Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

for rkinner

Started by noluv , Jan 30 2013 06:11 PM

  • Please log in to reply

#61
RKinner
Posted 09 February 2013 - 11:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looks like you may be missing some files compared to mine but they may be in SysWow64 so let's look.

Copy the text in the code box:

/md5start
usb8023.sys
USBAUDIO.sys
USBCAMD.sys
USBCAMD2.sys
usbccgp.sys
usbcir.sys
usbd.sys
usbehci.sys
usbfilter.sys
usbhub.sys
usbohci.sys
usbport.sys
usbprint.sys
usbrpm.sys
USBSTOR.SYS
usbuhci.sys
usbvideo.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

Advertisements

#62
noluv
Posted 10 February 2013 - 03:13 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
OTL logfile created on: 2/10/2013 2:14:03 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Raw from Noluv\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 72.57% Memory free
11.74 Gb Paging File | 9.92 Gb Available in Paging File | 84.51% Paging File free
Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.45 Gb Total Space | 49.33 Gb Free Space | 17.59% Space Free | Partition Type: NTFS
Drive D: | 17.34 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive E: | 69.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.44 Mb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: MMG | User Name: Raw from Noluv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/08 10:42:23 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2013/01/19 09:40:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raw from Noluv\Downloads\OTL.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/11 19:32:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/08 10:42:22 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2012/09/11 19:32:55 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/20 01:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/08 10:42:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/25 21:23:14 | 000,438,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 08:38:28 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/02/28 08:38:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/20 10:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 02:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 01:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/20 22:26:38 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/06/20 22:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/06/20 22:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/20 22:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/16 20:09:42 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV:64bit: - [2010/05/16 20:09:42 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (swmx00)
DRV:64bit: - [2010/05/16 20:09:26 | 000,255,488 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/05/12 05:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2010/05/07 11:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/03/26 19:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2010/03/26 19:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2010/03/22 09:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B921B1C-B95E-41F4-8174-1A24D4FE414B}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{BDA7515B-D49F-48F9-93D8-3F3D087513EC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D2B1EE8F-3646-466A-8407-78DA4AAE7B32}: "URL" = http://www.google.co...1I7ADFA_enUS422
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raw from Noluv\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/04 07:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 19:32:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/04 17:04:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 20:53:49 | 000,000,000 | ---D | M]

[2011/08/29 17:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\fjo7jt2i.default\extensions
[2013/01/21 12:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raw from Noluv\AppData\Roaming\Mozilla\Firefox\Profiles\jf1g4wzi.default\extensions
[2012/08/21 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/26 22:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/26 22:47:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/04 07:42:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/11 19:32:56 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 19:32:55 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/09/11 19:32:55 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: avast! WebRep = C:\Users\Raw from Noluv\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/02 04:04:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Raw from Noluv\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A522D6-3EB1-4214-92E4-66EC7F125DEE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D235AA25-4B56-4A1B-A6B5-2B4EF4597E21}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 07:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/02/04 07:42:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/04 07:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/04 07:42:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/04 07:42:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/04 07:42:37 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/04 07:42:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/04 07:42:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/04 07:42:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/04 07:42:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/04 07:42:05 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/04 07:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/02/04 07:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013/02/03 20:35:09 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\QuickScan
[2013/02/02 04:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/02 04:05:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/21 16:27:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/21 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/21 16:18:44 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:13:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Programs
[2013/01/21 14:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/21 14:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/21 14:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/21 12:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/21 04:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2013/01/18 01:04:02 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Acer
[2013/01/15 08:27:56 | 000,443,040 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2013/01/15 08:25:58 | 000,245,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUStor.sys
[2013/01/15 08:25:56 | 000,422,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtsUStor.dll
[2013/01/15 07:33:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013/01/15 07:33:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013/01/15 07:28:53 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\WinBatch
[2013/01/14 15:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[2013/01/14 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/14 07:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/01/14 07:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/14 07:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/14 02:45:37 | 000,120,320 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSoft LTD
[2013/01/14 01:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013/01/14 01:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013/01/13 23:54:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/13 18:05:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/01/13 18:05:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/01/13 18:05:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/01/13 18:05:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/01/13 18:05:29 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/01/13 18:05:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/01/13 18:05:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/01/13 18:05:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/01/13 18:05:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/01/13 18:05:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/01/13 18:05:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/01/13 18:05:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/01/13 18:05:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/01/13 18:05:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/01/13 18:05:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/01/13 18:05:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/01/13 18:05:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/01/13 18:05:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/01/13 18:05:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/01/13 18:05:27 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/01/13 18:05:27 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/01/13 18:05:26 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/01/13 18:05:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/01/13 18:02:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/01/13 18:02:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/01/13 18:02:05 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/01/13 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\ABBYY
[2013/01/13 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013/01/13 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013/01/13 14:19:10 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll
[2013/01/13 14:19:10 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll
[2013/01/13 14:19:10 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll
[2013/01/13 14:19:10 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll
[2013/01/13 14:19:10 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll
[2013/01/13 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/01/13 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/01/13 14:10:38 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppmon.dll
[2013/01/13 14:10:38 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\ensppui.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enspres.dll
[2013/01/13 14:10:38 | 000,250,880 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enpres.dll
[2013/01/13 14:10:37 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppmon.dll
[2013/01/13 14:10:37 | 000,538,112 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\enppui.dll
[2013/01/13 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/01/13 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/01/13 14:08:32 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2013/01/13 14:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2013/01/13 14:04:50 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2013/01/13 14:04:50 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2013/01/13 14:04:50 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll
[2013/01/13 09:03:20 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leader Technologies
[2013/01/11 21:37:51 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Epson
[2013/01/11 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Local\Unizeal_Corp
[2013/01/11 21:16:56 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\Leadertech
[2013/01/11 21:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTCM Client
[2013/01/11 21:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2013/01/11 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/01/11 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/01/11 21:03:21 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2013/01/11 21:03:21 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2013/01/11 21:03:21 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2013/01/11 21:03:21 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicMgr.dll
[2013/01/11 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Raw from Noluv\AppData\Roaming\InstallShield
[2013/01/11 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/01/11 21:03:02 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMFFA.DLL
[2013/01/11 21:02:59 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBFFA.DLL
[2013/01/11 21:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/01/11 21:00:38 | 000,615,984 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8n.ocx
[2013/01/11 21:00:37 | 000,847,872 | ---- | C] (Arcadia Software Development) -- C:\Windows\SysWow64\PowerButton.ocx
[2013/01/11 21:00:37 | 000,497,488 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\SysWow64\XceedZip.dll
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Publisher Pro
[2013/01/11 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Publisher Pro
[2013/01/11 20:52:06 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys

========== Files - Modified Within 30 Days ==========

[2013/02/10 13:58:36 | 000,738,110 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/10 13:58:36 | 000,632,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/10 13:58:36 | 000,109,972 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/10 13:55:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/10 13:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/09 17:20:47 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 17:20:47 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 17:14:57 | 636,754,620 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/09 17:14:56 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/09 03:58:47 | 000,238,814 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/02/08 10:42:23 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/08 10:42:23 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/07 05:24:44 | 005,057,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/06 08:23:58 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/02/04 17:04:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/04 07:42:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:31:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/04 07:08:46 | 000,001,007 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/02/02 04:04:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/02 03:26:40 | 000,001,210 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/01 21:40:25 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRaw from Noluv.job
[2013/01/21 16:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 16:18:46 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Raw from Noluv\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/21 15:14:39 | 000,001,133 | ---- | M] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 13:16:51 | 000,001,204 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/15 07:33:13 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 02:47:44 | 000,000,106 | ---- | M] () -- C:\Windows\EP4530.ini
[2013/01/14 02:43:57 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/14 02:41:23 | 000,120,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YLMH3A.DLL
[2013/01/14 01:17:28 | 000,001,102 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 20:10:37 | 000,026,674 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2013/01/13 20:10:22 | 000,001,955 | ---- | M] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2013/01/13 18:39:34 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/13 14:42:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:03:20 | 000,083,968 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_YD4BH3A.DLL
[2013/01/11 22:08:11 | 000,002,374 | ---- | M] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 22:07:30 | 000,229,714 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | M] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:16:46 | 000,000,044 | ---- | M] () -- C:\Windows\EPART50.ini
[2013/01/11 21:13:54 | 000,000,185 | ---- | M] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:13 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:00:10 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:56 | 000,007,962 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/11 20:58:52 | 000,709,719 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:14 | 000,792,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/02/08 10:37:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 17:04:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/04 17:04:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/04 07:42:41 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/04 07:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/04 07:08:46 | 000,001,007 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\SpeedFan.lnk
[2013/02/04 07:08:44 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013/01/21 16:27:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 15:14:39 | 000,001,133 | ---- | C] () -- C:\Users\Raw from Noluv\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/21 14:25:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/21 14:25:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/21 14:25:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/21 14:25:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/21 14:25:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 13:16:51 | 000,001,204 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\ComboFix - Shortcut.lnk
[2013/01/15 07:33:13 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2013/01/14 15:58:54 | 000,000,836 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\WhoCrashed.lnk
[2013/01/14 01:17:28 | 000,001,102 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\EVEREST Home Edition.lnk
[2013/01/13 23:12:23 | 000,000,131 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\FIX.REG
[2013/01/13 18:12:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/13 14:51:45 | 000,001,210 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/01/13 14:42:20 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce Pro WP-4530 Guide.lnk
[2013/01/13 14:04:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/01/13 13:58:04 | 000,000,106 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/01/11 22:07:44 | 000,238,814 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASK COVER.ec4
[2013/01/11 22:07:30 | 000,229,714 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\NEW ASK COVER.ec4
[2013/01/11 21:39:47 | 000,001,672 | ---- | C] () -- C:\Users\Raw from Noluv\Documents\ViewerX.alb
[2013/01/11 21:35:00 | 000,002,374 | ---- | C] () -- C:\Users\Raw from Noluv\Desktop\NEW ASKME.acp
[2013/01/11 21:13:54 | 000,000,185 | ---- | C] () -- C:\Users\Public\Desktop\Epson CreativeZone.url
[2013/01/11 21:13:36 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTCM Client.lnk
[2013/01/11 21:13:13 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2013/01/11 21:07:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Artisan 50 Series Info Center.lnk
[2013/01/11 21:06:27 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2013/01/11 21:03:21 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/01/11 21:03:21 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/01/11 21:03:21 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/01/11 21:03:21 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/01/11 21:03:21 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/01/11 21:03:21 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/01/11 21:03:21 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/01/11 21:03:21 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2013/01/11 21:03:21 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2013/01/11 21:03:21 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2013/01/11 21:03:21 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2013/01/11 21:03:21 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2013/01/11 21:03:21 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/01/11 21:03:21 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/01/11 21:03:21 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/01/11 21:03:21 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/01/11 21:03:21 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/01/11 21:03:21 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/01/11 21:02:30 | 000,000,044 | ---- | C] () -- C:\Windows\EPART50.ini
[2013/01/11 21:00:10 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Final Publisher Pro.lnk
[2013/01/11 20:58:52 | 000,709,719 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/11 20:58:52 | 000,007,962 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/11 20:52:06 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/27 09:10:57 | 1964,290,048 | ---- | C] () -- C:\Users\Raw from Noluv\650 WWE THEME SONGS.iso
[2012/10/06 09:59:31 | 000,011,230 | ---- | C] () -- C:\Users\Raw from Noluv\NFO.NFO
[2012/05/09 19:19:35 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/05/03 07:48:30 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/05/03 07:48:30 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/04/25 12:21:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/25 12:21:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/24 08:06:17 | 000,026,674 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp20.html
[2012/04/22 10:18:15 | 000,026,197 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp38.html
[2012/04/22 10:14:48 | 000,001,955 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\Temp1.html
[2012/01/09 16:35:17 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/25 20:30:57 | 000,709,968 | ---- | C] () -- C:\Windows\is-FR598.exe
[2011/10/13 20:30:01 | 000,200,517 | ---- | C] () -- C:\Windows\hpoins16.dat
[2011/10/13 20:30:01 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2011/10/13 19:22:40 | 000,200,305 | ---- | C] () -- C:\Windows\hpoins16.dat.temp
[2011/10/13 19:22:40 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat.temp
[2011/05/16 17:08:01 | 000,001,854 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\GhostObjGAFix.xml
[2011/04/29 23:21:48 | 000,005,120 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 16:12:51 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/27 21:07:42 | 000,000,082 | ---- | C] () -- C:\Users\Raw from Noluv\AppData\Roaming\default.pls
[2011/01/14 18:21:54 | 000,001,024 | ---- | C] () -- C:\Users\Raw from Noluv\.rnd

========== ZeroAccess Check ==========

[2012/08/09 17:28:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: USB8023.SYS >
[2009/07/13 19:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D0FE8CB5F84303E73FF0754437FAD3D1 -- C:\Windows\SysNative\drivers\usb8023.sys
[2009/07/13 19:09:49 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D0FE8CB5F84303E73FF0754437FAD3D1 -- C:\Windows\winsxs\amd64_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_20e1b69f6c5c4250\usb8023.sys

< MD5 for: USBAUDIO.SYS >
[2010/11/20 05:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) MD5=82E8F44688E6FAC57B5B7C6FC7ADBC2A -- C:\Windows\SysNative\DriverStore\FileRepository\wdma_usb.inf_amd64_neutral_7bb325bca8ea1218\USBAUDIO.sys
[2010/11/20 05:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) MD5=82E8F44688E6FAC57B5B7C6FC7ADBC2A -- C:\Windows\winsxs\amd64_wdma_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_cb3de110cd7a6fa2\USBAUDIO.sys

< MD5 for: USBCAMD2.SYS >
[2010/11/20 05:44:05 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=292A8E03B3FCE04E39B5BE9B14132030 -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2010/11/20 05:44:05 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=292A8E03B3FCE04E39B5BE9B14132030 -- C:\Windows\winsxs\amd64_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_fdae66ff8eda989e\USBCAMD2.sys

< MD5 for: USBCCGP.SYS >
[2011/03/24 22:24:26 | 000,099,328 | ---- | M] (Microsoft Corporation) MD5=19AD7990C0B67E48DAC5B26F99628223 -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbccgp.sys
[2010/11/20 05:44:03 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=481DFF26B4DCA8F4CBAC1F7DCE1D6829 -- C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbccgp.sys
[2010/11/20 05:44:03 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=481DFF26B4DCA8F4CBAC1F7DCE1D6829 -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbccgp.sys
[2011/03/24 22:29:14 | 000,098,816 | -H-- | M] (Microsoft Corporation) MD5=6F1A3157A1C89435352CEB543CDB359C -- C:\Windows\SysNative\drivers\usbccgp.sys
[2011/03/24 22:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=6F1A3157A1C89435352CEB543CDB359C -- C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
[2011/03/24 22:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=6F1A3157A1C89435352CEB543CDB359C -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbccgp.sys

< MD5 for: USBCIR.SYS >
[2009/07/13 19:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) MD5=AF0892A803FDDA7492F595368E3B68E7 -- C:\Windows\SysNative\drivers\usbcir.sys
[2009/07/13 19:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) MD5=AF0892A803FDDA7492F595368E3B68E7 -- C:\Windows\SysNative\DriverStore\FileRepository\usbcir.inf_amd64_neutral_379fb0c62496be6e\usbcir.sys
[2009/07/13 19:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) MD5=AF0892A803FDDA7492F595368E3B68E7 -- C:\Windows\winsxs\amd64_usbcir.inf_31bf3856ad364e35_6.1.7601.17514_none_fc6d9caf132197da\usbcir.sys

< MD5 for: USBD.SYS >
[2009/07/13 19:06:23 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=63C8D74BED9F80F4DD0AA7A3101EB639 -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbd.sys
[2009/07/13 19:06:23 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=63C8D74BED9F80F4DD0AA7A3101EB639 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbd.sys
[2011/03/24 22:24:06 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=9FED58941EC600A96CB0CC37EC841FFB -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbd.sys
[2011/03/24 22:28:59 | 000,007,936 | -H-- | M] (Microsoft Corporation) MD5=CCA2AB1752A61F29C3C941CD79D78CEA -- C:\Windows\SysNative\drivers\usbd.sys
[2011/03/24 22:28:59 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=CCA2AB1752A61F29C3C941CD79D78CEA -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
[2011/03/24 22:28:59 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=CCA2AB1752A61F29C3C941CD79D78CEA -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbd.sys

< MD5 for: USBEHCI.SYS >
[2010/11/20 05:43:54 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=74EE782B1D9C241EFE425565854C661C -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbehci.sys
[2010/11/20 05:43:54 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=74EE782B1D9C241EFE425565854C661C -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbehci.sys
[2011/03/24 22:29:04 | 000,052,736 | -H-- | M] (Microsoft Corporation) MD5=C025055FE7B87701EB042095DF1A2D7B -- C:\Windows\SysNative\drivers\usbehci.sys
[2011/03/24 22:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=C025055FE7B87701EB042095DF1A2D7B -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
[2011/03/24 22:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=C025055FE7B87701EB042095DF1A2D7B -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbehci.sys
[2011/03/24 22:24:15 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=DB1D7BFAC2AE51766AAD8F4EDAD753D0 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbehci.sys

< MD5 for: USBFILTER.SYS >
[2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) MD5=2C780746DC44A28FE67004DC58173F05 -- C:\Program Files (x86)\AMD\USB Audio Filter Driver\amd64\USBFilter.sys
[2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) MD5=2C780746DC44A28FE67004DC58173F05 -- C:\Windows\SysNative\drivers\usbfilter.sys
[2009/12/22 05:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) MD5=E5B14557793164DB879EE56F5B59C3E2 -- C:\Program Files (x86)\AMD\USB Audio Filter Driver\x86\USBFilter.sys

< MD5 for: USBHUB.SYS >
[2011/03/24 22:29:26 | 000,343,040 | -H-- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\SysNative\drivers\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17586_none_28d4bd852548d3f5\usbhub.sys
[2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=287C6C9410B111B68B52CA298F7B8C24 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbhub.sys
[2011/03/24 22:24:56 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=8B892002D7B79312821169A14317AB86 -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.21692_none_294f893c3e722a54\usbhub.sys
[2011/03/24 22:24:56 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=8B892002D7B79312821169A14317AB86 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\winsxs\amd64_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_291e6c652511ddb0\usbhub.sys
[2010/11/20 05:44:30 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=DC96BD9CCB8403251BCF25047573558E -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbhub.sys

< MD5 for: USBOHCI.SYS >
[2011/03/24 22:24:11 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=1E76B898363F9E07C2DB1470F8C5E1C4 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbohci.sys
[2009/07/13 19:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=58E546BBAF87664FC57E0F6081E4F609 -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbohci.sys
[2009/07/13 19:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=58E546BBAF87664FC57E0F6081E4F609 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbohci.sys
[2011/03/24 22:29:04 | 000,025,600 | -H-- | M] (Microsoft Corporation) MD5=9840FC418B4CBD632D3D0A667A725C31 -- C:\Windows\SysNative\drivers\usbohci.sys
[2011/03/24 22:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=9840FC418B4CBD632D3D0A667A725C31 -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
[2011/03/24 22:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=9840FC418B4CBD632D3D0A667A725C31 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbohci.sys

< MD5 for: USBPORT.SYS >
[2011/03/24 22:24:16 | 000,325,120 | ---- | M] (Microsoft Corporation) MD5=985205EF2E427B4F5E464F0F0F8671F0 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbport.sys
[2011/03/24 22:29:14 | 000,325,120 | -H-- | M] (Microsoft Corporation) MD5=AE259C75F9A0B057B6BF9E9695632B09 -- C:\Windows\SysNative\drivers\usbport.sys
[2011/03/24 22:29:14 | 000,325,120 | ---- | M] (Microsoft Corporation) MD5=AE259C75F9A0B057B6BF9E9695632B09 -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
[2011/03/24 22:29:14 | 000,325,120 | ---- | M] (Microsoft Corporation) MD5=AE259C75F9A0B057B6BF9E9695632B09 -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbport.sys
[2010/11/20 05:44:00 | 000,325,120 | ---- | M] (Microsoft Corporation) MD5=B6D64EE607637301FF8C33139B4950DE -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbport.sys
[2010/11/20 05:44:00 | 000,325,120 | ---- | M] (Microsoft Corporation) MD5=B6D64EE607637301FF8C33139B4950DE -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbport.sys

< MD5 for: USBPRINT.SYS >
[2009/07/13 19:38:18 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\drivers\usbprint.sys
[2009/07/13 19:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/13 19:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys

< MD5 for: USBRPM.SYS >
[2010/11/20 06:37:20 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C3EC945DEC43C00E2AD4C98DDDD064C7 -- C:\Windows\SysNative\drivers\usbrpm.sys
[2010/11/20 06:37:20 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C3EC945DEC43C00E2AD4C98DDDD064C7 -- C:\Windows\winsxs\amd64_microsoft-windows-virtualpc-usb-rpm_31bf3856ad364e35_6.1.7601.17514_none_955e10988c5454aa\usbrpm.sys

< MD5 for: USBSTOR.SYS >
[2011/03/10 23:21:50 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=36106AC439EDFBB7B8BDBF99079C7590 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_a6e64054c7cca389\USBSTOR.SYS
[2010/11/20 05:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=D76510CFA0FC09023077F22C2F979D86 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\USBSTOR.SYS
[2010/11/20 05:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=D76510CFA0FC09023077F22C2F979D86 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS
[2011/03/10 23:37:16 | 000,091,648 | -H-- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2011/03/10 23:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS
[2011/03/10 23:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_a66e757baea0992f\USBSTOR.SYS

< MD5 for: USBUHCI.SYS >
[2011/03/24 22:24:11 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=23D13CD7D90E8857F06647FED5D0F3DD -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.21692_none_1c1981b9338d783b\usbuhci.sys
[2011/03/24 22:29:03 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=62069A34518BCF9C1FD9E74B3F6DB7CD -- C:\Windows\SysNative\drivers\usbuhci.sys
[2011/03/24 22:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=62069A34518BCF9C1FD9E74B3F6DB7CD -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
[2011/03/24 22:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=62069A34518BCF9C1FD9E74B3F6DB7CD -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17586_none_1b9eb6021a6421dc\usbuhci.sys
[2009/07/13 19:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=81FB2216D3A60D1284455D511797DB3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbport.inf_amd64_neutral_f935002f367d5bb0\usbuhci.sys
[2009/07/13 19:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=81FB2216D3A60D1284455D511797DB3D -- C:\Windows\winsxs\amd64_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_1be864e21a2d2b97\usbuhci.sys

< MD5 for: USBVIDEO.SYS >
[2010/11/20 05:44:34 | 000,184,960 | -H-- | M] (Microsoft Corporation) MD5=454800C2BC7F3927CE030141EE4F4C50 -- C:\Windows\SysNative\drivers\usbvideo.sys
[2010/11/20 05:44:34 | 000,184,960 | ---- | M] (Microsoft Corporation) MD5=454800C2BC7F3927CE030141EE4F4C50 -- C:\Windows\SysNative\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_836a6716cd56c692\usbvideo.sys
[2010/11/20 05:44:34 | 000,184,960 | ---- | M] (Microsoft Corporation) MD5=454800C2BC7F3927CE030141EE4F4C50 -- C:\Windows\winsxs\amd64_usbvideo.inf_31bf3856ad364e35_6.1.7601.17514_none_8c21f5f3d1335481\usbvideo.sys

< End of report >
  • 0

#63
RKinner
Posted 10 February 2013 - 03:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
OK the files are all there. Let's just try to back up to an older driver and see if we still get the BSOD.

Copy the text in the code box by highlighting and Ctrl + c

:files
C:\Windows\SysNative\drivers\usbhub.sys|C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys /replace

:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\02102013-some number.log so look there if you don't see it.

If this causes a problem you can revert back to the old one by running SFC:

sfc /scanfile=C:\Windows\SysNative\drivers\usbhub.sys\usbhub.sys
  • 0

#64
noluv
Posted 10 February 2013 - 08:52 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
========== FILES ==========
Unable to replace file: C:\Windows\SysNative\drivers\usbhub.sys with C:\Windows\SysNative\DriverStore\FileRepository\usb.inf_amd64_neutral_269d7150439b3372\usbhub.sys without a reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02102013_214743

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2011/03/24 22:29:26 | 000,343,040 | -H-- | M] (Microsoft Corporation) C:\Windows\SysNative\drivers\usbhub.sys : MD5=287C6C9410B111B68B52CA298F7B8C24

Registry entries deleted on Reboot...
  • 0

#65
noluv
Posted 10 February 2013 - 08:53 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
still says unknown driver
  • 0

#66
RKinner
Posted 11 February 2013 - 12:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Could you take a screenshot of the Device Manager page that shows the Unknown Driver and then attach it?

Have you had any more BSODs since we used OTL to replace usbhub.sys?

http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.
  • 0

#67
noluv
Posted 11 February 2013 - 03:34 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
noscreen.jpg bsod yet
  • 0

#68
RKinner
Posted 11 February 2013 - 06:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Let's hope the BSODs stay away.

If you right click on the device that says Unknown Device and select Properties then Details then change the dropdown menu to Hardware IDs. It should show you some strange numbers. Manually copy to a reply the first line (or do a screenshot)
  • 0

#69
noluv
Posted 11 February 2013 - 08:54 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
it says usb unknown ....no numbers
and i hope the bsod stays away also lol
  • 0

#70
RKinner
Posted 11 February 2013 - 09:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
There should be some numbers in there somewhere. Poke around and see if you can find them.

What do you have plugged into USB?
  • 0

Advertisements

#71
noluv
Posted 12 February 2013 - 01:40 AM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
nothing is plugged in and i found the hardware ids it just says unknown no usb instead of numbers
  • 0

#72
RKinner
Posted 12 February 2013 - 11:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I'm thinking I may have stumbled across the correct answer to the BSOD problem and perhaps it will also fix the unknown device thing.

http://support.micro....com/kb/2529073
Get the download where it says:

All supported x64-based versions of Windows 7

I think it will take you to:
http://www.microsoft...s.aspx?id=20756
Where you press Continue and then follow the instructions.

There is even a non-ms test program to verify that that is the problem. If you run that first it will test your files to see if they need to be updated by the fix and then will fix them:

http://code.kliu.org/.etc/7601usbfix/
  • 0

#73
noluv
Posted 12 February 2013 - 03:59 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
says i already have it installed on my computer
i found these numbers dont kno if itll help
under it was

usb.inf:Generic.Section.NTamd64:BADDEVICE.Dev:6.1.7601.17586:usb\unknown
  • 0

#74
RKinner
Posted 12 February 2013 - 05:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Might be a webcam. Is there one builtin to the laptop? Does it work?
Speccy talks about a USB to Serial Comm Port driver. Probably part of Nero 8. Do you know anything about it?

What is the make and model of the PC. I've probably asked this before but can't find it now.
  • 0

#75
noluv
Posted 12 February 2013 - 06:03 PM

noluv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
yes theres a webcam i really never used it
and i have no idea what the problem is
hp notebook mu06
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP