Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible uknown rootkit.


  • This topic is locked This topic is locked
9 replies to this topic

#1 veliusXI

veliusXI

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 05 May 2014 - 12:35 PM

Hello I have a two year old pc that was infected by a hacked linux distro i downloaded sometime ago. (the apt servers were hijacked). I thought i removed the infection which was TDL4. (i had a gentoo partition and right before i put my password for "su" a message popped up in my terminal telling me i typed my password to slow hehe) But I think its still infected with something else. Right now my laptop is tied into the same network. I fear my laptop may be infected with a different rootkit of some kind (maybe related to what i have or had on my tower). I ran gmer and got some weird results. I would like to see if one of you can check my laptop just to see if i maybe possibly infected. This laptop was also connected to a network that later on i found out was infected with a variant of mebroot. I will make a new post for my tower later. I really hope this virus didnt get into my bios or vbios. I know my tower after i ran konboot told me my smap entries were wrong and that it may indicate possible bios infection. I installed a new bios on my tower. Anyways can you check my laptop out. I will follow all of your instructions to a T. Thank you for your help. My name is John. :)

 

 

 

Runs windows 7 32-bit

 

P.S. Im more worried about my laptop at the moment cause i have my programming homework on it.

 

 

 

DDS LOG:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by bear at 12:44:23 on 2014-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3070.2118 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}
SP: Microsoft Security Essentials *Disabled/Outdated* {950DAA4F-154B-C2C8-586C-3578FD336CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - c:\program files\microsoft visual studio 11.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
mRun: [Windows8FirewallControl] c:\program files\windows8firewallcontrol\Windows8FirewallControl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-System: DontDisplayLastUserName = dword:1
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4024A21C-3098-4427-B1E8-F0FF328A8B17} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4024A21C-3098-4427-B1E8-F0FF328A8B17}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{4024A21C-3098-4427-B1E8-F0FF328A8B17}\8416274656567237 : DHCPNameServer = 192.168.1.1
Notify: YamicsoftDisabled - <no file>
LSA: Notification Packages =  scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bear\appdata\roaming\mozilla\firefox\profiles\h6hokowt.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-1-10 13680]
R2 Windows8FirewallService;Windows8FirewallService;c:\program files\windows8firewallcontrol\Windows8FirewallService.exe [2013-10-28 2031616]
R3 NETwLv32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-1-10 54632]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-30 108032]
S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-5-11 88832]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-5-4 73432]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-4 107736]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104264]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-9-23 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-30 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-9-23 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-10 1343400]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-1-10 101736]
S4 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-1-10 127336]
S4 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-9-21 413472]
S4 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-1-10 131432]
S4 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-1-10 142696]
.
=============== Created Last 30 ================
.
2014-05-05 17:02:26    8050496    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{b74b5f4e-3193-4a5a-b488-61f88e11190b}\mpengine.dll
2014-05-04 20:18:24    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-04 20:18:12    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-04 20:18:12    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-04 20:18:12    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-04 20:18:12    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-04 20:18:12    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-04 17:04:14    --------    d-----w-    c:\users\bear\appdata\roaming\enchant
2014-05-04 15:16:43    --------    d-----w-    c:\users\bear\appdata\local\gtk-2.0
2014-05-04 15:06:54    8050496    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-04 15:05:59    --------    d-----w-    c:\users\bear\appdata\local\enchant
2014-05-04 15:05:58    --------    d-----w-    c:\users\bear\appdata\roaming\.purple
2014-05-04 15:04:11    --------    d-----w-    c:\program files\Pidgin
2014-05-03 17:18:49    --------    d-----w-    c:\program files\CCleaner
2014-05-02 17:04:05    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-02 15:29:38    8050496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-05-02 15:29:31    8050496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{c2fd7ab0-b8e9-4934-ac72-5b6559bb75c8}\mpengine.dll
2014-05-01 02:24:35    98821    ----a-w-    c:\programdata\1398911038.bdinstall.bin
2014-05-01 02:23:58    36433    ----a-w-    c:\programdata\1398911031.bdinstall.bin
2014-05-01 00:49:02    --------    d-----w-    c:\program files\KRU
2014-05-01 00:08:47    --------    d-----w-    c:\program files\AuthenTec
2014-04-30 23:30:25    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-04-30 23:07:10    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-30 22:21:02    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-30 22:20:58    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-30 22:20:57    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-30 22:20:56    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-04-30 22:20:56    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-04-30 22:20:56    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-04-30 22:20:56    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-04-30 22:20:56    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-04-30 22:20:56    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-30 22:20:55    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-04-30 22:20:55    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-04-30 22:13:43    --------    d-----w-    c:\windows\Migration
2014-04-30 21:56:32    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2014-04-30 21:56:31    164864    ----a-w-    c:\program files\windows media player\wmplayer.exe
2014-04-30 21:17:41    --------    d-----w-    c:\program files\Microsoft Security Client
2014-04-30 21:08:03    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2014-04-30 21:06:55    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-04-30 21:04:59    594944    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2014-04-30 21:04:59    572416    ----a-w-    c:\windows\system32\RMActivate.exe
2014-04-30 21:04:59    510976    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2014-04-30 21:04:59    508928    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2014-04-30 21:04:59    428032    ----a-w-    c:\windows\system32\secproc.dll
2014-04-30 21:04:59    423936    ----a-w-    c:\windows\system32\secproc_isv.dll
2014-04-30 21:04:58    87040    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2014-04-30 21:04:58    87040    ----a-w-    c:\windows\system32\secproc_ssp.dll
2014-04-30 21:04:58    390144    ----a-w-    c:\windows\system32\msdrm.dll
2014-04-30 20:49:52    172626    ----a-w-    c:\programdata\1398890952.bdinstall.bin
2014-04-30 20:49:12    --------    d-----w-    c:\users\bear\appdata\roaming\QuickScan
2014-04-30 13:37:58    --------    d-----w-    c:\program files\Yamicsoft
2014-04-26 01:57:00    --------    d-----w-    c:\users\bear\appdata\local\Macromedia
2014-04-19 03:58:17    --------    d-----w-    c:\programdata\Oracle
.
==================== Find3M  ====================
.
2014-04-26 01:54:56    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-26 01:54:56    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-04-14 02:11:39    361984    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-14 02:07:19    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-03-31 14:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-30 10:13:18    16976    ----a-w-    c:\windows\FreeMem.exe
2014-03-11 14:52:30    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:31:27    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    c:\windows\system32\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43    32256    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39    1967104    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49    1789440    ----a-w-    c:\windows\system32\wininet.dll
2014-02-27 07:52:14    56664    ----a-w-    c:\windows\system32\ibmpmsvc.exe
2014-02-27 07:52:14    45880    ----a-w-    c:\windows\system32\drivers\ibmpmdrv.sys
2014-02-27 07:52:14    36696    ----a-w-    c:\windows\system32\tpinspm.dll
2014-02-27 07:52:12    60760    ----a-w-    c:\windows\system32\ibmpmctl.exe
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 12:45:01.13 ===============
 

 


Edited by veliusXI, 05 May 2014 - 12:52 PM.


BC AdBot (Login to Remove)

 


#2 veliusXI

veliusXI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 05 May 2014 - 11:57 PM

If i made a mistake or posted this in the wrong forum please let me know. Very sorry. aswmbr and gmer results looked to me as a concern for a rootkit of somekind. plus im getting alot of messages about certificate verifications on firefox. I also have been getting some weird redirects. My firewall keeps telling me its blocking something incoming on ports greater than 50000. Any help would be appreciated. At least to ease my nerves. Thank you :)



#3 veliusXI

veliusXI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 09 May 2014 - 10:45 PM

Should i post gmer results. Haven't had any responses yet?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 10 May 2014 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your DDS log.

mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0

You may want to review this policy.
http://www.trishtech.com/2011/07/turn-off-auto-closing-of-programs-at-shutdown-in-windows-7/
<<<>>>

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#5 veliusXI

veliusXI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 14 May 2014 - 11:27 PM

Before i run these i used yamicsoflt's windows 7 manager to close programs on shutdown. I will run these tools on saturday. I work alot. please be patient till saturday the 17th. I downloaded adwcleaner and farbar remover for 32-bit windows 7. Wont run them till the 17th. Thank you i would like you to see gmer and avast's mbr tool. I will post those logs as well when requested. :)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 15 May 2014 - 08:06 AM


You can post these as well.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

p.s.
You may need to use more than one post.

#7 veliusXI

veliusXI
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 17 May 2014 - 12:18 AM

adwcleaner log:
 
# AdwCleaner v3.207 - Report created 15/05/2014 at 11:41:26
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : bear -
# Running from : C:\Users\bear\Desktop\New folder (4)\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\bear\AppData\Roaming\Mozilla\Firefox\Profiles\h6hokowt.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [986 octets] - [15/05/2014 11:40:12]
AdwCleaner[S0].txt - [912 octets] - [15/05/2014 11:41:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [971 octets] ##########

____________________________________________________________________________
 
Farbar Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by bear (administrator) on 17-05-2014 00:07:42
Running from C:\Users\bear\Desktop\New folder (4)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Users\bear\Desktop\New folder (4)\aswMBR.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Farbar) C:\Users\bear\Desktop\New folder (4)\FRST1.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKU\S-1-5-21-177965781-3793052653-3357523896-1000\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-177965781-3793052653-3357523896-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA8FEF804D8CFCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\bear\AppData\Roaming\Mozilla\Firefox\Profiles\h6hokowt.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

S4 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S4 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R3 atmeltpm; C:\Windows\system32\drivers\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
S3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [73432 2014-05-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
S4 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
S3 HSFHWAZL; system32\DRIVERS\HSFHWAZL.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSF_DPV.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 MFE_RR; \??\C:\Users\bear\AppData\Local\Temp\mfe_rr.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]
U3 aswMBR; \??\C:\Users\bear\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 00:01 - 2014-05-17 00:01 - 00315456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-17 00:01 - 2014-05-17 00:01 - 00000056 _____ () C:\Windows\setupact.log
2014-05-17 00:01 - 2014-05-17 00:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 23:47 - 2014-05-17 00:07 - 00000000 ____D () C:\FRST
2014-05-16 23:26 - 2014-05-16 23:30 - 00050310 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 11:43 - 2014-05-15 11:43 - 00001050 _____ () C:\Users\bear\Desktop\AdwCleaner[S0].txt
2014-05-15 11:40 - 2014-05-15 11:45 - 00000000 ____D () C:\AdwCleaner
2014-05-15 02:17 - 2014-05-15 02:17 - 00000000 ____D () C:\88ab20b5d21107ea58
2014-05-15 02:17 - 2014-05-15 02:17 - 00000000 ____D () C:\01d3332b6106427574f3
2014-05-14 03:00 - 2014-05-05 22:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 03:00 - 2014-05-05 22:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 03:00 - 2014-05-05 21:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 01:45 - 2014-05-09 02:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 01:45 - 2014-05-09 02:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 01:45 - 2014-04-11 21:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 01:45 - 2014-04-11 21:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 01:45 - 2014-04-11 21:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 01:45 - 2014-04-11 21:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 01:45 - 2014-04-11 21:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 01:45 - 2014-04-11 21:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 01:45 - 2014-04-11 21:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 01:45 - 2014-03-24 21:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 01:45 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 01:45 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 01:45 - 2014-03-04 04:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 01:45 - 2014-03-04 04:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 01:45 - 2014-03-04 04:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-08 12:02 - 2014-05-08 12:02 - 00000000 __SHD () C:\Users\bear\AppData\Local\EmieUserList
2014-05-08 12:02 - 2014-05-08 12:02 - 00000000 __SHD () C:\Users\bear\AppData\Local\EmieSiteList
2014-05-08 00:12 - 2014-05-08 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2014-05-08 00:12 - 2014-05-08 00:12 - 00000000 ____D () C:\Dev-Cpp
2014-05-08 00:07 - 2014-05-08 00:11 - 268435456 _____ () C:\Users\bear\Downloads\install-amd64-minimal-20140403.iso
2014-05-07 23:26 - 2014-05-07 23:26 - 09326468 _____ () C:\Users\bear\Downloads\devcpp-4.9.9.2_setup.exe
2014-05-06 00:28 - 2014-05-06 00:28 - 00000000 ____D () C:\ProgramData\Privacyware
2014-05-06 00:28 - 2014-05-06 00:28 - 00000000 ____D () C:\Program Files\Privacyware
2014-05-06 00:11 - 2014-05-06 00:11 - 00000000 ____D () C:\Users\bear\AppData\Local\Privatefirewall
2014-05-06 00:09 - 2014-05-06 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2014-05-06 00:09 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2014-05-05 12:45 - 2014-05-05 12:46 - 00014639 _____ () C:\Users\bear\Desktop\dds.txt
2014-05-05 12:45 - 2014-05-05 12:46 - 00011122 _____ () C:\Users\bear\Desktop\attach.txt
2014-05-05 12:44 - 2014-05-05 12:44 - 00688992 ____R (Swearware) C:\Users\bear\Desktop\dds.com
2014-05-04 15:18 - 2014-05-04 16:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 15:18 - 2014-05-04 16:03 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 15:18 - 2014-05-04 15:18 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 15:18 - 2014-05-04 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 15:18 - 2014-05-04 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 15:18 - 2014-05-04 15:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-04 15:18 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 15:18 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-04 12:04 - 2014-05-04 12:04 - 00000000 ____D () C:\Users\bear\AppData\Roaming\enchant
2014-05-04 12:03 - 2014-05-04 12:03 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-05-04 12:02 - 2014-05-04 12:03 - 27388280 _____ () C:\Users\bear\Downloads\pidgin-2.10.6-offline.exe
2014-05-04 10:21 - 2014-05-04 10:21 - 00000218 _____ () C:\Users\bear\.recently-used.xbel
2014-05-04 10:16 - 2014-05-04 10:16 - 00000000 ____D () C:\Users\bear\AppData\Local\gtk-2.0
2014-05-04 10:05 - 2014-05-04 12:05 - 00000000 ____D () C:\Users\bear\AppData\Roaming\.purple
2014-05-04 10:05 - 2014-05-04 10:05 - 00000000 ____D () C:\Users\bear\AppData\Local\enchant
2014-05-04 10:04 - 2014-05-04 12:03 - 00000000 ____D () C:\Program Files\Pidgin
2014-05-04 09:59 - 2014-05-04 10:00 - 09581136 _____ () C:\Users\bear\Downloads\pidgin-2.10.9.exe
2014-05-03 12:18 - 2014-05-03 12:18 - 04745984 _____ (Piriform Ltd) C:\Users\bear\Downloads\ccsetup413.exe
2014-05-03 12:18 - 2014-05-03 12:18 - 00000972 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 12:18 - 2014-05-03 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-03 12:18 - 2014-05-03 12:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-30 19:49 - 2014-04-30 19:49 - 00001058 _____ () C:\Users\bear\Desktop\ShatteredGalaxy.lnk
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Users\bear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\KRU
2014-04-30 19:37 - 2014-04-30 20:00 - 538189096 _____ (Softnyx co.,ltd. ) C:\Users\bear\Downloads\GunBound_GIS_S3_130423_Ver1102.exe
2014-04-30 19:35 - 2014-04-30 19:40 - 177156206 _____ () C:\Users\bear\Downloads\SGalaxy185.exe
2014-04-30 19:08 - 2014-04-30 19:08 - 00000000 ____D () C:\Program Files\AuthenTec
2014-04-30 19:07 - 2014-03-06 03:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-30 19:07 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 19:07 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 19:07 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 19:07 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 19:07 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 19:07 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 19:07 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 19:07 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 19:07 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 19:07 - 2014-03-06 02:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 19:07 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 19:07 - 2014-03-06 02:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-30 19:07 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 19:07 - 2014-03-06 02:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 19:07 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 19:07 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 19:07 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 19:07 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 19:07 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 19:07 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 19:07 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 19:07 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 19:07 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 18:30 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-30 18:07 - 2014-05-14 03:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 17:21 - 2013-10-01 18:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-30 17:20 - 2013-10-01 19:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-30 17:20 - 2013-10-01 19:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-30 17:20 - 2013-10-01 19:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-30 17:20 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-30 17:20 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-30 17:20 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-30 17:20 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-30 17:20 - 2013-10-01 18:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-30 17:20 - 2013-10-01 17:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-30 17:20 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-30 16:56 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-30 16:56 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-30 16:46 - 2014-04-30 16:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-30 16:46 - 2014-04-30 16:46 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-30 16:46 - 2014-04-30 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-30 16:41 - 2014-04-30 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-30 16:18 - 2014-04-30 18:37 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-30 16:17 - 2014-04-30 18:37 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-30 16:08 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-30 16:07 - 2014-02-03 21:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-30 16:07 - 2014-02-03 21:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-30 16:07 - 2014-02-03 21:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-30 16:07 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-30 16:07 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-30 16:07 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-30 16:07 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-30 16:07 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-30 16:07 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-30 16:07 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-30 16:07 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-30 16:07 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-30 16:07 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-30 16:07 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-30 16:07 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-30 16:07 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-30 16:07 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-30 16:07 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-30 16:06 - 2014-03-04 04:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-30 16:06 - 2014-02-06 20:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-30 16:06 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-30 16:06 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-30 16:06 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-30 16:06 - 2014-01-27 21:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-30 16:06 - 2014-01-23 21:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-30 16:06 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-30 16:06 - 2013-11-26 20:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-30 16:06 - 2013-11-26 20:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-30 16:06 - 2013-11-26 20:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-30 16:06 - 2013-11-26 20:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-30 16:06 - 2013-11-26 20:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-30 16:06 - 2013-11-26 20:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-30 16:06 - 2013-11-26 20:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-30 16:06 - 2013-11-26 06:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-30 16:06 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-30 16:06 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-30 16:06 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-30 16:06 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-30 16:06 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-30 16:06 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-30 16:06 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-30 16:06 - 2013-10-03 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-30 16:06 - 2013-10-03 20:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-30 16:06 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-30 16:04 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-30 16:04 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-30 16:04 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-30 16:04 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-30 16:04 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-30 16:04 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-30 16:04 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-30 16:04 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-30 16:04 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-30 15:49 - 2014-04-30 15:49 - 00000000 ____D () C:\Users\bear\AppData\Roaming\QuickScan
2014-04-30 08:37 - 2014-04-30 08:37 - 00002090 _____ () C:\Users\Public\Desktop\Windows 7 Manager.lnk
2014-04-30 08:37 - 2014-04-30 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
2014-04-30 08:37 - 2014-04-30 08:37 - 00000000 ____D () C:\Program Files\Yamicsoft
2014-04-30 08:33 - 2014-04-30 08:33 - 13977840 _____ (Yamicsoft) C:\Users\bear\Downloads\windows7manager.exe
2014-04-25 21:44 - 2014-04-25 21:44 - 00000283 _____ () C:\Users\bear\Desktop\catchme.log
2014-04-25 20:57 - 2014-05-17 00:07 - 00000000 ____D () C:\Users\bear\Desktop\New folder (4)
2014-04-25 20:57 - 2014-04-25 20:57 - 00000000 ____D () C:\Users\bear\AppData\Local\Macromedia
2014-04-25 20:56 - 2014-04-25 20:57 - 91832912 _____ (Sophos Limited) C:\Users\bear\Downloads\Sophos Virus Removal Tool.exe
2014-04-25 20:55 - 2014-04-25 20:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bear\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 13:35 - 2014-04-22 13:35 - 00532002 _____ () C:\Users\bear\Downloads\11045.htm
2014-04-22 13:35 - 2014-04-22 13:35 - 00042508 _____ () C:\Users\bear\Downloads\5546.htm
2014-04-22 13:35 - 2014-04-22 13:35 - 00030563 _____ () C:\Users\bear\Downloads\57185.htm
2014-04-20 21:02 - 2014-04-20 21:02 - 00000165 _____ () C:\Users\bear\Downloads\prepatch.log
2014-04-18 22:58 - 2014-04-18 22:58 - 00000000 ____D () C:\ProgramData\Sun
2014-04-18 22:58 - 2014-04-18 22:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 22:51 - 2014-04-18 22:51 - 00921512 _____ (Oracle Corporation) C:\Users\bear\Downloads\jxpiinstall.exe
2014-04-18 22:50 - 2014-04-18 22:50 - 06957280 _____ (Microsoft Corporation) C:\Users\bear\Downloads\Silverlight.exe
2014-04-18 19:26 - 2014-04-18 19:26 - 05454719 _____ (Blizzard Entertainment) C:\Users\bear\Downloads\LODPatch_113d.exe
2014-04-18 11:47 - 2014-04-22 17:55 - 00000000 ____D () C:\Users\bear\Desktop\New folder (3)

==================== One Month Modified Files and Folders =======

2014-05-17 00:07 - 2014-05-16 23:47 - 00000000 ____D () C:\FRST
2014-05-17 00:07 - 2014-04-25 20:57 - 00000000 ____D () C:\Users\bear\Desktop\New folder (4)
2014-05-17 00:06 - 2010-11-20 16:01 - 00006182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 00:01 - 2014-05-17 00:01 - 00315456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-17 00:01 - 2014-05-17 00:01 - 00000056 _____ () C:\Windows\setupact.log
2014-05-17 00:01 - 2014-05-17 00:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 00:01 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 23:30 - 2014-05-16 23:26 - 00050310 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 23:30 - 2009-07-13 23:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 23:30 - 2009-07-13 23:34 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 11:45 - 2014-05-15 11:40 - 00000000 ____D () C:\AdwCleaner
2014-05-15 11:43 - 2014-05-15 11:43 - 00001050 _____ () C:\Users\bear\Desktop\AdwCleaner[S0].txt
2014-05-15 02:17 - 2014-05-15 02:17 - 00000000 ____D () C:\88ab20b5d21107ea58
2014-05-15 02:17 - 2014-05-15 02:17 - 00000000 ____D () C:\01d3332b6106427574f3
2014-05-15 02:17 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-14 03:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-14 03:19 - 2014-04-30 18:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 01:19 - 2013-10-29 16:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-13 02:04 - 2013-10-29 16:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-12 08:37 - 2013-10-10 18:56 - 00000000 ____D () C:\Users\bear\AppData\Roaming\vlc
2014-05-11 09:35 - 2013-11-08 19:51 - 00000000 ____D () C:\Program Files\Diablo II
2014-05-09 02:06 - 2014-05-14 01:45 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 02:04 - 2014-05-14 01:45 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 12:02 - 2014-05-08 12:02 - 00000000 __SHD () C:\Users\bear\AppData\Local\EmieUserList
2014-05-08 12:02 - 2014-05-08 12:02 - 00000000 __SHD () C:\Users\bear\AppData\Local\EmieSiteList
2014-05-08 00:12 - 2014-05-08 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2014-05-08 00:12 - 2014-05-08 00:12 - 00000000 ____D () C:\Dev-Cpp
2014-05-08 00:11 - 2014-05-08 00:07 - 268435456 _____ () C:\Users\bear\Downloads\install-amd64-minimal-20140403.iso
2014-05-07 23:26 - 2014-05-07 23:26 - 09326468 _____ () C:\Users\bear\Downloads\devcpp-4.9.9.2_setup.exe
2014-05-06 00:28 - 2014-05-06 00:28 - 00000000 ____D () C:\ProgramData\Privacyware
2014-05-06 00:28 - 2014-05-06 00:28 - 00000000 ____D () C:\Program Files\Privacyware
2014-05-06 00:28 - 2014-05-06 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2014-05-06 00:11 - 2014-05-06 00:11 - 00000000 ____D () C:\Users\bear\AppData\Local\Privatefirewall
2014-05-06 00:09 - 2013-10-01 21:32 - 00000494 _____ () C:\Windows\ODBC.INI
2014-05-05 22:25 - 2014-05-14 03:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 22:07 - 2014-05-14 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 21:10 - 2014-05-14 03:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 12:46 - 2014-05-05 12:45 - 00014639 _____ () C:\Users\bear\Desktop\dds.txt
2014-05-05 12:46 - 2014-05-05 12:45 - 00011122 _____ () C:\Users\bear\Desktop\attach.txt
2014-05-05 12:44 - 2014-05-05 12:44 - 00688992 ____R (Swearware) C:\Users\bear\Desktop\dds.com
2014-05-04 23:27 - 2013-10-19 19:11 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-05-04 23:27 - 2013-10-19 19:11 - 00000000 ____D () C:\Windows\system32\directx
2014-05-04 23:26 - 2013-10-19 19:11 - 00292184 _____ (Microsoft Corporation) C:\Users\bear\Downloads\dxwebsetup.exe
2014-05-04 16:03 - 2014-05-04 15:18 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 16:03 - 2014-05-04 15:18 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 15:18 - 2014-05-04 15:18 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-04 15:18 - 2014-05-04 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-04 15:18 - 2014-05-04 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 15:18 - 2014-05-04 15:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-04 12:05 - 2014-05-04 10:05 - 00000000 ____D () C:\Users\bear\AppData\Roaming\.purple
2014-05-04 12:04 - 2014-05-04 12:04 - 00000000 ____D () C:\Users\bear\AppData\Roaming\enchant
2014-05-04 12:03 - 2014-05-04 12:03 - 00000956 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2014-05-04 12:03 - 2014-05-04 12:02 - 27388280 _____ () C:\Users\bear\Downloads\pidgin-2.10.6-offline.exe
2014-05-04 12:03 - 2014-05-04 10:04 - 00000000 ____D () C:\Program Files\Pidgin
2014-05-04 10:21 - 2014-05-04 10:21 - 00000218 _____ () C:\Users\bear\.recently-used.xbel
2014-05-04 10:21 - 2013-09-18 21:25 - 00000000 ____D () C:\Users\bear
2014-05-04 10:16 - 2014-05-04 10:16 - 00000000 ____D () C:\Users\bear\AppData\Local\gtk-2.0
2014-05-04 10:05 - 2014-05-04 10:05 - 00000000 ____D () C:\Users\bear\AppData\Local\enchant
2014-05-04 10:00 - 2014-05-04 09:59 - 09581136 _____ () C:\Users\bear\Downloads\pidgin-2.10.9.exe
2014-05-03 12:20 - 2013-10-25 17:15 - 00000000 ____D () C:\Users\bear\AppData\Roaming\Notepad++
2014-05-03 12:20 - 2013-10-10 18:36 - 00000000 ____D () C:\Program Files\Steam
2014-05-03 12:20 - 2012-01-10 10:40 - 00000000 ____D () C:\Windows\Panther
2014-05-03 12:20 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-03 12:18 - 2014-05-03 12:18 - 04745984 _____ (Piriform Ltd) C:\Users\bear\Downloads\ccsetup413.exe
2014-05-03 12:18 - 2014-05-03 12:18 - 00000972 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-03 12:18 - 2014-05-03 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-03 12:18 - 2014-05-03 12:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-30 20:00 - 2014-04-30 19:37 - 538189096 _____ (Softnyx co.,ltd. ) C:\Users\bear\Downloads\GunBound_GIS_S3_130423_Ver1102.exe
2014-04-30 19:49 - 2014-04-30 19:49 - 00001058 _____ () C:\Users\bear\Desktop\ShatteredGalaxy.lnk
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Users\bear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\KRU
2014-04-30 19:40 - 2014-04-30 19:35 - 177156206 _____ () C:\Users\bear\Downloads\SGalaxy185.exe
2014-04-30 19:21 - 2013-10-10 16:29 - 00000000 ____D () C:\Users\bear\Desktop\New folder
2014-04-30 19:08 - 2014-04-30 19:08 - 00000000 ____D () C:\Program Files\AuthenTec
2014-04-30 19:08 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-04-30 18:37 - 2014-04-30 16:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-30 18:37 - 2014-04-30 16:18 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-30 18:37 - 2014-04-30 16:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-30 17:00 - 2013-09-19 17:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-30 16:46 - 2014-04-30 16:46 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-30 16:46 - 2014-04-30 16:46 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-30 16:46 - 2014-04-30 16:46 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-30 16:46 - 2014-04-30 16:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-30 16:46 - 2014-04-30 16:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-30 16:46 - 2014-04-30 16:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-30 16:08 - 2013-09-18 22:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-30 15:49 - 2014-04-30 15:49 - 00000000 ____D () C:\Users\bear\AppData\Roaming\QuickScan
2014-04-30 08:37 - 2014-04-30 08:37 - 00002090 _____ () C:\Users\Public\Desktop\Windows 7 Manager.lnk
2014-04-30 08:37 - 2014-04-30 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
2014-04-30 08:37 - 2014-04-30 08:37 - 00000000 ____D () C:\Program Files\Yamicsoft
2014-04-30 08:33 - 2014-04-30 08:33 - 13977840 _____ (Yamicsoft) C:\Users\bear\Downloads\windows7manager.exe
2014-04-25 21:44 - 2014-04-25 21:44 - 00000283 _____ () C:\Users\bear\Desktop\catchme.log
2014-04-25 21:43 - 2009-07-13 21:04 - 00000219 _____ () C:\Windows\system.ini
2014-04-25 20:57 - 2014-04-25 20:57 - 00000000 ____D () C:\Users\bear\AppData\Local\Macromedia
2014-04-25 20:57 - 2014-04-25 20:56 - 91832912 _____ (Sophos Limited) C:\Users\bear\Downloads\Sophos Virus Removal Tool.exe
2014-04-25 20:56 - 2013-09-18 21:25 - 00000000 ____D () C:\Users\bear\AppData\Local\Adobe
2014-04-25 20:55 - 2014-04-25 20:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\bear\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-25 20:54 - 2013-09-19 17:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-25 20:54 - 2012-01-10 15:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-23 17:20 - 2013-12-15 18:02 - 00000000 ____D () C:\Users\bear\AppData\Roaming\InstallShield Installation Information
2014-04-22 17:55 - 2014-04-18 11:47 - 00000000 ____D () C:\Users\bear\Desktop\New folder (3)
2014-04-22 13:35 - 2014-04-22 13:35 - 00532002 _____ () C:\Users\bear\Downloads\11045.htm
2014-04-22 13:35 - 2014-04-22 13:35 - 00042508 _____ () C:\Users\bear\Downloads\5546.htm
2014-04-22 13:35 - 2014-04-22 13:35 - 00030563 _____ () C:\Users\bear\Downloads\57185.htm
2014-04-20 21:02 - 2014-04-20 21:02 - 00000165 _____ () C:\Users\bear\Downloads\prepatch.log
2014-04-19 11:37 - 2012-01-10 10:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-18 22:58 - 2014-04-18 22:58 - 00000000 ____D () C:\ProgramData\Sun
2014-04-18 22:58 - 2014-04-18 22:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-18 22:52 - 2013-09-23 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-18 22:51 - 2014-04-18 22:51 - 00921512 _____ (Oracle Corporation) C:\Users\bear\Downloads\jxpiinstall.exe
2014-04-18 22:50 - 2014-04-18 22:50 - 06957280 _____ (Microsoft Corporation) C:\Users\bear\Downloads\Silverlight.exe
2014-04-18 19:26 - 2014-04-18 19:26 - 05454719 _____ (Blizzard Entertainment) C:\Users\bear\Downloads\LODPatch_113d.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 01:45] - [2014-03-04 04:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 03:06

==================== End Of Log ============================
__________________________________________________________________
 
 
 
 
TDSS Log:
 
21:38:07.0891 2236  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:38:07.0971 2236  ============================================================
21:38:07.0971 2236  Current date / time: 2014/04/25 21:38:07.0971
21:38:07.0971 2236  SystemInfo:
21:38:07.0971 2236  
21:38:07.0971 2236  OS Version: 6.1.7601 ServicePack: 1.0
21:38:07.0971 2236  Product type: Workstation
21:38:07.0971 2236  ComputerName:
21:38:07.0971 2236  UserName: bear
21:38:07.0971 2236  Windows directory: C:\Windows
21:38:07.0971 2236  System windows directory: C:\Windows
21:38:07.0971 2236  Processor architecture: Intel x86
21:38:07.0971 2236  Number of processors: 2
21:38:07.0971 2236  Page size: 0x1000
21:38:07.0971 2236  Boot type: Normal boot
21:38:07.0971 2236  ============================================================
21:38:10.0627 2236  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:38:10.0647 2236  ============================================================
21:38:10.0647 2236  \Device\Harddisk0\DR0:
21:38:10.0707 2236  MBR partitions:
21:38:10.0707 2236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8BC000, BlocksNum 0xB195800
21:38:10.0707 2236  ============================================================
21:38:10.0837 2236  C: <-> \Device\Harddisk0\DR0\Partition1
21:38:10.0837 2236  ============================================================
21:38:10.0837 2236  Initialize success
21:38:10.0837 2236  ============================================================
21:38:19.0688 3144  ============================================================
21:38:19.0688 3144  Scan started
21:38:19.0688 3144  Mode: Manual; SigCheck; TDLFS;
21:38:19.0688 3144  ============================================================
21:38:20.0558 3144  ================ Scan system memory ========================
21:38:20.0558 3144  System memory - ok
21:38:20.0558 3144  ================ Scan services =============================
21:38:20.0780 3144  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:38:20.0872 3144  1394ohci - ok
21:38:20.0922 3144  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:38:20.0962 3144  ACPI - ok
21:38:20.0987 3144  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:38:21.0014 3144  AcpiPmi - ok
21:38:21.0064 3144  [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
21:38:21.0094 3144  ADIHdAudAddService - ok
21:38:21.0194 3144  [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:38:21.0224 3144  AdobeARMservice - ok
21:38:21.0266 3144  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:38:21.0306 3144  adp94xx - ok
21:38:21.0346 3144  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:38:21.0386 3144  adpahci - ok
21:38:21.0415 3144  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:38:21.0438 3144  adpu320 - ok
21:38:21.0472 3144  [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
21:38:21.0510 3144  AEADIFilters - ok
21:38:21.0530 3144  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:38:21.0660 3144  AeLookupSvc - ok
21:38:21.0732 3144  [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD             C:\Windows\system32\drivers\afd.sys
21:38:21.0772 3144  AFD - ok
21:38:21.0800 3144  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:38:21.0824 3144  agp440 - ok
21:38:21.0854 3144  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:38:21.0874 3144  aic78xx - ok
21:38:21.0934 3144  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:38:21.0984 3144  ALG - ok
21:38:22.0036 3144  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:38:22.0056 3144  aliide - ok
21:38:22.0076 3144  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:38:22.0096 3144  amdagp - ok
21:38:22.0116 3144  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:38:22.0136 3144  amdide - ok
21:38:22.0186 3144  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:38:22.0206 3144  AmdK8 - ok
21:38:22.0237 3144  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:38:22.0268 3144  AmdPPM - ok
21:38:22.0308 3144  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:38:22.0338 3144  amdsata - ok
21:38:22.0378 3144  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:38:22.0408 3144  amdsbs - ok
21:38:22.0437 3144  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:38:22.0461 3144  amdxata - ok
21:38:22.0500 3144  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:38:22.0550 3144  AppID - ok
21:38:22.0600 3144  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:38:22.0660 3144  AppIDSvc - ok
21:38:22.0701 3144  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
21:38:22.0742 3144  Appinfo - ok
21:38:22.0792 3144  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
21:38:22.0822 3144  arc - ok
21:38:22.0852 3144  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:38:22.0872 3144  arcsas - ok
21:38:23.0012 3144  [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:38:23.0062 3144  aspnet_state - ok
21:38:23.0102 3144  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:23.0165 3144  AsyncMac - ok
21:38:23.0195 3144  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:38:23.0214 3144  atapi - ok
21:38:23.0261 3144  [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm        C:\Windows\system32\drivers\atmeltpm.sys
21:38:23.0276 3144  atmeltpm - ok
21:38:23.0316 3144  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:38:23.0396 3144  AudioEndpointBuilder - ok
21:38:23.0416 3144  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:38:23.0475 3144  Audiosrv - ok
21:38:23.0518 3144  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:38:23.0568 3144  AxInstSV - ok
21:38:23.0628 3144  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
21:38:23.0668 3144  b06bdrv - ok
21:38:23.0720 3144  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:38:23.0750 3144  b57nd60x - ok
21:38:23.0840 3144  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:38:23.0880 3144  BDESVC - ok
21:38:23.0900 3144  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:38:23.0957 3144  Beep - ok
21:38:24.0002 3144  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:38:24.0062 3144  BFE - ok
21:38:24.0118 3144  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:38:24.0186 3144  BITS - ok
21:38:24.0216 3144  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:38:24.0236 3144  blbdrive - ok
21:38:24.0270 3144  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:38:24.0308 3144  BrFiltLo - ok
21:38:24.0318 3144  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:38:24.0348 3144  BrFiltUp - ok
21:38:24.0390 3144  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:38:24.0430 3144  Browser - ok
21:38:24.0490 3144  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:38:24.0510 3144  Brserid - ok
21:38:24.0540 3144  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:24.0570 3144  BrSerWdm - ok
21:38:24.0590 3144  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:24.0627 3144  BrUsbMdm - ok
21:38:24.0650 3144  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:24.0672 3144  BrUsbSer - ok
21:38:24.0792 3144  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:38:24.0812 3144  BthEnum - ok
21:38:24.0842 3144  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:38:24.0872 3144  BthPan - ok
21:38:24.0912 3144  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:38:24.0992 3144  bthserv - ok
21:38:25.0034 3144  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:38:25.0084 3144  cdfs - ok
21:38:25.0144 3144  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:38:25.0174 3144  cdrom - ok
21:38:25.0209 3144  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:38:25.0256 3144  CertPropSvc - ok
21:38:25.0276 3144  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:38:25.0306 3144  circlass - ok
21:38:25.0366 3144  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:38:25.0396 3144  CLFS - ok
21:38:25.0458 3144  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:38:25.0508 3144  clr_optimization_v2.0.50727_32 - ok
21:38:25.0598 3144  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:38:25.0668 3144  clr_optimization_v4.0.30319_32 - ok
21:38:25.0700 3144  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:38:25.0720 3144  CmBatt - ok
21:38:25.0740 3144  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:38:25.0770 3144  cmdide - ok
21:38:25.0820 3144  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:38:25.0870 3144  CNG - ok
21:38:25.0913 3144  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:38:25.0937 3144  Compbatt - ok
21:38:25.0972 3144  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:38:26.0002 3144  CompositeBus - ok
21:38:26.0032 3144  COMSysApp - ok
21:38:26.0062 3144  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:38:26.0082 3144  crcdisk - ok
21:38:26.0134 3144  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:38:26.0164 3144  CryptSvc - ok
21:38:26.0206 3144  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:38:26.0266 3144  DcomLaunch - ok
21:38:26.0336 3144  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:38:26.0399 3144  defragsvc - ok
21:38:26.0428 3144  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:38:26.0478 3144  DfsC - ok
21:38:26.0538 3144  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:38:26.0578 3144  Dhcp - ok
21:38:26.0598 3144  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:38:26.0661 3144  discache - ok
21:38:26.0690 3144  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
21:38:26.0720 3144  Disk - ok
21:38:26.0760 3144  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:38:26.0790 3144  Dnscache - ok
21:38:26.0829 3144  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:38:26.0892 3144  dot3svc - ok
21:38:26.0932 3144  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:38:27.0002 3144  DPS - ok
21:38:27.0034 3144  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:38:27.0064 3144  drmkaud - ok
21:38:27.0136 3144  [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:38:27.0176 3144  DXGKrnl - ok
21:38:27.0226 3144  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
21:38:27.0266 3144  e1express - ok
21:38:27.0304 3144  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:38:27.0378 3144  EapHost - ok
21:38:27.0488 3144  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
21:38:27.0590 3144  ebdrv - ok
21:38:27.0630 3144  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:38:27.0660 3144  EFS - ok
21:38:27.0740 3144  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:38:27.0780 3144  ehRecvr - ok
21:38:27.0818 3144  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:38:27.0842 3144  ehSched - ok
21:38:27.0902 3144  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:38:27.0932 3144  elxstor - ok
21:38:27.0972 3144  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:38:28.0002 3144  ErrDev - ok
21:38:28.0042 3144  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:38:28.0114 3144  EventSystem - ok
21:38:28.0194 3144  [ 33ABDDB21DE2F4BB1B05A5A3A671BD64 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:38:28.0244 3144  EvtEng - ok
21:38:28.0271 3144  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:38:28.0330 3144  exfat - ok
21:38:28.0346 3144  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:38:28.0398 3144  fastfat - ok
21:38:28.0418 3144  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
21:38:28.0458 3144  fdc - ok
21:38:28.0498 3144  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:38:28.0558 3144  fdPHost - ok
21:38:28.0585 3144  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:38:28.0639 3144  FDResPub - ok
21:38:28.0665 3144  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:38:28.0681 3144  FileInfo - ok
21:38:28.0711 3144  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:38:28.0764 3144  Filetrace - ok
21:38:28.0781 3144  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:38:28.0833 3144  flpydisk - ok
21:38:28.0913 3144  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:38:28.0943 3144  FltMgr - ok
21:38:29.0015 3144  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
21:38:29.0075 3144  FontCache - ok
21:38:29.0155 3144  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:38:29.0185 3144  FontCache3.0.0.0 - ok
21:38:29.0205 3144  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:38:29.0245 3144  FsDepends - ok
21:38:29.0295 3144  [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:38:29.0315 3144  fssfltr - ok
21:38:29.0387 3144  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:38:29.0434 3144  fsssvc - ok
21:38:29.0459 3144  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:38:29.0479 3144  Fs_Rec - ok
21:38:29.0579 3144  [ D07A5943D46E42D79C00A8BAA20B7F7E ] fussvc          C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe
21:38:29.0619 3144  fussvc ( UnsignedFile.Multi.Generic ) - warning
21:38:29.0619 3144  fussvc - detected UnsignedFile.Multi.Generic (1)
21:38:29.0659 3144  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:38:29.0699 3144  fvevol - ok
21:38:29.0759 3144  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:38:29.0799 3144  gagp30kx - ok
21:38:29.0841 3144  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:38:29.0915 3144  gpsvc - ok
21:38:29.0933 3144  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:38:29.0973 3144  hcw85cir - ok
21:38:30.0013 3144  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:38:30.0063 3144  HdAudAddService - ok
21:38:30.0101 3144  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:38:30.0125 3144  HDAudBus - ok
21:38:30.0164 3144  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:38:30.0197 3144  HidBatt - ok
21:38:30.0217 3144  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:38:30.0247 3144  HidBth - ok
21:38:30.0297 3144  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:38:30.0327 3144  HidIr - ok
21:38:30.0363 3144  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:38:30.0420 3144  hidserv - ok
21:38:30.0491 3144  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:38:30.0511 3144  HidUsb - ok
21:38:30.0541 3144  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:38:30.0601 3144  hkmsvc - ok
21:38:30.0631 3144  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:38:30.0661 3144  HomeGroupListener - ok
21:38:30.0706 3144  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:38:30.0743 3144  HomeGroupProvider - ok
21:38:30.0773 3144  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:38:30.0793 3144  HpSAMD - ok
21:38:30.0813 3144  HSFHWAZL - ok
21:38:30.0823 3144  HSF_DPV - ok
21:38:30.0913 3144  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:38:30.0977 3144  HTTP - ok
21:38:30.0995 3144  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:38:31.0015 3144  hwpolicy - ok
21:38:31.0085 3144  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:38:31.0105 3144  i8042prt - ok
21:38:31.0149 3144  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:38:31.0183 3144  iaStorV - ok
21:38:31.0227 3144  [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV        C:\Windows\system32\drivers\ibmpmdrv.sys
21:38:31.0297 3144  IBMPMDRV - ok
21:38:31.0340 3144  [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
21:38:31.0359 3144  IBMPMSVC - ok
21:38:31.0459 3144  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:38:31.0539 3144  idsvc - ok
21:38:31.0579 3144  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:38:31.0599 3144  iirsp - ok
21:38:31.0679 3144  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:38:31.0759 3144  IKEEXT - ok
21:38:31.0799 3144  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:38:31.0819 3144  intelide - ok
21:38:31.0867 3144  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:38:31.0891 3144  intelppm - ok
21:38:31.0920 3144  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:38:31.0973 3144  IPBusEnum - ok
21:38:32.0003 3144  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:38:32.0043 3144  IpFilterDriver - ok
21:38:32.0133 3144  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:38:32.0173 3144  iphlpsvc - ok
21:38:32.0204 3144  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:38:32.0230 3144  IPMIDRV - ok
21:38:32.0255 3144  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:38:32.0305 3144  IPNAT - ok
21:38:32.0335 3144  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:38:32.0375 3144  IRENUM - ok
21:38:32.0405 3144  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:38:32.0433 3144  isapnp - ok
21:38:32.0487 3144  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:38:32.0517 3144  iScsiPrt - ok
21:38:32.0567 3144  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
21:38:32.0587 3144  kbdclass - ok
21:38:32.0617 3144  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
21:38:32.0657 3144  kbdhid - ok
21:38:32.0667 3144  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:38:32.0702 3144  KeyIso - ok
21:38:32.0737 3144  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:38:32.0759 3144  KSecDD - ok
21:38:32.0779 3144  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:38:32.0808 3144  KSecPkg - ok
21:38:32.0841 3144  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:38:32.0911 3144  KtmRm - ok
21:38:32.0943 3144  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:38:33.0014 3144  LanmanServer - ok
21:38:33.0047 3144  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:38:33.0097 3144  LanmanWorkstation - ok
21:38:33.0157 3144  [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:38:33.0177 3144  LENOVO.MICMUTE - ok
21:38:33.0219 3144  [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
21:38:33.0239 3144  lenovo.smi - ok
21:38:33.0259 3144  [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:38:33.0289 3144  Lenovo.VIRTSCRLSVC - ok
21:38:33.0349 3144  [ BC5BFED7DBEA82FC3DAA7FE16177ECBE ] LenovoRd        C:\Windows\system32\Drivers\LenovoRd.sys
21:38:33.0369 3144  LenovoRd - ok
21:38:33.0389 3144  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:38:33.0449 3144  lltdio - ok
21:38:33.0471 3144  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:38:33.0531 3144  lltdsvc - ok
21:38:33.0551 3144  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:38:33.0611 3144  lmhosts - ok
21:38:33.0653 3144  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:38:33.0683 3144  LSI_FC - ok
21:38:33.0703 3144  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:38:33.0733 3144  LSI_SAS - ok
21:38:33.0765 3144  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:38:33.0790 3144  LSI_SAS2 - ok
21:38:33.0822 3144  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:38:33.0848 3144  LSI_SCSI - ok
21:38:33.0875 3144  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:38:33.0925 3144  luafv - ok
21:38:33.0955 3144  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:38:33.0985 3144  Mcx2Svc - ok
21:38:33.0995 3144  mdmxsdk - ok
21:38:34.0009 3144  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:38:34.0033 3144  megasas - ok
21:38:34.0060 3144  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:38:34.0087 3144  MegaSR - ok
21:38:34.0127 3144  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:38:34.0179 3144  MMCSS - ok
21:38:34.0209 3144  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:38:34.0260 3144  Modem - ok
21:38:34.0291 3144  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:38:34.0321 3144  monitor - ok
21:38:34.0361 3144  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:38:34.0381 3144  mouclass - ok
21:38:34.0411 3144  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:38:34.0431 3144  mouhid - ok
21:38:34.0478 3144  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:38:34.0493 3144  mountmgr - ok
21:38:34.0585 3144  [ AEE4E9CC59CDEB55B1ECB0E596E796BE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:38:34.0615 3144  MozillaMaintenance - ok
21:38:34.0665 3144  [ EB950BFE2432D4FDCD2DDA9CA7665055 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:38:34.0685 3144  MpFilter - ok
21:38:34.0705 3144  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:38:34.0739 3144  mpio - ok
21:38:34.0755 3144  [ BFD981F12C8C6BEEBDCA70EFBFDD0A08 ] MpNWMon         C:\Windows\system32\DRIVERS\MpNWMon.sys
21:38:34.0773 3144  MpNWMon - ok
21:38:34.0798 3144  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:38:34.0837 3144  mpsdrv - ok
21:38:34.0895 3144  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:38:34.0965 3144  MpsSvc - ok
21:38:34.0991 3144  [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:38:35.0021 3144  MRxDAV - ok
21:38:35.0051 3144  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:38:35.0081 3144  mrxsmb - ok
21:38:35.0111 3144  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:38:35.0131 3144  mrxsmb10 - ok
21:38:35.0161 3144  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:38:35.0197 3144  mrxsmb20 - ok
21:38:35.0223 3144  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:38:35.0243 3144  msahci - ok
21:38:35.0263 3144  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:38:35.0300 3144  msdsm - ok
21:38:35.0332 3144  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:38:35.0353 3144  MSDTC - ok
21:38:35.0457 3144  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:38:35.0530 3144  Msfs - ok
21:38:35.0585 3144  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:38:35.0642 3144  mshidkmdf - ok
21:38:35.0677 3144  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:38:35.0697 3144  msisadrv - ok
21:38:35.0727 3144  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:38:35.0787 3144  MSiSCSI - ok
21:38:35.0800 3144  msiserver - ok
21:38:35.0829 3144  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:38:35.0879 3144  MSKSSRV - ok
21:38:35.0941 3144  [ 895D27930107553C275E5679E7572B58 ] MsMpSvc         c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
21:38:35.0971 3144  MsMpSvc - ok
21:38:36.0003 3144  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:38:36.0063 3144  MSPCLOCK - ok
21:38:36.0093 3144  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:38:36.0154 3144  MSPQM - ok
21:38:36.0170 3144  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:38:36.0202 3144  MsRPC - ok
21:38:36.0235 3144  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:38:36.0255 3144  mssmbios - ok
21:38:36.0295 3144  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:38:36.0401 3144  MSTEE - ok
21:38:36.0457 3144  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:38:36.0542 3144  MTConfig - ok
21:38:36.0584 3144  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:38:36.0619 3144  Mup - ok
21:38:36.0701 3144  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:38:36.0807 3144  napagent - ok
21:38:36.0924 3144  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:38:36.0949 3144  NativeWifiP - ok
21:38:37.0029 3144  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:38:37.0102 3144  NDIS - ok
21:38:37.0127 3144  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:38:37.0187 3144  NdisCap - ok
21:38:37.0212 3144  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:38:37.0251 3144  NdisTapi - ok
21:38:37.0293 3144  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:38:37.0353 3144  Ndisuio - ok
21:38:37.0376 3144  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:38:37.0425 3144  NdisWan - ok
21:38:37.0435 3144  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:38:37.0494 3144  NDProxy - ok
21:38:37.0537 3144  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:38:37.0587 3144  NetBIOS - ok
21:38:37.0617 3144  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:38:37.0677 3144  NetBT - ok
21:38:37.0707 3144  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:38:37.0727 3144  Netlogon - ok
21:38:37.0779 3144  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:38:37.0849 3144  Netman - ok
21:38:37.0899 3144  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:37.0939 3144  NetMsmqActivator - ok
21:38:37.0953 3144  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:37.0990 3144  NetPipeActivator - ok
21:38:38.0006 3144  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:38:38.0081 3144  netprofm - ok
21:38:38.0188 3144  [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
21:38:38.0268 3144  netr28u - ok
21:38:38.0279 3144  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:38.0311 3144  NetTcpActivator - ok
21:38:38.0319 3144  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:38:38.0349 3144  NetTcpPortSharing - ok
21:38:38.0591 3144  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
21:38:38.0753 3144  netw5v32 - ok
21:38:39.0085 3144  [ D4EF7A9767C05905500EC312CB29EF46 ] NETwLv32        C:\Windows\system32\DRIVERS\NETwLv32.sys
21:38:39.0270 3144  NETwLv32 - ok
21:38:39.0316 3144  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:38:39.0349 3144  nfrd960 - ok
21:38:39.0389 3144  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:38:39.0429 3144  NlaSvc - ok
21:38:39.0471 3144  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:38:39.0542 3144  Npfs - ok
21:38:39.0576 3144  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:38:39.0639 3144  nsi - ok
21:38:39.0651 3144  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:38:39.0695 3144  nsiproxy - ok
21:38:39.0775 3144  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:38:39.0842 3144  Ntfs - ok
21:38:39.0877 3144  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:38:39.0927 3144  Null - ok
21:38:40.0448 3144  [ 3CBEDB51E3B885704A67E0078F9F03CB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:38:40.0758 3144  nvlddmkm - ok
21:38:40.0817 3144  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:38:40.0843 3144  nvraid - ok
21:38:40.0873 3144  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:38:40.0903 3144  nvstor - ok
21:38:40.0965 3144  [ 57BEC5B4A15F18E045CDFBB471AE1110 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:38:41.0015 3144  nvsvc - ok
21:38:41.0035 3144  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:38:41.0065 3144  nv_agp - ok
21:38:41.0075 3144  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:38:41.0125 3144  ohci1394 - ok
21:38:41.0173 3144  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:38:41.0217 3144  p2pimsvc - ok
21:38:41.0237 3144  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:38:41.0289 3144  p2psvc - ok
21:38:41.0319 3144  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
21:38:41.0359 3144  Parport - ok
21:38:41.0402 3144  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:38:41.0425 3144  partmgr - ok
21:38:41.0441 3144  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:38:41.0481 3144  Parvdm - ok
21:38:41.0501 3144  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:38:41.0547 3144  PcaSvc - ok
21:38:41.0568 3144  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:38:41.0652 3144  pci - ok
21:38:41.0706 3144  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:38:41.0733 3144  pciide - ok
21:38:41.0773 3144  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:38:41.0811 3144  pcmcia - ok
21:38:41.0900 3144  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:38:41.0928 3144  pcw - ok
21:38:41.0960 3144  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:38:42.0015 3144  PEAUTH - ok
21:38:42.0195 3144  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:38:42.0316 3144  pla - ok
21:38:42.0367 3144  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:38:42.0427 3144  PlugPlay - ok
21:38:42.0457 3144  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:38:42.0477 3144  PNRPAutoReg - ok
21:38:42.0507 3144  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:38:42.0537 3144  PNRPsvc - ok
21:38:42.0569 3144  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:38:42.0647 3144  PolicyAgent - ok
21:38:42.0684 3144  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:38:42.0729 3144  Power - ok
21:38:42.0781 3144  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:38:42.0858 3144  PptpMiniport - ok
21:38:42.0883 3144  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
21:38:42.0903 3144  Processor - ok
21:38:42.0963 3144  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:38:43.0083 3144  ProfSvc - ok
21:38:43.0093 3144  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:38:43.0134 3144  ProtectedStorage - ok
21:38:43.0285 3144  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:38:43.0355 3144  ql2300 - ok
21:38:43.0394 3144  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:38:43.0417 3144  ql40xx - ok
21:38:43.0451 3144  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:38:43.0479 3144  QWAVE - ok
21:38:43.0509 3144  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:38:43.0549 3144  QWAVEdrv - ok
21:38:43.0589 3144  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:38:43.0659 3144  RasAcd - ok
21:38:43.0691 3144  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:38:43.0760 3144  RasAgileVpn - ok
21:38:43.0793 3144  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:38:43.0864 3144  RasAuto - ok
21:38:43.0882 3144  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:38:43.0935 3144  Rasl2tp - ok
21:38:43.0977 3144  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:38:44.0059 3144  RasMan - ok
21:38:44.0079 3144  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:38:44.0139 3144  RasPppoe - ok
21:38:44.0157 3144  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:38:44.0211 3144  RasSstp - ok
21:38:44.0244 3144  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:38:44.0294 3144  rdbss - ok
21:38:44.0324 3144  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:38:44.0354 3144  rdpbus - ok
21:38:44.0384 3144  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:38:44.0434 3144  RDPCDD - ok
21:38:44.0466 3144  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:38:44.0506 3144  RDPENCDD - ok
21:38:44.0536 3144  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:38:44.0578 3144  RDPREFMP - ok
21:38:44.0628 3144  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:38:44.0668 3144  RdpVideoMiniport - ok
21:38:44.0700 3144  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:38:44.0740 3144  RDPWD - ok
21:38:44.0780 3144  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:38:44.0810 3144  rdyboost - ok
21:38:44.0930 3144  [ 03D281098CE722210C48E1E8CAFEA260 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:38:44.0980 3144  RegSrvc - ok
21:38:45.0022 3144  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:38:45.0082 3144  RemoteAccess - ok
21:38:45.0112 3144  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:38:45.0172 3144  RemoteRegistry - ok
21:38:45.0215 3144  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:38:45.0244 3144  RFCOMM - ok
21:38:45.0295 3144  [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk        C:\Windows\system32\drivers\rimmptsk.sys
21:38:45.0326 3144  rimmptsk - ok
21:38:45.0356 3144  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\drivers\rimsptsk.sys
21:38:45.0376 3144  rimsptsk - ok
21:38:45.0416 3144  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\drivers\rixdptsk.sys
21:38:45.0436 3144  rismxdp - ok
21:38:45.0476 3144  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:38:45.0552 3144  RpcEptMapper - ok
21:38:45.0578 3144  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:38:45.0598 3144  RpcLocator - ok
21:38:45.0658 3144  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:38:45.0708 3144  RpcSs - ok
21:38:45.0778 3144  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:38:45.0832 3144  rspndr - ok
21:38:45.0849 3144  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:38:45.0875 3144  SamSs - ok
21:38:45.0914 3144  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:38:45.0930 3144  sbp2port - ok
21:38:45.0970 3144  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:38:46.0040 3144  SCardSvr - ok
21:38:46.0082 3144  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:38:46.0122 3144  scfilter - ok
21:38:46.0174 3144  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:38:46.0244 3144  Schedule - ok
21:38:46.0274 3144  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:38:46.0314 3144  SCPolicySvc - ok
21:38:46.0354 3144  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:38:46.0394 3144  SDRSVC - ok
21:38:46.0466 3144  [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:38:46.0486 3144  SeaPort - ok
21:38:46.0536 3144  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:38:46.0576 3144  secdrv - ok
21:38:46.0618 3144  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:38:46.0688 3144  seclogon - ok
21:38:46.0738 3144  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:38:46.0788 3144  SENS - ok
21:38:46.0846 3144  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:38:46.0974 3144  SensrSvc - ok
21:38:46.0999 3144  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:38:47.0020 3144  Serenum - ok
21:38:47.0040 3144  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
21:38:47.0077 3144  Serial - ok
21:38:47.0097 3144  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:38:47.0122 3144  sermouse - ok
21:38:47.0157 3144  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:38:47.0242 3144  SessionEnv - ok
21:38:47.0264 3144  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:38:47.0302 3144  sffdisk - ok
21:38:47.0318 3144  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:38:47.0352 3144  sffp_mmc - ok
21:38:47.0361 3144  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:38:47.0418 3144  sffp_sd - ok
21:38:47.0431 3144  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:38:47.0484 3144  sfloppy - ok
21:38:47.0519 3144  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:38:47.0587 3144  SharedAccess - ok
21:38:47.0638 3144  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:38:47.0730 3144  ShellHWDetection - ok
21:38:47.0780 3144  [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
21:38:47.0930 3144  Shockprf - ok
21:38:47.0960 3144  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:38:47.0990 3144  sisagp - ok
21:38:48.0023 3144  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:38:48.0042 3144  SiSRaid2 - ok
21:38:48.0062 3144  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:38:48.0091 3144  SiSRaid4 - ok
21:38:48.0144 3144  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:38:48.0214 3144  Smb - ok
21:38:48.0264 3144  [ 3C4A61CCB2CF32ED6E09F559B4ADB6CF ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:38:48.0284 3144  smihlp - ok
21:38:48.0366 3144  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:38:48.0386 3144  SNMPTRAP - ok
21:38:48.0406 3144  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:38:48.0426 3144  spldr - ok
21:38:48.0466 3144  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:38:48.0506 3144  Spooler - ok
21:38:48.0658 3144  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:38:48.0808 3144  sppsvc - ok
21:38:48.0847 3144  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:38:48.0890 3144  sppuinotify - ok
21:38:48.0990 3144  [ 90A07229992B24FC4C419D56E58CF075 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:38:49.0020 3144  SQLWriter - ok
21:38:49.0053 3144  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:38:49.0082 3144  srv - ok
21:38:49.0092 3144  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:38:49.0132 3144  srv2 - ok
21:38:49.0162 3144  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:38:49.0202 3144  SrvHsfHDA - ok
21:38:49.0244 3144  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:38:49.0294 3144  SrvHsfV92 - ok
21:38:49.0334 3144  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:38:49.0394 3144  SrvHsfWinac - ok
21:38:49.0414 3144  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:38:49.0443 3144  srvnet - ok
21:38:49.0470 3144  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:38:49.0531 3144  SSDPSRV - ok
21:38:49.0548 3144  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:38:49.0618 3144  SstpSvc - ok
21:38:49.0698 3144  [ 2F3B5A3567FFB343D8867C3D34C687F1 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
21:38:49.0798 3144  Steam Client Service ( UnsignedFile.Multi.Generic ) - warning
21:38:49.0798 3144  Steam Client Service - detected UnsignedFile.Multi.Generic (1)
21:38:49.0908 3144  [ E4EED6AD8362F082F7FC87BE55E75411 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:38:49.0948 3144  Stereo Service - ok
21:38:49.0990 3144  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:38:50.0010 3144  stexstor - ok
21:38:50.0140 3144  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:38:50.0190 3144  StiSvc - ok
21:38:50.0272 3144  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:38:50.0292 3144  swenum - ok
21:38:50.0332 3144  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:38:50.0402 3144  swprv - ok
21:38:50.0472 3144  [ B41404EE2AACFB08DD1B3A6AFA0B62EB ] SynTP           C:\Windows\system32\drivers\SynTP.sys
21:38:50.0512 3144  SynTP - ok
21:38:50.0554 3144  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:38:50.0624 3144  SysMain - ok
21:38:50.0664 3144  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:38:50.0704 3144  TabletInputService - ok
21:38:50.0724 3144  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:38:50.0796 3144  TapiSrv - ok
21:38:50.0829 3144  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:38:50.0889 3144  TBS - ok
21:38:50.0970 3144  [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:38:51.0042 3144  Tcpip - ok
21:38:51.0092 3144  [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:38:51.0160 3144  TCPIP6 - ok
21:38:51.0198 3144  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:38:51.0214 3144  tcpipreg - ok
21:38:51.0249 3144  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:38:51.0271 3144  TDPIPE - ok
21:38:51.0296 3144  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:38:51.0316 3144  TDTCP - ok
21:38:51.0336 3144  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:38:51.0397 3144  tdx - ok
21:38:51.0428 3144  [ 42BA22394C499648C03079742BFA593B ] Te.Service      C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
21:38:51.0508 3144  Te.Service ( UnsignedFile.Multi.Generic ) - warning
21:38:51.0508 3144  Te.Service - detected UnsignedFile.Multi.Generic (1)
21:38:51.0538 3144  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:38:51.0558 3144  TermDD - ok
21:38:51.0600 3144  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:38:51.0670 3144  TermService - ok
21:38:51.0690 3144  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:38:51.0730 3144  Themes - ok
21:38:51.0769 3144  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:38:51.0812 3144  THREADORDER - ok
21:38:51.0852 3144  [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
21:38:51.0872 3144  TPDIGIMN - ok
21:38:51.0892 3144  [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
21:38:51.0922 3144  TPHDEXLGSVC - ok
21:38:51.0982 3144  [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
21:38:52.0002 3144  TPHKLOAD - ok
21:38:52.0032 3144  [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:38:52.0062 3144  TPHKSVC - ok
21:38:52.0102 3144  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:38:52.0122 3144  TPM - ok
21:38:52.0222 3144  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:38:52.0300 3144  TrkWks - ok
21:38:52.0354 3144  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:38:52.0408 3144  TrustedInstaller - ok
21:38:52.0436 3144  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:38:52.0476 3144  tssecsrv - ok
21:38:52.0496 3144  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:38:52.0546 3144  TsUsbFlt - ok
21:38:52.0588 3144  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:38:52.0618 3144  TsUsbGD - ok
21:38:52.0668 3144  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:38:52.0708 3144  tunnel - ok
21:38:52.0738 3144  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:38:52.0758 3144  uagp35 - ok
21:38:52.0798 3144  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:38:52.0878 3144  udfs - ok
21:38:52.0918 3144  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:38:52.0948 3144  UI0Detect - ok
21:38:52.0986 3144  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:38:53.0010 3144  uliagpkx - ok
21:38:53.0042 3144  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:38:53.0062 3144  umbus - ok
21:38:53.0082 3144  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:38:53.0102 3144  UmPass - ok
21:38:53.0152 3144  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:38:53.0222 3144  upnphost - ok
21:38:53.0258 3144  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\System32\Drivers\usbaapl.sys
21:38:53.0279 3144  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
21:38:53.0279 3144  USBAAPL - detected UnsignedFile.Multi.Generic (1)
21:38:53.0314 3144  [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
21:38:53.0334 3144  usbccgp - ok
21:38:53.0364 3144  [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:38:53.0384 3144  usbcir - ok
21:38:53.0424 3144  [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:38:53.0454 3144  usbehci - ok
21:38:53.0495 3144  [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:38:53.0525 3144  usbhub - ok
21:38:53.0546 3144  [ DCDF9855145A14DFCA0AB32308871961 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:38:53.0566 3144  usbohci - ok
21:38:53.0601 3144  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:38:53.0618 3144  usbprint - ok
21:38:53.0648 3144  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\drivers\UsbStor.sys
21:38:53.0668 3144  USBSTOR - ok
21:38:53.0708 3144  [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:38:53.0728 3144  usbuhci - ok
21:38:53.0768 3144  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:38:53.0828 3144  UxSms - ok
21:38:53.0849 3144  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:38:53.0870 3144  VaultSvc - ok
21:38:53.0915 3144  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:38:53.0932 3144  vdrvroot - ok
21:38:53.0967 3144  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:38:54.0024 3144  vds - ok
21:38:54.0054 3144  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:38:54.0084 3144  vga - ok
21:38:54.0106 3144  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:38:54.0163 3144  VgaSave - ok
21:38:54.0196 3144  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:38:54.0226 3144  vhdmp - ok
21:38:54.0266 3144  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:38:54.0296 3144  viaagp - ok
21:38:54.0316 3144  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:38:54.0346 3144  ViaC7 - ok
21:38:54.0366 3144  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:38:54.0398 3144  viaide - ok
21:38:54.0421 3144  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:38:54.0438 3144  volmgr - ok
21:38:54.0490 3144  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:38:54.0510 3144  volmgrx - ok
21:38:54.0540 3144  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:38:54.0560 3144  volsnap - ok
21:38:54.0630 3144  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:38:54.0660 3144  vsmraid - ok
21:38:54.0792 3144  [ B5D64BAE14CC740749562D49404ADA7D ] VSPerfDrv110    C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys
21:38:54.0822 3144  VSPerfDrv110 - ok
21:38:54.0992 3144  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:38:55.0081 3144  VSS - ok
21:38:55.0104 3144  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:38:55.0144 3144  vwifibus - ok
21:38:55.0174 3144  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:38:55.0249 3144  W32Time - ok
21:38:55.0276 3144  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:38:55.0311 3144  WacomPen - ok
21:38:55.0336 3144  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:38:55.0386 3144  WANARP - ok
21:38:55.0386 3144  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:38:55.0443 3144  Wanarpv6 - ok
21:38:55.0588 3144  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:38:55.0667 3144  WatAdminSvc - ok
21:38:55.0730 3144  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:38:55.0790 3144  wbengine - ok
21:38:55.0840 3144  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:38:55.0890 3144  WbioSrvc - ok
21:38:55.0926 3144  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:38:55.0962 3144  wcncsvc - ok
21:38:55.0982 3144  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:38:56.0015 3144  WcsPlugInService - ok
21:38:56.0034 3144  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
21:38:56.0064 3144  Wd - ok
21:38:56.0106 3144  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:38:56.0136 3144  Wdf01000 - ok
21:38:56.0166 3144  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:38:56.0206 3144  WdiServiceHost - ok
21:38:56.0226 3144  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:38:56.0261 3144  WdiSystemHost - ok
21:38:56.0298 3144  [ 75E8EBD7040CE238684333F97014762A ] WebClient       C:\Windows\System32\webclnt.dll
21:38:56.0348 3144  WebClient - ok
21:38:56.0368 3144  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:38:56.0438 3144  Wecsvc - ok
21:38:56.0458 3144  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:38:56.0508 3144  wercplsupport - ok
21:38:56.0548 3144  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:38:56.0608 3144  WerSvc - ok
21:38:56.0648 3144  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:38:56.0698 3144  WfpLwf - ok
21:38:56.0770 3144  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:38:56.0800 3144  WIMMount - ok
21:38:56.0810 3144  winachsf - ok
21:38:57.0120 3144  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:38:57.0170 3144  WinDefend - ok
21:38:57.0282 3144  [ 70E9D3868836AC57D138EEA79060A3D1 ] Windows8FirewallService C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
21:38:57.0371 3144  Windows8FirewallService ( UnsignedFile.Multi.Generic ) - warning
21:38:57.0371 3144  Windows8FirewallService - detected UnsignedFile.Multi.Generic (1)
21:38:57.0374 3144  WinHttpAutoProxySvc - ok
21:38:57.0437 3144  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:38:57.0486 3144  Winmgmt - ok
21:38:57.0666 3144  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:38:57.0756 3144  WinRM - ok
21:38:57.0838 3144  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
21:38:57.0868 3144  WinUsb - ok
21:38:57.0908 3144  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:38:58.0078 3144  Wlansvc - ok
21:38:58.0113 3144  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:38:58.0130 3144  WmiAcpi - ok
21:38:58.0172 3144  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:38:58.0202 3144  wmiApSrv - ok
21:38:58.0284 3144  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:38:58.0344 3144  WMPNetworkSvc - ok
21:38:58.0374 3144  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:38:58.0414 3144  WPCSvc - ok
21:38:58.0434 3144  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:38:58.0464 3144  WPDBusEnum - ok
21:38:58.0504 3144  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:38:58.0564 3144  ws2ifsl - ok
21:38:58.0595 3144  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:38:58.0636 3144  wscsvc - ok
21:38:58.0650 3144  WSearch - ok
21:38:58.0738 3144  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:38:58.0835 3144  wuauserv - ok
21:38:58.0864 3144  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:38:58.0892 3144  WudfPf - ok
21:38:58.0911 3144  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:38:58.0930 3144  WUDFRd - ok
21:38:58.0980 3144  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:38:59.0020 3144  wudfsvc - ok
21:38:59.0070 3144  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:38:59.0120 3144  WwanSvc - ok
21:38:59.0120 3144  ================ Scan global ===============================
21:38:59.0160 3144  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:38:59.0200 3144  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
21:38:59.0220 3144  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
21:38:59.0310 3144  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:38:59.0400 3144  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:38:59.0410 3144  [Global] - ok
21:38:59.0410 3144  ================ Scan MBR ==================================
21:38:59.0430 3144  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:38:59.0740 3144  \Device\Harddisk0\DR0 - ok
21:38:59.0740 3144  ================ Scan VBR ==================================
21:38:59.0770 3144  [ F9A7E150B5DAFBDCF17DE9E00A3F0385 ] \Device\Harddisk0\DR0\Partition1
21:38:59.0770 3144  \Device\Harddisk0\DR0\Partition1 - ok
21:38:59.0770 3144  ============================================================
21:38:59.0770 3144  Scan finished
21:38:59.0770 3144  ============================================================
21:38:59.0790 4032  Detected object count: 5
21:38:59.0790 4032  Actual detected object count: 5
21:39:18.0141 4032  C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe - copied to quarantine
21:39:18.0151 4032  HKLM\SYSTEM\ControlSet001\services\fussvc - will be deleted on reboot
21:39:18.0211 4032  HKLM\SYSTEM\ControlSet002\services\fussvc - will be deleted on reboot
21:39:18.0641 4032  C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe - will be deleted on reboot
21:39:18.0641 4032  fussvc ( UnsignedFile.Multi.Generic ) - User select action: Delete
21:39:18.0651 4032  Steam Client Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:18.0651 4032  Steam Client Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:39:18.0691 4032  C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe - copied to quarantine
21:39:18.0691 4032  HKLM\SYSTEM\ControlSet001\services\Te.Service - will be deleted on reboot
21:39:18.0691 4032  HKLM\SYSTEM\ControlSet002\services\Te.Service - will be deleted on reboot
21:39:18.0701 4032  C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe - will be deleted on reboot
21:39:18.0701 4032  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
21:39:18.0721 4032  C:\Windows\System32\Drivers\usbaapl.sys - copied to quarantine
21:39:18.0721 4032  HKLM\SYSTEM\ControlSet001\services\USBAAPL - will be deleted on reboot
21:39:18.0731 4032  HKLM\SYSTEM\ControlSet002\services\USBAAPL - will be deleted on reboot
21:39:18.0731 4032  C:\Windows\System32\Drivers\usbaapl.sys - will be deleted on reboot
21:39:18.0731 4032  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Delete
21:39:18.0741 4032  Windows8FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
21:39:18.0741 4032  Windows8FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:39:21.0295 3324  Deinitialize success
 
_________________________________________________
 
aswmbr log:
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-17 00:02:09
-----------------------------
00:02:09.186    OS Version: Windows 6.1.7601 Service Pack 1
00:02:09.186    Number of processors: 2 586 0xF0D
00:02:09.186    ComputerName:   UserName: bear
00:02:09.873    Initialize success
00:02:12.916    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
00:02:12.916    Disk 0 Vendor: HITACHI_HTS722010K9SA00 DC2ZC75A Size: 95396MB BusType: 11
00:02:13.041    Disk 0 MBR read successfully
00:02:13.057    Disk 0 MBR scan
00:02:13.057    Disk 0 Windows 7 default MBR code
00:02:13.072    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         4471 MB offset 2048
00:02:13.088    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        90923 MB offset 9158656
00:02:13.103    Disk 0 scanning sectors +195368960
00:02:13.166    Disk 0 scanning C:\Windows\system32\drivers
00:02:19.905    Service scanning
00:02:31.808    Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
00:02:37.939    Modules scanning
00:02:59.716    Disk 0 trace - called modules:
00:02:59.748    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
00:02:59.763    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861ca030]
00:02:59.779    3 CLASSPNP.SYS[8b81259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x860db908]
00:02:59.794    Scan finished successfully
00:15:52.717    Disk 0 MBR has been saved successfully to "C:\Users\bear\Desktop\MBR.dat"
00:15:52.727    The log file has been saved successfully to "C:\Users\bear\Desktop\aswMBR.txt"

 

I have private firewall installed... bluescreened the first time i ran aswmbr... had to disable it then run it.
I have also notice that i just posted some really personal info about my pc on the web.... I will reninstall after this. Hell anyone can find my username now and hardware info... :( Im not your average joe ;). You should bleep out some info from being shown on the web. Can be hurtful to people... anywho thank you for your help.
 
If i forgot anything let me know. Its late.

Attached Files


Edited by nasdaq, 17 May 2014 - 09:56 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 17 May 2014 - 10:02 AM


I have remove the reference to the School in your posts.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope value is missing.
S3 HSFHWAZL; system32\DRIVERS\HSFHWAZL.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSF_DPV.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 MFE_RR; \??\C:\Users\bear\AppData\Local\Temp\mfe_rr.sys [X]
S3 winachsf; system32\DRIVERS\HSF_CNXT.sys [X]
U3 aswMBR; \??\C:\Users\bear\AppData\Local\Temp\aswMBR.sys [X]

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

One last scan.


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Any remaining issues?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 23 May 2014 - 08:31 AM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:27 PM

Posted 29 May 2014 - 07:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users