extended
GL_ARB_color_buffer_float
GL_ARB_copy_buffer
GL_ARB_depth_buffer_float
GL_ARB_depth_clamp
GL_ARB_depth_texture
GL_ARB_draw_buffers
GL_ARB_draw_buffers_blend
GL_ARB_draw_elements_base_vertex
GL_ARB_draw_instanced
GL_ARB_explicit_attrib_location
GL_ARB_fragment_coord_conventions
GL_ARB_fragment_program
GL_ARB_fragment_program_shadow
GL_ARB_fragment_shader
GL_ARB_framebuffer_object
GL_ARB_framebuffer_sRGB
GL_ARB_geometry_shader4
GL_ARB_half_float_pixel
GL_ARB_half_float_vertex
GL_ARB_imaging
GL_ARB_instanced_arrays
GL_ARB_map_buffer_range
GL_ARB_multisample
GL_ARB_multitexture
GL_ARB_occlusion_query
GL_ARB_occlusion_query2
GL_ARB_pixel_buffer_object
GL_ARB_point_parameters
GL_ARB_point_sprite
GL_ARB_provoking_vertex
GL_ARB_sampler_objects
GL_ARB_seamless_cube_map
GL_ARB_shader_bit_encoding
GL_ARB_shader_objects
GL_ARB_shader_texture_lod
GL_ARB_shading_language_100
GL_ARB_shadow
GL_ARB_shadow_ambient
GL_ARB_sync
GL_ARB_texture_border_clamp
GL_ARB_texture_buffer_object
GL_ARB_texture_compression
GL_ARB_texture_compression_rgtc
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_crossbar
GL_ARB_texture_env_dot3
GL_ARB_texture_float
GL_ARB_texture_mirrored_repeat
GL_ARB_texture_multisample
GL_ARB_texture_non_power_of_two
GL_ARB_texture_rectangle
GL_ARB_texture_rg
GL_ARB_texture_rgb10_a2ui
GL_ARB_texture_snorm
GL_ARB_timer_query
GL_ARB_transform_feedback2
GL_ARB_transform_feedback3
GL_ARB_transpose_matrix
GL_ARB_uniform_buffer_object
GL_ARB_vertex_array_bgra
GL_ARB_vertex_array_object
GL_ARB_vertex_buffer_object
GL_ARB_vertex_program
GL_ARB_vertex_shader
GL_ARB_vertex_type_2_10_10_10_rev
GL_ARB_window_pos
GL_ATI_draw_buffers
GL_ATI_envmap_bumpmap
GL_ATI_fragment_shader
GL_ATI_meminfo
GL_ATI_separate_stencil
GL_ATI_texture_compression_3dc
GL_ATI_texture_env_combine3
GL_ATI_texture_float
GL_ATI_texture_mirror_once
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_bindable_uniform
GL_EXT_blend_color
GL_EXT_blend_equation_separate
GL_EXT_blend_func_separate
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_compiled_vertex_array
GL_EXT_copy_buffer
GL_EXT_copy_texture
GL_EXT_direct_state_access
GL_EXT_draw_buffers2
GL_EXT_draw_instanced
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_framebuffer_blit
GL_EXT_framebuffer_multisample
GL_EXT_framebuffer_object
GL_EXT_framebuffer_sRGB
GL_EXT_geometry_shader4
GL_EXT_gpu_program_parameters
GL_EXT_gpu_shader4
GL_EXT_histogram
GL_EXT_multi_draw_arrays
GL_EXT_packed_depth_stencil
GL_EXT_packed_float
GL_EXT_packed_pixels
GL_EXT_pixel_buffer_object
GL_EXT_point_parameters
GL_EXT_provoking_vertex
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_separate_specular_color
GL_EXT_shadow_funcs
GL_EXT_stencil_wrap
GL_EXT_subtexture
GL_EXT_texgen_reflection
GL_EXT_texture3D
GL_EXT_texture_array
GL_EXT_texture_buffer_object
GL_EXT_texture_buffer_object_rgb32
GL_EXT_texture_compression_latc
GL_EXT_texture_compression_rgtc
GL_EXT_texture_compression_s3tc
GL_EXT_texture_cube_map
GL_EXT_texture_edge_clamp
GL_EXT_texture_env_add
GL_EXT_texture_env_combine
GL_EXT_texture_env_dot3
GL_EXT_texture_filter_anisotropic
GL_EXT_texture_integer
GL_EXT_texture_lod
GL_EXT_texture_lod_bias
GL_EXT_texture_mirror_clamp
GL_EXT_texture_object
GL_EXT_texture_rectangle
GL_EXT_texture_sRGB
GL_EXT_texture_shared_exponent
GL_EXT_texture_snorm
GL_EXT_texture_swizzle
GL_EXT_timer_query
GL_EXT_transform_feedback
GL_EXT_vertex_array
GL_EXT_vertex_array_bgra
GL_IBM_texture_mirrored_repeat
GL_KTX_buffer_region
GL_NV_blend_square
GL_NV_conditional_render
GL_NV_copy_depth_to_color
GL_NV_explicit_multisample
GL_NV_float_buffer
GL_NV_half_float
GL_NV_primitive_restart
GL_NV_texgen_reflection
GL_SGIS_generate_mipmap
GL_SGIS_texture_edge_clamp
GL_SGIS_texture_lod
GL_SUN_multi_draw_arrays
GL_WIN_swap_hint
WGL_EXT_swap_control
GL_EXT_bgra
Hard Drives
ST932032 5AS SATA Disk Device
Manufacturer Seagate
Form Factor 2.5"
Heads 16
Cylinders 16,383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number 6VD8NB7S
LBA Size 48-bit LBA
Power On Count 4594 times
Power On Time 194.2 days
Speed, Expressed in Revolutions Per Minute (rpm) 5400
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 298GB
Real size 320,072,933,376 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 099 (099 worst) Data 0006DCAD3D
03 Spin-Up Time 099 (098) Data 0000000000
04 Start/Stop Count 096 (096) Data 0000001358
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 081 (060) Data 000712A56C
09 Power-On Hours (POH) 095 (095) Data 0000001235
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 096 (096) Data 00000011F2
B7 SATA Downshift Error Count 100 (253) Data 0000000000
B8 End-to-End error / IOEDC 100 (100) Data 0000000000
BB Reported Uncorrectable Errors 001 (001) Data 00000000A2
BC Command Timeout 100 (099) Data 0000010004
BD High Fly Writes (WDC) 100 (100) Data 0000000000
BE Temperature Difference from 100 072 (047) Data 001C19001C
BF G-sense error rate 100 (100) Data 00000000B1
C0 Power-off Retract Count 100 (100) Data 0000000111
C1 Load/Unload Cycle Count 092 (092) Data 0000004034
C2 Temperature 028 (053) Data 000000001C
C3 Hardware ECC Recovered 058 (052) Data 0006DCAD3D
C4 Reallocation Event Count 100 (100) Data 0000000000
C5 Current Pending Sector Count 100 (100) Data 0000000001
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
Temperature 29 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 199 MB
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number E24B9178
Size 280GB
Used Space 232GB (83%)
Free Space 49GB (17%)
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter D:
File System NTFS
Volume Serial Number A65DC843
Size 17.3GB
Used Space 14.8GB (86%)
Free Space 2.51GB (14%)
Partition 3
Partition ID Disk #0, Partition #3
Disk Letter F:
File System FAT32
Volume Serial Number A27E29C5
Size 99MB
Used Space 9MB (10%)
Free Space 89MB (90%)
Optical Drives
hp DVDRAM GT30L SATA CdRom Device
Media Type DVD Writer
Name hp DVDRAM GT30L SATA CdRom Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive E:
DriveIntegrity TRUE
Media Loaded TRUE
SCSI Bus 1
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 0
Size 69.1 MB
Status OK
Transfer Rate 1368 KB/S
Volume Name MyDisc
Volume Serial Number 3C85B35E
Audio
Sound Cards
AMD High Definition Audio Device
Realtek High Definition Audio
Playback Device
Speakers (Realtek High Definition Audio)
Recording Devices
Microphone (Realtek High Definition Audio)
Stereo Mix (Realtek High Definition Audio) (default)
Speaker Configuration
Speaker type Stereo
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Vendor (Standard keyboards)
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Vendor Synaptics
Location plugged into PS/2 mouse port
Driver
Date 10-13-2011
Version 15.3.29.0
File C:\Windows\system32\DRIVERS\SynTP.sys
File C:\Windows\system32\SynTPAPI.dll
File C:\Windows\system32\SynCOM.dll
File C:\Windows\system32\SynCtrl.dll
File C:\Windows\system32\syndata.bin
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
File C:\Program Files\Synaptics\SynTP\SynPivotRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynPinch.mpg
File C:\Program Files\Synaptics\SynTP\SynMomentum.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynPivotRotate_ChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingersDown.mpg
File C:\Program Files\Synaptics\SynTP\SynTwistRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralTwistRotate.mpg
File C:\Program Files\Synaptics\SynTP\StaticImg.html
File C:\Program Files\Synaptics\SynTP\StaticImg.png
File C:\Program Files\Synaptics\SynTP\SynSysDetect.js
File C:\Program Files\Synaptics\SynTP\Syn2FingerScrolling.wmv
File C:\Program Files\Synaptics\SynTP\Syn3FingerFlick.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlick.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FFlickVNB.wmv
File C:\Program Files\Synaptics\SynTP\SynSmartSenseNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickUpDown.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickUpDownNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickLeftRight.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickLeftRightNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn3FingerPress.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotion.wmv
File C:\Program Files\Synaptics\SynTP\SynLinearScrolling.wmv
File C:\Program Files\Synaptics\SynTP\SynMomentum.wmv
File C:\Program Files\Synaptics\SynTP\SynMomentumScrolling.wmv
File C:\Program Files\Synaptics\SynTP\SynPinchZoom.wmv
File C:\Program Files\Synaptics\SynTP\SynPivotRotate.wmv
File C:\Program Files\Synaptics\SynTP\SynTwistRotate.wmv
File C:\Program Files\Synaptics\SynTP\SynCoverGesture.wmv
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.wmv
File C:\Program Files\Synaptics\SynTP\SynChiralScrolling.wmv
File C:\Program Files\Synaptics\SynTP\SynCoastingScrolling.wmv
File C:\Program Files\Synaptics\SynTP\SynPointing.wmv
File C:\Program Files\Synaptics\SynTP\SynPalmCheck.wmv
File C:\Program Files\Synaptics\SynTP\SynSensitivity.wmv
File C:\Program Files\Synaptics\SynTP\SynWindowConstrained.wmv
File C:\Program Files\Synaptics\SynTP\SynSlowMotion.wmv
File C:\Program Files\Synaptics\SynTP\SynConstrainedMotion.wmv
File C:\Program Files\Synaptics\SynTP\SynTapping.wmv
File C:\Program Files\Synaptics\SynTP\SynButtons.wmv
File C:\Program Files\Synaptics\SynTP\SynTouchStykSelect.wmv
File C:\Program Files\Synaptics\SynTP\SynTouchStykButton.wmv
File C:\Program Files\Synaptics\SynTP\SynTouchStykSensitivity.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionDragging.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionFixedSpeed.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionPointing.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionPressure.wmv
File C:\Program Files\Synaptics\SynTP\SynNoButtons.wmv
File C:\Program Files\Synaptics\SynTP\SynTapZones.wmv
File C:\Program Files\Synaptics\SynTP\SynLinearHScrolling.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerHScrolling.wmv
File C:\Program Files\Synaptics\SynTP\SynTapHoldToDrag.wmv
File C:\Program Files\Synaptics\SynTP\Syn1FingerClickNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn1FingerClickDrag.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerClickDrag.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerRightClickNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerFlickNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerFlickLRNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerHScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn3FingerFlickNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn3FingerPressNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickNB.wmv
File C:\Program Files\Synaptics\SynTP\SynButtonsNB.wmv
File C:\Program Files\Synaptics\SynTP\SynChiralRotateNB.wmv
File C:\Program Files\Synaptics\SynTP\SynChiralScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynCoastingScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynConstrainedMotionNB.wmv
File C:\Program Files\Synaptics\SynTP\SynCoverGestureNB.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionDraggingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionFixedSpeedNB.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionNB.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionPointingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynEdgeMotionPressureNB.wmv
File C:\Program Files\Synaptics\SynTP\SynLinearHScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynLinearScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynMomentumNB.wmv
File C:\Program Files\Synaptics\SynTP\SynMomentumScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynPinchZoomNB.wmv
File C:\Program Files\Synaptics\SynTP\SynPivotRotateNB.wmv
File C:\Program Files\Synaptics\SynTP\SynSensitivityNB.wmv
File C:\Program Files\Synaptics\SynTP\SynSlowMotionNB.wmv
File C:\Program Files\Synaptics\SynTP\SynTapHoldToDragNB.wmv
File C:\Program Files\Synaptics\SynTP\SynTapZonesNB.wmv
File C:\Program Files\Synaptics\SynTP\SynTwistRotateNB.wmv
File C:\Program Files\Synaptics\SynTP\SynPointingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynPalmCheckNB.wmv
File C:\Program Files\Synaptics\SynTP\SynWindowConstrainedNB.wmv
File C:\Program Files\Synaptics\SynTP\SynTappingNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerMomentumVHScrolling.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerMomentumVHScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerVHCoasting.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerVHCoastingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynMomentumVHScrolling.wmv
File C:\Program Files\Synaptics\SynTP\SynMomentumVHScrollingNB.wmv
File C:\Program Files\Synaptics\SynTP\SynVHCoasting.wmv
File C:\Program Files\Synaptics\SynTP\SynVHCoastingNB.wmv
File C:\Program Files\Synaptics\SynTP\Syn2FingerScrolling.html
File C:\Program Files\Synaptics\SynTP\Syn2FingerFlick.html
File C:\Program Files\Synaptics\SynTP\Syn3FingerFlick.html
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlick.html
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickUpDown.html
File C:\Program Files\Synaptics\SynTP\Syn4FingerFlickLeftRight.html
File C:\Program Files\Synaptics\SynTP\Syn3FingerPress.html
File C:\Program Files\Synaptics\SynTP\SynEdgeMotion.html
File C:\Program Files\Synaptics\SynTP\SynMomentum.html
File C:\Program Files\Synaptics\SynTP\SynPinchZoom.html
File C:\Program Files\Synaptics\SynTP\SynRotating.html
File C:\Program Files\Synaptics\SynTP\SynTwistRotate.html
File C:\Program Files\Synaptics\SynTP\SynCoverGesture.html
File C:\Program Files\Synaptics\SynTP\SynAccessibility.html
File C:\Program Files\Synaptics\SynTP\SynSmartSense.html
File C:\Program Files\Synaptics\SynTP\SynButtons.html
File C:\Program Files\Synaptics\SynTP\SynClicking.html
File C:\Program Files\Synaptics\SynTP\SynMultiFingerGestures.html
File C:\Program Files\Synaptics\SynTP\SynPalmCheck.html
File C:\Program Files\Synaptics\SynTP\SynPointing.html
File C:\Program Files\Synaptics\SynTP\SynScrolling.html
File C:\Program Files\Synaptics\SynTP\SynSensitivity.html
File C:\Program Files\Synaptics\SynTP\SynTapping.html
File C:\Program Files\Synaptics\SynTP\SynTouchStykButton.html
File C:\Program Files\Synaptics\SynTP\SynTouchStykSelect.html
File C:\Program Files\Synaptics\SynTP\SynTouchStykSensitivity.html
File C:\Program Files\Synaptics\SynTP\SynScrollingVertical.html
File C:\Program Files\Synaptics\SynTP\SynScrollingHorizontal.html
File C:\Program Files\Synaptics\SynTP\SynScrollingChiral.html
File C:\Program Files\Synaptics\SynTP\SynLinearVScroll.mpg
File C:\Program Files\Synaptics\SynTP\Ckp2FingerScrolling.mpg
File C:\Program Files\Synaptics\SynTP\Ckp3FingerDown.mpg
File C:\Program Files\Synaptics\SynTP\Ckp3FingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\CkpChiralMotion.mpg
File C:\Program Files\Synaptics\SynTP\CkpClickDrag.mpg
File C:\Program Files\Synaptics\SynTP\CkpLinearScroll.mpg
File C:\Program Files\Synaptics\SynTP\CkpLRClick.mpg
File C:\Program Files\Synaptics\SynTP\CkpMomentum.mpg
File C:\Program Files\Synaptics\SynTP\CkpPinch.mpg
File C:\Program Files\Synaptics\SynTP\CkpPivotRotate.mpg
File C:\Program Files\Synaptics\SynTP\CkpPivotRotate2.mpg
File C:\Program Files\Synaptics\SynTP\CkpTouchpadDisable.mpg
File C:\Windows\SysWOW64\SynCOM.dll
File C:\Windows\SysWOW64\SynCtrl.dll
File C:\Windows\SysWOW64\SynTPCOM.dll
File C:\Windows\SysWOW64\SynTPEnhPS.dll
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
File C:\Windows\system32\SynTPCo9.dll
File C:\Windows\system32\WdfCoInstaller01009.dll
Printers
EPSON Artisan 50 Series (Copy 1)
Printer Port USB003
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 360 * 360 dpi Color
Status The printer is being deleted
Driver
Driver Name EPSON Artisan 50 Series (v5.10)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\E_IMAIFFA.DLL
EPSON WP-4530 Series - Network FAX
Printer Port LPT1:
Print Processor winprint
Availability Always
Priority 1
Print Quality 203 * 203 dpi Monochrome
Status Unknown
Driver
Driver Name EPSON PC-FAX driver (v4.10)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
HP Photosmart D5300 series
Printer Port USB001
Print Processor hpzppw71
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name HP Photosmart D5300 series (v6.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Send To OneNote 2010
Printer Port nul:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Send To Microsoft OneNote 2010 Driver (v6.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
WP-4530 Series(Network) (Default Printer)
Printer Port EP73BCF9:WP-4530 SERIES
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name EPSON WP-4530 Series (v1.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\E_YMAIH3A.DLL
Network
You are not connected to the internet
Computer Name
NetBIOS Name MMG
DNS Name MMG
Membership Part of workgroup
Workgroup WORKGROUP
Remote Desktop
Disabled
Console
State Active
Domain MMG
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 1
Wi-Fi (HOME-0A32)
SSID HOME-0A32
Frequency 2412000 kHz
Channel Number 1
Name HOME-0A32
Signal Strength/Quality 84
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60,000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30,000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
File and printer sharing service Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Network access: Sharing and security model for local accounts Classic - local users authenticate as themselves
Adapters List
Microsoft Virtual WiFi Miniport Adapter
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
IP Address 10.0.0.4
Subnet mask 255.255.255.0
Gateway server 10.0.0.1
Realtek PCIe FE Family Controller
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Network Shares
Users C:\Users
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
ESET found some java exploits, some adware and it claims this download: Android_Apps_and_Games_Pack_Jan_09_2011.rar had a trojan.'


Let's uninstall your Java as it is out of date and currently we do not know of a really safe version:

Uninstall: Java™ 6 Update 26 (If you must have java for some reason (most people and sites don't need it) get it from java.com but do not let them foist the ask toolbar, yahoo toolbar or McAfee Security Scan on you. Then we suggest you use Firefox or Chrome with the No-script or Script-no add-ons and only allow those sites which must have Java to use it.)

Other programs you should uninstall:

Adobe Reader 9.3 MUI - Obsolete uninstall and then get the latest reader from adobe.com but do not let them foist the ask toolbar, yahoo toolbar or McAfee Security Scan on you.
µTorrent - We do not recommend P2P programs.
Yahoo! Messenger -(unless you use it)
HPProductAssistant - This is broken and creating errors. If you need it I'm sure you can find a newer version on HP's website.
Speccy. We don't need it any more.

Speccy says your PC is running a bit hot. 56 C. Just be careful with it. It should never be used on a soft surface like a bed as the vents can get blocked. Make sure it is not clogged with dust. There is a program speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Both Bitdefender and OTL say the MSSE is broken so I think we need to uninstall it and replace it with the free Avast.


Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall Microsoft Security Essentials

Reboot

Install Avast (right click and Run As Admin). (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours so I usually let it run while I sleep. (Make sure to mute the speakers so it doesn't wake you when windows boots.)
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? C:\ProgramData\Avast Software\Avast\report\aswboot.txt is usually a text version of the report. If it found anything, copy and paste it to a reply.


Copy the text in the code box:

/md5start
mmc.exe
/md5stop


Run OTL (Vista or Win 7 => right click and Run As Administrator)



Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

#40
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 04/02/2013 7:27:57 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/02/2013 12:19:47 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147593794 Name: HackTool:Win32/Keygen ID: 2147593794 Severity: Medium Category: Tool Path: file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll;file:_C:\Users\Raw from Noluv\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.143.1453.0, AS: 1.143.1453.0, NIS: 18.36.0.0 Engine Version: AM: 1.1.9103.0, NIS: 2.1.8904.0

Log: 'System' Date/Time: 04/02/2013 12:17:49 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 04/02/2013 12:17:49 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll
  • 0

Advertisements


#41
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
02/04/2013 07:55
Scan of all local drives

File C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\2CA0.tmp.vir is infected by Win32:Malware-gen, Moved to chest
File C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\2CB0.tmp.vir is infected by Win32:Malware-gen, Moved to chest
File C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir is infected by Win32:Sirefef-FQ [Drp], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir is infected by Win32:Sirefef-HO [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#1ac7] is infected by Win32:Sirefef-HO [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#2ec7] is infected by Win32:Sirefef-FQ [Drp], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir|>[Embedded_I#46ff] is infected by Win32:Sirefef-JQ [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir is infected by Win32:Sirefef-HO [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\mbr0000\tsk0000.dta is infected by MBR:Alureon-M [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\mbr0000\tsk0001.dta is infected by MBR:Alureon-M [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0000.dta is infected by Win32:Malware-gen, Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0002.dta is infected by Win32:[email protected] [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0003.dta is infected by Win32:Malware-gen, Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0005.dta is infected by MBR:Alureon-M [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0008.dta is infected by MBR:Alureon-B [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0009.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\mbr0000\tdlfs0000\tsk0010.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\01.05.2012_11.02.34\zaea0000\svc0000\tsk0000.dta is infected by Win64:ZAccess-E [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0000.dta is infected by Win32:Malware-gen, Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0002.dta is infected by Win32:[email protected] [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0003.dta is infected by Win32:Malware-gen, Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0004.dta is infected by Win32:Alureon-AQL [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0005.dta is infected by MBR:Alureon-M [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0008.dta is infected by MBR:Alureon-B [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0009.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\21.01.2013_16.33.49\tdlfs0000\tsk0010.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>At.class is infected by Java:CVE-2012-0507-MT [Expl], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>Atomic.class is infected by Java:CVE-2012-0507-DM [Expl], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>Dedicated.class is infected by Java:CVE-2012-0507-MT [Expl], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>Lopmoder.class is infected by Java:CVE-2012-0507-FC [Expl], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>Need.class is infected by Java:CVE-2012-0507-MM [Expl], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>Suio.class is infected by Java:Agent-BES [Trj], Moved to chest
File C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7e6afb59-45303379|>Third.class is infected by Java:Downloader-GR [Expl], Moved to chest
Number of searched folders: 43657
Number of tested files: 1766682
Number of infected files: 33
  • 0

#42
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
OTL logfile created on: 2/4/2013 12:25:34 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 73.88% Memory free
11.74 Gb Paging File | 10.04 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 49.88 Gb Free Space | 17.79% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 09:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/04 18:51:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/25 21:23:14 | 000,438,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 08:38:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/28 08:38:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/20 22:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D2B1EE8F-3646-466A-8407-78DA4AAE7B32}: "URL" = http://www.google.co...1I7ADFA_enUS422
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/04 07:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 19:32:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 12:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions
[2012/08/21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/26 22:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/26 22:47:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/11 19:32:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 19:32:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/11 19:32:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: avast! WebRep = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/02 04:04:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235AA25-4B56-4A1B-A6B5-2B4EF4597E21}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 07:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/04 07:42:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/04 07:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/04 07:42:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/04 07:42:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/04 07:42:37 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/04 07:42:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/04 07:42:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/04 07:42:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/04 07:42:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/04 07:42:05 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/02/03 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2013/02/02 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/02 04:05:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/21 16:27:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/21 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/21 16:18:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Programs
[2013/01/21 14:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/21 14:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/21 14:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/21 12:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 04:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2013/01/18 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2013/01/15 08:27:56 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/01/15 08:25:58 | 000,245,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2013/01/15 08:25:56 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2013/01/15 07:33:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013/01/15 07:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013/01/15 07:28:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2013/01/14 15:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/01/14 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/14 07:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/01/14 07:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 07:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/14 02:45:37 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/14 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/01/14 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013/01/14 00:49:38 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2013/01/13 23:54:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 18:05:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/13 18:05:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/01/13 18:05:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/01/13 18:05:29 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/01/13 18:05:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/01/13 18:05:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/01/13 18:05:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/01/13 18:05:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/01/13 18:05:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/01/13 18:05:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/01/13 18:05:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/01/13 18:05:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/01/13 18:05:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/01/13 18:05:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/01/13 18:05:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/01/13 18:05:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/01/13 18:05:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/01/13 18:05:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/01/13 18:05:27 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/13 18:05:27 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/01/13 18:05:26 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/01/13 18:05:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/01/13 18:02:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/01/13 18:02:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/01/13 18:02:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/13 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\ABBYY
[2013/01/13 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/01/13 14:19:10 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2013/01/13 14:19:10 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2013/01/13 14:19:10 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2013/01/13 14:19:10 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2013/01/13 14:19:10 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2013/01/13 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/01/13 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/01/13 14:10:38 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2013/01/13 14:10:38 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2013/01/13 14:10:37 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2013/01/13 14:10:37 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2013/01/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/01/13 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/01/13 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/01/13 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/01/13 14:04:50 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013/01/13 14:04:50 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013/01/13 14:04:50 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2013/01/13 09:03:20 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2013/01/11 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Unizeal_Corp
[2013/01/11 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2013/01/11 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2013/01/11 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013/01/11 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/01/11 21:03:21 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2013/01/11 21:03:21 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2013/01/11 21:03:21 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2013/01/11 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2013/01/11 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/01/11 21:03:02 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMFFA.DLL
[2013/01/11 21:02:59 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBFFA.DLL
[2013/01/11 21:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/01/11 21:00:38 | 000,615,984 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8n.ocx
[2013/01/11 21:00:37 | 000,847,872 | ---- | C] (Arcadia Software Development) -- C:\Windows\SysWow64\PowerButton.ocx
[2013/01/11 21:00:37 | 000,497,488 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Publisher Pro
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Publisher Pro
[2013/01/11 20:52:06 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys

========== Files - Modified Within 30 Days ==========

[2013/02/04 12:17:02 | 000,738,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 12:17:02 | 000,632,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 12:17:02 | 000,109,972 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 12:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 11:23:18 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 11:23:18 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 11:16:50 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 07:42:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:31:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/04 07:08:46 | 000,001,007 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/02/04 06:36:01 | 668,360,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/02 04:04:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/02 03:26:40 | 000,001,210 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/01 21:40:25 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2013/01/21 16:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 16:18:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:14:39 | 000,001,133 | ---- | M] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 13:16:51 | 000,001,204 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/18 02:17:54 | 000,230,665 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/15 07:33:13 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 08:37:39 | 005,057,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 02:47:44 | 000,000,106 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/01/14 02:43:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/14 02:41:23 | 000,120,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:17:28 | 000,001,102 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 20:10:37 | 000,026,674 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2013/01/13 20:10:22 | 000,001,955 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2013/01/13 18:39:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/13 14:42:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:03:20 | 000,083,968 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:08:11 | 000,002,374 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 22:07:30 | 000,229,714 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:16:46 | 000,000,044 | ---- | M] () -- C:\Windows\EPART50.ini
[2013/01/11 21:13:54 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:00:10 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:56 | 000,007,962 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/11 20:58:52 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:14 | 000,792,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/02/04 07:42:41 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:08:46 | 000,001,007 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/21 16:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:14:39 | 000,001,133 | ---- | C] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 14:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/21 14:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/21 14:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/21 14:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/21 14:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 13:16:51 | 000,001,204 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/15 07:33:13 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 01:17:28 | 000,001,102 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 18:12:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/13 14:51:45 | 000,001,210 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:04:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/13 13:58:04 | 000,000,106 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/01/11 22:07:44 | 000,230,665 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/11 22:07:30 | 000,229,714 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:35:00 | 000,002,374 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 21:13:54 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:36 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2013/01/11 21:13:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:03:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/01/11 21:03:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/01/11 21:03:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/01/11 21:03:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/01/11 21:03:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/01/11 21:03:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/01/11 21:03:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/01/11 21:03:21 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/01/11 21:03:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/01/11 21:03:21 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/01/11 21:03:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/11 21:03:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/11 21:03:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/11 21:03:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/01/11 21:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPART50.ini
[2013/01/11 21:00:10 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:52 | 000,007,962 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/11 20:52:06 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/27 09:10:57 | 1964,290,048 | ---- | C] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso
[2012/10/06 09:59:31 | 000,011,230 | ---- | C] () -- C:\Users\Raw from Noluv\NFO.NFO
[2012/05/09 19:19:35 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/05/03 07:48:30 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/03 07:48:30 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/25 12:21:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 12:21:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/24 08:06:17 | 000,026,674 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2012/04/22 10:18:15 | 000,026,197 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp38.html
[2012/04/22 10:14:48 | 000,001,955 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2012/01/09 16:35:17 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,082 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/14 18:21:54 | 000,001,024 | ---- | C] () -- C:\Users\Raw from Noluv\.rnd

========== ZeroAccess Check ==========

[2012/08/09 17:28:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: MMC.EXE >
[2009/07/13 20:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) MD5=6AAF3BECE2C3D17091BCEF37C5A82AC0 -- C:\Windows\SysWOW64\mmc.exe
[2009/07/13 20:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) MD5=6AAF3BECE2C3D17091BCEF37C5A82AC0 -- C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_0f49a133d6f5d42b\mmc.exe
[2009/07/13 20:39:19 | 002,144,256 | ---- | M] (Microsoft Corporation) MD5=9FEA051A9585F2A303D55745B4BF63AA -- C:\Windows\SysNative\mmc.exe
[2009/07/13 20:39:19 | 002,144,256 | ---- | M] (Microsoft Corporation) MD5=9FEA051A9585F2A303D55745B4BF63AA -- C:\Windows\system64\mmc.exe
[2009/07/13 20:39:19 | 002,144,256 | ---- | M] (Microsoft Corporation) MD5=9FEA051A9585F2A303D55745B4BF63AA -- C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\02042013-some number.log so look there if you don't see it.

Run OTL, Quickscan again and let's see it that worked.
  • 0

#44
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
OTL logfile created on: 2/4/2013 12:25:34 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 73.88% Memory free
11.74 Gb Paging File | 10.04 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 49.88 Gb Free Space | 17.79% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 09:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/04 18:51:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/25 21:23:14 | 000,438,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 08:38:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/28 08:38:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/20 22:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D2B1EE8F-3646-466A-8407-78DA4AAE7B32}: "URL" = http://www.google.co...1I7ADFA_enUS422
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/04 07:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 19:32:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 12:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions
[2012/08/21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/26 22:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/26 22:47:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/11 19:32:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 19:32:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/11 19:32:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: avast! WebRep = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/02 04:04:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235AA25-4B56-4A1B-A6B5-2B4EF4597E21}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 07:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/04 07:42:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/04 07:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/04 07:42:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/04 07:42:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/04 07:42:37 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/04 07:42:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/04 07:42:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/04 07:42:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/04 07:42:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/04 07:42:05 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/02/03 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2013/02/02 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/02 04:05:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/21 16:27:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/21 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/21 16:18:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Programs
[2013/01/21 14:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/21 14:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/21 14:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/21 12:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 04:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2013/01/18 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2013/01/15 08:27:56 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/01/15 08:25:58 | 000,245,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2013/01/15 08:25:56 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2013/01/15 07:33:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013/01/15 07:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013/01/15 07:28:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2013/01/14 15:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/01/14 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/14 07:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/01/14 07:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 07:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/14 02:45:37 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/14 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/01/14 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013/01/14 00:49:38 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2013/01/13 23:54:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 18:05:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/13 18:05:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/01/13 18:05:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/01/13 18:05:29 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/01/13 18:05:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/01/13 18:05:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/01/13 18:05:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/01/13 18:05:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/01/13 18:05:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/01/13 18:05:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/01/13 18:05:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/01/13 18:05:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/01/13 18:05:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/01/13 18:05:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/01/13 18:05:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/01/13 18:05:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/01/13 18:05:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/01/13 18:05:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/01/13 18:05:27 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/13 18:05:27 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/01/13 18:05:26 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/01/13 18:05:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/01/13 18:02:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/01/13 18:02:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/01/13 18:02:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/13 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\ABBYY
[2013/01/13 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/01/13 14:19:10 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2013/01/13 14:19:10 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2013/01/13 14:19:10 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2013/01/13 14:19:10 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2013/01/13 14:19:10 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2013/01/13 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/01/13 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/01/13 14:10:38 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2013/01/13 14:10:38 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2013/01/13 14:10:37 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2013/01/13 14:10:37 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2013/01/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/01/13 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/01/13 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/01/13 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/01/13 14:04:50 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013/01/13 14:04:50 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013/01/13 14:04:50 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2013/01/13 09:03:20 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2013/01/11 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Unizeal_Corp
[2013/01/11 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2013/01/11 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2013/01/11 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013/01/11 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/01/11 21:03:21 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2013/01/11 21:03:21 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2013/01/11 21:03:21 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2013/01/11 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2013/01/11 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/01/11 21:03:02 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMFFA.DLL
[2013/01/11 21:02:59 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBFFA.DLL
[2013/01/11 21:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/01/11 21:00:38 | 000,615,984 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8n.ocx
[2013/01/11 21:00:37 | 000,847,872 | ---- | C] (Arcadia Software Development) -- C:\Windows\SysWow64\PowerButton.ocx
[2013/01/11 21:00:37 | 000,497,488 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Publisher Pro
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Publisher Pro
[2013/01/11 20:52:06 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys

========== Files - Modified Within 30 Days ==========

[2013/02/04 12:17:02 | 000,738,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 12:17:02 | 000,632,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 12:17:02 | 000,109,972 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 12:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 11:23:18 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 11:23:18 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 11:16:50 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 07:42:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:31:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/04 07:08:46 | 000,001,007 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/02/04 06:36:01 | 668,360,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/02 04:04:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/02 03:26:40 | 000,001,210 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/01 21:40:25 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2013/01/21 16:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 16:18:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:14:39 | 000,001,133 | ---- | M] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 13:16:51 | 000,001,204 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/18 02:17:54 | 000,230,665 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/15 07:33:13 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 08:37:39 | 005,057,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 02:47:44 | 000,000,106 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/01/14 02:43:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/14 02:41:23 | 000,120,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:17:28 | 000,001,102 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 20:10:37 | 000,026,674 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2013/01/13 20:10:22 | 000,001,955 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2013/01/13 18:39:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/13 14:42:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:03:20 | 000,083,968 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:08:11 | 000,002,374 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 22:07:30 | 000,229,714 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:16:46 | 000,000,044 | ---- | M] () -- C:\Windows\EPART50.ini
[2013/01/11 21:13:54 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:00:10 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:56 | 000,007,962 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/11 20:58:52 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:14 | 000,792,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/02/04 07:42:41 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:08:46 | 000,001,007 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/21 16:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:14:39 | 000,001,133 | ---- | C] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 14:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/21 14:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/21 14:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/21 14:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/21 14:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 13:16:51 | 000,001,204 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/15 07:33:13 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 01:17:28 | 000,001,102 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 18:12:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/13 14:51:45 | 000,001,210 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:04:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/13 13:58:04 | 000,000,106 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/01/11 22:07:44 | 000,230,665 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/11 22:07:30 | 000,229,714 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:35:00 | 000,002,374 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 21:13:54 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:36 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2013/01/11 21:13:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:03:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/01/11 21:03:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/01/11 21:03:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/01/11 21:03:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/01/11 21:03:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/01/11 21:03:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/01/11 21:03:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/01/11 21:03:21 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/01/11 21:03:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/01/11 21:03:21 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/01/11 21:03:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/11 21:03:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/11 21:03:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/11 21:03:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/01/11 21:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPART50.ini
[2013/01/11 21:00:10 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:52 | 000,007,962 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/11 20:52:06 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/27 09:10:57 | 1964,290,048 | ---- | C] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso
[2012/10/06 09:59:31 | 000,011,230 | ---- | C] () -- C:\Users\Raw from Noluv\NFO.NFO
[2012/05/09 19:19:35 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/05/03 07:48:30 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/03 07:48:30 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/25 12:21:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 12:21:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/24 08:06:17 | 000,026,674 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2012/04/22 10:18:15 | 000,026,197 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp38.html
[2012/04/22 10:14:48 | 000,001,955 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2012/01/09 16:35:17 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,082 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/14 18:21:54 | 000,001,024 | ---- | C] () -- C:\Users\Raw from Noluv\.rnd

========== ZeroAccess Check ==========

[2012/08/09 17:28:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: MMC.EXE >
[2009/07/13 20:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) MD5=6AAF3BECE2C3D17091BCEF37C5A82AC0 -- C:\Windows\SysWOW64\mmc.exe
[2009/07/13 20:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) MD5=6AAF3BECE2C3D17091BCEF37C5A82AC0 -- C:\Windows\winsxs\x86_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_0f49a133d6f5d42b\mmc.exe
[2009/07/13 20:39:19 | 002,144,256 | ---- | M] (Microsoft Corporation) MD5=9FEA051A9585F2A303D55745B4BF63AA -- C:\Windows\SysNative\mmc.exe
[2009/07/13 20:39:19 | 002,144,256 | ---- | M] (Microsoft Corporation) MD5=9FEA051A9585F2A303D55745B4BF63AA -- C:\Windows\system64\mmc.exe
[2009/07/13 20:39:19 | 002,144,256 | ---- | M] (Microsoft Corporation) MD5=9FEA051A9585F2A303D55745B4BF63AA -- C:\Windows\winsxs\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_6.1.7600.16385_none_6b683cb78f534561\mmc.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >
  • 0

#45
noluv

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
OTL logfile created on: 2/4/2013 4:40:45 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.28 Gb Available Physical Memory | 74.48% Memory free
11.74 Gb Paging File | 10.08 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 49.91 Gb Free Space | 17.80% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/19 09:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/04 18:51:22 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/25 21:23:14 | 000,438,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 08:38:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/28 08:38:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/20 22:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D2B1EE8F-3646-466A-8407-78DA4AAE7B32}: "URL" = http://www.google.co...1I7ADFA_enUS422
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/04 07:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 19:32:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 12:24:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions
[2012/08/21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/26 22:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/26 22:47:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/11 19:32:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 19:32:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/11 19:32:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: avast! WebRep = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/02 04:04:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235AA25-4B56-4A1B-A6B5-2B4EF4597E21}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 07:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/04 07:42:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/04 07:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/04 07:42:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/04 07:42:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/04 07:42:37 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/04 07:42:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/04 07:42:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/04 07:42:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/04 07:42:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/04 07:42:05 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/02/03 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2013/02/02 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/02 04:05:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/21 16:27:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/21 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/21 16:18:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Programs
[2013/01/21 14:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/21 14:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/21 14:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/21 12:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 04:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2013/01/18 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2013/01/15 08:27:56 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/01/15 07:33:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013/01/15 07:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013/01/15 07:28:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2013/01/14 15:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/01/14 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/14 07:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/01/14 07:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 07:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/14 01:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/14 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/01/14 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013/01/13 23:54:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\ABBYY
[2013/01/13 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/01/13 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/01/13 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/01/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/01/13 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/01/13 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/01/13 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/01/11 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2013/01/11 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Unizeal_Corp
[2013/01/11 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2013/01/11 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2013/01/11 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013/01/11 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/01/11 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2013/01/11 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/01/11 21:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/01/11 21:00:38 | 000,615,984 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8n.ocx
[2013/01/11 21:00:37 | 000,847,872 | ---- | C] (Arcadia Software Development) -- C:\Windows\SysWow64\PowerButton.ocx
[2013/01/11 21:00:37 | 000,497,488 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Publisher Pro
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Publisher Pro
[2013/01/11 20:52:06 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys

========== Files - Modified Within 30 Days ==========

[2013/02/04 16:39:15 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 16:39:15 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 16:32:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 16:32:48 | 438,684,220 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/04 16:32:45 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 12:17:02 | 000,738,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 12:17:02 | 000,632,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 12:17:02 | 000,109,972 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 07:42:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:31:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/04 07:08:46 | 000,001,007 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/02/02 04:04:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/02 03:26:40 | 000,001,210 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/01 21:40:25 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2013/01/21 16:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 16:18:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:14:39 | 000,001,133 | ---- | M] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 13:16:51 | 000,001,204 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/18 02:17:54 | 000,230,665 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/15 07:33:13 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 08:37:39 | 005,057,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 02:47:44 | 000,000,106 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/01/14 02:43:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/14 01:17:28 | 000,001,102 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 20:10:37 | 000,026,674 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2013/01/13 20:10:22 | 000,001,955 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2013/01/13 18:39:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/13 14:42:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/11 22:08:11 | 000,002,374 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 22:07:30 | 000,229,714 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:16:46 | 000,000,044 | ---- | M] () -- C:\Windows\EPART50.ini
[2013/01/11 21:13:54 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:00:10 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:56 | 000,007,962 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/11 20:58:52 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:14 | 000,792,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/02/04 07:42:41 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:08:46 | 000,001,007 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/21 16:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:14:39 | 000,001,133 | ---- | C] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 14:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/21 14:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/21 14:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/21 14:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/21 14:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 13:16:51 | 000,001,204 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/15 07:33:13 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 01:17:28 | 000,001,102 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 18:12:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/13 14:51:45 | 000,001,210 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:04:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/13 13:58:04 | 000,000,106 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/01/11 22:07:44 | 000,230,665 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/11 22:07:30 | 000,229,714 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:35:00 | 000,002,374 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 21:13:54 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:36 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2013/01/11 21:13:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:03:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/01/11 21:03:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/01/11 21:03:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/01/11 21:03:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/01/11 21:03:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/01/11 21:03:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/01/11 21:03:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/01/11 21:03:21 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/01/11 21:03:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/01/11 21:03:21 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/01/11 21:03:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/11 21:03:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/11 21:03:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/11 21:03:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/01/11 21:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPART50.ini
[2013/01/11 21:00:10 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:52 | 000,007,962 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/11 20:52:06 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/27 09:10:57 | 1964,290,048 | ---- | C] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso
[2012/10/06 09:59:31 | 000,011,230 | ---- | C] () -- C:\Users\Raw from Noluv\NFO.NFO
[2012/05/09 19:19:35 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/05/03 07:48:30 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/03 07:48:30 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/25 12:21:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 12:21:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/24 08:06:17 | 000,026,674 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2012/04/22 10:18:15 | 000,026,197 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp38.html
[2012/04/22 10:14:48 | 000,001,955 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2012/01/09 16:35:17 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,082 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/14 18:21:54 | 000,001,024 | ---- | C] () -- C:\Users\Raw from Noluv\.rnd

========== ZeroAccess Check ==========

[2012/08/09 17:28:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/18 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2011/10/13 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Acoustica
[2012/04/30 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Azureus
[2011/12/16 18:57:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\B9178
[2012/04/30 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\BITS
[2011/03/13 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/10 17:12:06 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\DMCache
[2010/12/31 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\DVDCreator
[2013/01/21 13:36:54 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\E24B9
[2013/01/14 02:49:18 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2012/04/30 10:41:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FlashGet
[2012/04/30 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FlashGetBHO
[2012/04/30 10:41:02 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\FrostWire
[2012/04/30 10:58:12 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\KJJJ7ffEL8
[2013/01/11 22:51:52 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:16:56 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2011/07/11 20:35:00 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\MPEG Streamclip
[2011/08/16 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\ooVoo Details
[2011/03/17 13:25:58 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\PACE Anti-Piracy
[2013/02/03 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2012/04/30 10:58:14 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Raptr
[2012/01/08 22:42:12 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011/04/08 16:12:45 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Sierra Wireless
[2012/04/30 10:41:08 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\SoftGrid Client
[2011/03/17 13:31:01 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/19 09:47:03 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\TP
[2013/01/21 12:20:24 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\uTorrent
[2011/01/02 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\VitySoft
[2013/01/10 22:06:52 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Vso
[2011/01/14 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\WildTangent
[2013/01/15 07:28:53 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2011/02/08 08:49:07 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Windows Live Writer
[2012/10/13 21:25:32 | 000,000,000 | ---D | M] -- C:\Users\Raw from Noluv\AppData\Roaming\Xilisoft

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP