API tools faq
paste
Guest User

Untitled

a guest
Jul 29th, 2013
436
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 43.56 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01
  2. Ran by SYSTEM on 30-07-2013 12:06:46
  3. Running from H:\
  4. Windows 7 Home Premium (X64) OS Language: English(US)
  5. Internet Explorer Version 8
  6. Boot Mode: Recovery
  7.  
  8. The current controlset is ControlSet001
  9. [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b]
  10.  
  11. ==================== Registry (Whitelisted) ==================
  12.  
  13. HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
  14. HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
  15. HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2085160 2010-03-04] (Synaptics Incorporated)
  16. HKLM\...\Run: [RunDLLEntry] - C:\Windows\system32\RunDLL32.exe [45568 2009-07-13] (Microsoft Corporation)
  17. HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
  18. HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1680976 2010-10-28] (Logitech, Inc.)
  19. HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
  20. Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
  21. HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
  22. HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
  23. HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-26] ()
  24. HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS)
  25. HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
  26. HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
  27. HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe [237693 2008-12-29] (Creative Technology Ltd)
  28. HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
  29. HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-04-26] ()
  30. HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
  31. HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
  32. HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-12] (Microsoft Corporation)
  33. HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-21] (AMD)
  34. HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-26] (Apple Inc.)
  35. HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-12] (Apple Inc.)
  36. HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-23] (Apple Inc.)
  37. HKLM-x32\...\Run: [MobileBroadband] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [279552 2011-07-13] (Vodafone)
  38. HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
  39. HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
  40. HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-29] (Avira Operations GmbH & Co. KG)
  41. HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
  42. HKU\Lau Chee Keong\...\Run: [Steam] - "D:\Program Files\Steam\steam.exe" -silent [x]
  43. HKU\Lau Chee Keong\...\Run: [igndlm.exe] - C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)
  44. HKU\Lau Chee Keong\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-28] (Macrovision Corporation)
  45. HKU\Lau Chee Keong\...\Run: [Spotify Web Helper] - C:\Users\Lau Chee Keong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-06-18] (Spotify Ltd)
  46. HKU\Lau Chee Keong\...\Run: [Facebook Update] - C:\Users\Lau Chee Keong\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-03] (Facebook Inc.)
  47. HKU\Lau Chee Keong\...\Run: [Akamai NetSession Interface] - "C:\Users\Lau Chee Keong\AppData\Local\Akamai\netsession_win.exe" [x]
  48.  
  49. ==================== Services (Whitelisted) =================
  50.  
  51. S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-29] (Avira Operations GmbH & Co. KG)
  52. S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-29] (Avira Operations GmbH & Co. KG)
  53. S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-29] (Avira Operations GmbH & Co. KG)
  54. S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
  55. S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2011-02-15] (Autodesk)
  56. S2 HotspotShieldService; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [271408 2011-01-07] ()
  57. S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [57640 2011-01-07] ()
  58. S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [326704 2010-10-15] ()
  59. S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
  60. S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
  61. S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-18] ()
  62. S3 DAUpdaterSvc; d:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
  63. S2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
  64. S2 VMAuthdService; G:\VMWare\vmware-authd.exe [x]
  65.  
  66. ==================== Drivers (Whitelisted) ====================
  67.  
  68. S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-29] (Avira Operations GmbH & Co. KG)
  69. S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-29] (Avira Operations GmbH & Co. KG)
  70. S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-29] (Avira Operations GmbH & Co. KG)
  71. S0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-03-13] (Bytemobile, Inc.)
  72. S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-08] (CPUID)
  73. S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [213504 2011-07-11] (Huawei Technologies Co., Ltd.)
  74. S1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [30080 2011-09-21] (REALiX(tm))
  75. S1 HWiNFO32; C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [30080 2011-09-21] (REALiX(tm))
  76. S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
  77. S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
  78. S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2011-02-06] (Duplex Secure Ltd.)
  79. S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-03-13] (Bytemobile, Inc.)
  80. S1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-03-13] (Bytemobile, Inc.)
  81. S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
  82. S3 tmlwf;
  83. S3 tmwfp;
  84.  
  85. ========================== Drivers MD5 =======================
  86.  
  87. C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit
  88. C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
  89. C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
  90. C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
  91. C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
  92. C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
  93. C:\Windows\system32\drivers\afd.sys B9384E03479D2506BC924C16A3DB87BC
  94. C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
  95. C:\Windows\System32\DRIVERS\aksdf.sys BC569A6C209D94F6643EE35710AEC1F6
  96. C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
  97. C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
  98. C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
  99. C:\Windows\System32\DRIVERS\atikmdag.sys 79CC9BE187E3144E1B58A54B842475E7
  100. C:\Windows\System32\DRIVERS\atikmpag.sys 07561D3B7FD99F6E186C49C2D0628E38
  101. C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
  102. C:\Windows\system32\DRIVERS\amdsata.sys ==> MD5 is legit
  103. C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
  104. C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
  105. C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346
  106. C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
  107. C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
  108. C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
  109. C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
  110. C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961
  111. C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
  112. C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
  113. C:\Windows\System32\DRIVERS\athrx.sys F8633CDD09647A64EE8DB550630427FF
  114. C:\Windows\System32\drivers\AtihdW76.sys ED3A041014FBBFDC23D6C04F9C7A5D79
  115. C:\Windows\System32\drivers\AtiHdmi.sys D481083348138B4933ACFE95812DB71C
  116. C:\Windows\System32\DRIVERS\atikmdag.sys 79CC9BE187E3144E1B58A54B842475E7
  117. C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8
  118. C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307
  119. C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
  120. C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
  121. C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
  122. C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
  123. C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
  124. C:\Windows\System32\drivers\BMLoad.sys 8B1E76B5F86DF4396D77AB09787F6D37
  125. C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
  126. C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
  127. C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
  128. C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
  129. C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
  130. C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
  131. C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
  132. C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
  133. C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
  134. C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
  135. C:\Windows\System32\Drivers\BTHport.sys A51FA9D0E85D5ADABEF72E67F386309C
  136. C:\Windows\System32\Drivers\BTHUSB.sys F740B9A16B2C06700F2130E19986BF3B
  137. C:\Windows\System32\drivers\btusbflt.sys D3466F77C2C49C6E393BA5FBA963A33E
  138. C:\Windows\System32\drivers\btwaudio.sys A72A9101F9730DB7332714E566614E4D
  139. C:\Windows\System32\drivers\btwavdt.sys 5CEEC634B617525F2B6AD29F871033F7
  140. C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
  141. C:\Windows\System32\DRIVERS\btwrchid.sys 2AF5604D28BEF77B7CF4B9D232FE7CD3
  142. C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
  143. C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
  144. C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
  145. C:\Windows\System32\CLFS.sys ==> MD5 is legit
  146. C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
  147. C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
  148. C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
  149. C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
  150. C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
  151. C:\Windows\system32\drivers\cpuz135_x64.sys 262969A3FAB32B9E17E63E2D17A57744
  152. C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
  153. C:\Windows\System32\Drivers\dfsc.sys 3F1DC527070ACB87E40AFE46EF6DA749
  154. C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
  155. C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
  156. C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
  157. C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
  158. C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
  159. C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
  160. C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
  161. C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
  162. C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 55E0EDA185869F7EA67EA97FD0655B39
  163. C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
  164. C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
  165. C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
  166. C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
  167. C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
  168. C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
  169. C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
  170. C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
  171. C:\Windows\System32\DRIVERS\fssfltr.sys 2BF3B36B96D015AF666B6AA63AE2E38F
  172. C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
  173. C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
  174. C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
  175. C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
  176. C:\Windows\system32\drivers\hardlock.sys D8BF3C594BD17A37960362E6C6739B90
  177. C:\Windows\system32\drivers\hcmon.sys ADB4348DA1345877B04E22203AFC8993
  178. C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
  179. C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
  180. C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
  181. C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
  182. C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
  183. C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
  184. C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
  185. C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
  186. C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
  187. C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
  188. C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 30516686A4ACA616AE8728BC0CB65E51
  189. C:\Windows\System32\DRIVERS\ew_jubusenum.sys E1EE74AC69C88C8379898D97E34A8852
  190. C:\Windows\System32\DRIVERS\ew_juextctrl.sys D13B215259D8362DC1C6F8F645DF7BA9
  191. C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 6AF9654CEDC83CB533771C9FFC6B27B0
  192. C:\Windows\System32\DRIVERS\ewusbmdm.sys 6C921D120A5212CB94FA2520847774C4
  193. C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS 160BAB05A99FCF8FD77153371644546F
  194. C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS 160BAB05A99FCF8FD77153371644546F
  195. C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
  196. C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
  197. C:\Windows\System32\DRIVERS\iaStor.sys BBB3B6DF1ABB0FE35802EDE85CC1C011
  198. C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
  199. C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
  200. C:\Windows\System32\drivers\RTKVHD64.sys B88E24BD77A0CE2CFFEE2FACF1151BE0
  201. C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
  202. C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
  203. C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
  204. C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
  205. C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
  206. C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
  207. C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
  208. C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
  209. C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
  210. C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
  211. C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
  212. C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
  213. C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
  214. C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
  215. C:\Windows\System32\DRIVERS\L1C62x64.sys 9DDC68B87A9B837736A2B193EE14A4A5
  216. C:\Windows\System32\DRIVERS\LHidFilt.Sys 24E09882BA51B9830AE029888A3AAF18
  217. C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
  218. C:\Windows\System32\DRIVERS\LMouFilt.Sys 2F94325D8C10E2B715F3D753C2422AAC
  219. C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
  220. C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
  221. C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
  222. C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
  223. C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
  224. C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
  225. C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
  226. C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
  227. C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
  228. C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
  229. C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
  230. C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
  231. C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
  232. C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
  233. C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
  234. C:\Windows\System32\DRIVERS\mrxsmb.sys B7F3D2C40BDF8FFB73EBFB19C77734E2
  235. C:\Windows\System32\DRIVERS\mrxsmb10.sys 86C6F88B5168CE21CF8D69D0B3FF5D19
  236. C:\Windows\System32\DRIVERS\mrxsmb20.sys B081069251C8E9F42CB8769D07148F9C
  237. C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
  238. C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
  239. C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
  240. C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
  241. C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
  242. C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
  243. C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
  244. C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
  245. C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
  246. C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
  247. C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
  248. C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
  249. C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
  250. C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
  251. C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
  252. C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
  253. C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
  254. C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
  255. C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
  256. C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
  257. C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
  258. C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
  259. C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
  260. C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
  261. C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
  262. C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
  263. C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
  264. C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
  265. C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
  266. C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
  267. C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
  268. C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
  269. C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
  270. C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
  271. C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
  272. C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
  273. C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
  274. C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
  275. C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
  276. C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
  277. C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
  278. C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
  279. C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
  280. C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
  281. C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
  282. C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
  283. C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
  284. C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
  285. C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
  286. C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
  287. C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
  288. C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
  289. C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
  290. C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
  291. C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
  292. C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
  293. C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
  294. C:\Windows\System32\drivers\rdyboost.sys E5DC9BA9E439D6DBDD79F8CAACB5BF01
  295. C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
  296. C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
  297. C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
  298. C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
  299. C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
  300. C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
  301. C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
  302. C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
  303. C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
  304. C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
  305. C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
  306. C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
  307. C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933
  308. C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
  309. C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
  310. C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
  311. C:\Windows\System32\DRIVERS\snp2uvc.sys 7AEC460DBDD193680F0E77724E40E7B6
  312. C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
  313. C:\Windows\System32\Drivers\sptd.sys 88E5162E58C8919CC873F5D8946197CF
  314. C:\Windows\System32\DRIVERS\srv.sys 148D50904D2A0DF29A19778715EB35BB
  315. C:\Windows\System32\DRIVERS\srv2.sys CE2189FE31D36678AC9EB7DDEE08EC96
  316. C:\Windows\System32\DRIVERS\srvnet.sys CB69EDEB069A49577592835659CD0E46
  317. C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
  318. C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
  319. C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
  320. C:\Windows\System32\DRIVERS\SynTP.sys 01A658167619075BAAD31C96074C0B38
  321. C:\Windows\System32\DRIVERS\taphss.sys F33FDC72298DF4BF9813A55D21F4EB31
  322. C:\Windows\System32\drivers\tcpip.sys 90A2D722CF64D911879D6C4A4F802A4D
  323. C:\Windows\System32\DRIVERS\tcpip.sys 90A2D722CF64D911879D6C4A4F802A4D
  324. C:\Windows\system32\drivers\tcpipBM.sys FBA939B917976B2C37F1B235DFCD4876
  325. C:\Windows\system32\drivers\tcpipBM.sys FBA939B917976B2C37F1B235DFCD4876
  326. C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
  327. C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
  328. C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
  329. C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
  330. C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
  331. C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
  332. C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
  333. C:\Windows\System32\DRIVERS\TurboB.sys C45A3E051C65106A28982CAED125F855
  334. C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
  335. C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
  336. C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
  337. C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
  338. C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
  339. C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
  340. C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
  341. C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
  342. C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
  343. C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
  344. C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
  345. C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
  346. C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
  347. C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
  348. C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
  349. C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
  350. C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
  351. C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
  352. C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
  353. C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
  354. C:\Windows\System32\DRIVERS\vmci.sys 87FC1DD880E8CAC4FAEBB84AF61A87C4
  355. C:\Windows\system32\drivers\VMkbd.sys 3A717D3E29C107351347B478A9D0043F
  356. C:\Windows\System32\DRIVERS\vmnetadapter.sys B259C31378BC855AFD1B53F59311C251
  357. C:\Windows\System32\DRIVERS\vmnetbridge.sys DEC4CE720FFEDA939CF1BA315CFBD993
  358. C:\Windows\system32\drivers\vmnetuserif.sys B6A3766C3E99FB1F6663C6B4B7C3F3A1
  359. C:\Windows\System32\Drivers\vmusb.sys 415B167695C4B5960A13098622EF3D80
  360. C:\Windows\system32\drivers\vmx86.sys E53CAD9B1FA901CA2046501EE88F9CEF
  361. C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys 1E4D31FEC921300C5F262C52F5FCC666
  362. C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
  363. C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
  364. C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
  365. C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
  366. C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
  367. C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
  368. C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
  369. C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
  370. C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
  371. C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
  372. C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
  373. C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
  374. C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
  375. C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A
  376. C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
  377. C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
  378. C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
  379. C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
  380. C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
  381. C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
  382. C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
  383. C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
  384. C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
  385. C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
  386.  
  387. ==================== NetSvcs (Whitelisted) ===================
  388.  
  389.  
  390. ==================== One Month Created Files and Folders ========
  391.  
  392. 2013-07-30 12:06 - 2013-07-30 12:06 - 00000000 ____D C:\FRST
  393. 2013-07-30 00:00 - 2013-07-30 00:00 - 00042193 _____ C:\Windows\System32\config\mybackup
  394. 2013-07-30 00:00 - 2013-07-30 00:00 - 00000000 ____D C:\Windows\System32\config\backup
  395. 2013-07-29 18:48 - 2013-07-29 18:48 - 00266568 _____ C:\Windows\Minidump\073013-27580-01.dmp
  396. 2013-07-29 03:17 - 2013-07-29 03:17 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Red Alert 3
  397. 2013-07-29 02:47 - 2013-07-29 02:47 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\Red Alert 3 Uprising
  398. 2013-07-29 02:44 - 2013-07-29 02:46 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Red Alert 3 Uprising
  399. 2013-07-29 00:51 - 2013-07-29 00:51 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Avira
  400. 2013-07-29 00:47 - 2013-07-29 00:47 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
  401. 2013-07-29 00:47 - 2013-07-29 00:47 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
  402. 2013-07-29 00:46 - 2013-07-29 00:46 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
  403. 2013-07-29 00:46 - 2013-07-29 00:46 - 00001996 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
  404. 2013-07-29 00:46 - 2013-07-29 00:46 - 00000000 ____D C:\ProgramData\Avira
  405. 2013-07-29 00:46 - 2013-07-29 00:46 - 00000000 ____D C:\ProgramData\APN
  406. 2013-07-29 00:46 - 2013-07-29 00:46 - 00000000 ____D C:\Program Files (x86)\Avira
  407. 2013-07-29 00:46 - 2013-07-29 00:28 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
  408. 2013-07-29 00:46 - 2013-07-29 00:28 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
  409. 2013-07-29 00:46 - 2013-07-29 00:28 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
  410. 2013-07-25 03:26 - 2013-07-25 03:26 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Local\BIT.TRIP RUNNER
  411. 2013-07-24 05:35 - 2013-07-24 05:35 - 00826112 _____ C:\Windows\Minidump\072413-30404-01.dmp
  412. 2013-07-24 05:35 - 2013-07-24 05:35 - 00000000 _____ C:\Windows\SysWOW64\cd.dat
  413. 2013-07-24 05:17 - 2013-07-24 05:17 - 01189624 _____ (AMD Inc.) C:\Users\Lau Chee Keong\Downloads\catalyst_mobility_64-bit_util(2).exe
  414. 2013-07-24 04:17 - 2013-07-24 04:17 - 00002453 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
  415. 2013-07-24 04:17 - 2013-07-24 04:17 - 00000000 ____D C:\Program Files (x86)\Seagate
  416. 2013-07-24 04:15 - 2013-07-24 04:15 - 21700280 _____ C:\Users\Lau Chee Keong\Downloads\SeaToolsforWindowsSetup-1208.exe
  417. 2013-07-12 19:38 - 2013-07-12 19:38 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\Gaslamp Games
  418. 2013-07-09 22:36 - 2013-07-21 07:39 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\Larian Studios
  419. 2013-07-05 21:37 - 2013-07-05 21:37 - 00000000 ____D C:\DA5
  420. 2013-07-04 01:18 - 2013-07-04 01:19 - 15562212 _____ C:\Users\Lau Chee Keong\Downloads\microstran-student-2013.exe
  421. 2013-07-02 19:38 - 2013-07-02 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
  422. 2013-07-02 06:13 - 2013-07-02 06:31 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\PineappleSmashCrew
  423. 2013-07-02 06:12 - 2013-07-02 06:12 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Quest3D
  424. 2013-06-30 00:41 - 2013-06-30 00:44 - 00000000 ____D C:\Void Destroyer
  425.  
  426. ==================== One Month Modified Files and Folders =======
  427.  
  428. 2013-07-30 00:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
  429. 2013-07-30 00:00 - 2013-07-30 00:00 - 00042193 _____ C:\Windows\System32\config\mybackup
  430. 2013-07-30 00:00 - 2013-07-30 00:00 - 00000000 ____D C:\Windows\System32\config\backup
  431. 2013-07-29 22:19 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV
  432. 2013-07-29 18:48 - 2013-07-29 18:48 - 00266568 _____ C:\Windows\Minidump\073013-27580-01.dmp
  433. 2013-07-29 18:48 - 2010-10-24 01:22 - 00000000 ____D C:\Windows\Minidump
  434. 2013-07-29 18:48 - 2010-10-23 17:32 - 00000000 ____D C:\users\Lau Chee Keong
  435. 2013-07-29 18:47 - 2010-10-24 01:22 - 157000016 _____ C:\Windows\MEMORY.DMP
  436. 2013-07-29 03:17 - 2013-07-29 03:17 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Red Alert 3
  437. 2013-07-29 02:47 - 2013-07-29 02:47 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\Red Alert 3 Uprising
  438. 2013-07-29 02:46 - 2013-07-29 02:44 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Red Alert 3 Uprising
  439. 2013-07-29 01:45 - 2010-08-26 12:40 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  440. 2013-07-29 01:26 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  441. 2013-07-29 01:26 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  442. 2013-07-29 01:22 - 2010-08-26 12:22 - 02069532 _____ C:\Windows\WindowsUpdate.log
  443. 2013-07-29 01:19 - 2012-02-17 07:20 - 00000000 ____D C:\ProgramData\VMware
  444. 2013-07-29 01:19 - 2010-10-25 05:16 - 00045056 _____ C:\Windows\System32\acovcnt.exe
  445. 2013-07-29 01:19 - 2010-08-26 12:47 - 00115074 _____ C:\Windows\PFRO.log
  446. 2013-07-29 01:19 - 2010-08-26 12:40 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  447. 2013-07-29 01:19 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
  448. 2013-07-29 01:19 - 2009-07-13 20:51 - 00198659 _____ C:\Windows\setupact.log
  449. 2013-07-29 01:17 - 2013-03-16 00:18 - 00000824 _____ C:\Windows\System32\Drivers\etc\tmvsthfud.bin
  450. 2013-07-29 01:17 - 2010-08-26 12:44 - 00000824 _____ C:\Windows\System32\Drivers\etc\tmvsthfss.bin
  451. 2013-07-29 01:15 - 2010-08-26 12:57 - 00002402 _____ C:\Windows\System32\AutoRunFilter.ini
  452. 2013-07-29 01:15 - 2010-08-26 12:57 - 00001790 _____ C:\Windows\System32\ServiceFilter.ini
  453. 2013-07-29 00:51 - 2013-07-29 00:51 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Avira
  454. 2013-07-29 00:51 - 2012-09-03 19:46 - 00000964 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163196908-2427133349-738422901-1001UA.job
  455. 2013-07-29 00:47 - 2013-07-29 00:47 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
  456. 2013-07-29 00:47 - 2013-07-29 00:47 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
  457. 2013-07-29 00:46 - 2013-07-29 00:46 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
  458. 2013-07-29 00:46 - 2013-07-29 00:46 - 00001996 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
  459. 2013-07-29 00:46 - 2013-07-29 00:46 - 00000000 ____D C:\ProgramData\Avira
  460. 2013-07-29 00:46 - 2013-07-29 00:46 - 00000000 ____D C:\ProgramData\APN
  461. 2013-07-29 00:46 - 2013-07-29 00:46 - 00000000 ____D C:\Program Files (x86)\Avira
  462. 2013-07-29 00:28 - 2013-07-29 00:46 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
  463. 2013-07-29 00:28 - 2013-07-29 00:46 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
  464. 2013-07-29 00:28 - 2013-07-29 00:46 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
  465. 2013-07-28 21:51 - 2012-09-03 19:46 - 00000942 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163196908-2427133349-738422901-1001Core.job
  466. 2013-07-27 18:57 - 2010-10-24 01:03 - 00034167 _____ C:\Windows\TMFilter.log
  467. 2013-07-26 02:56 - 2012-02-17 07:25 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Local\VMware
  468. 2013-07-25 23:04 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
  469. 2013-07-25 22:59 - 2012-02-17 07:25 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\VMware
  470. 2013-07-25 03:26 - 2013-07-25 03:26 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Local\BIT.TRIP RUNNER
  471. 2013-07-25 03:26 - 2010-08-26 12:55 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
  472. 2013-07-25 03:26 - 2010-08-26 12:55 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
  473. 2013-07-24 05:35 - 2013-07-24 05:35 - 00826112 _____ C:\Windows\Minidump\072413-30404-01.dmp
  474. 2013-07-24 05:35 - 2013-07-24 05:35 - 00000000 _____ C:\Windows\SysWOW64\cd.dat
  475. 2013-07-24 05:17 - 2013-07-24 05:17 - 01189624 _____ (AMD Inc.) C:\Users\Lau Chee Keong\Downloads\catalyst_mobility_64-bit_util(2).exe
  476. 2013-07-24 04:17 - 2013-07-24 04:17 - 00002453 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
  477. 2013-07-24 04:17 - 2013-07-24 04:17 - 00000000 ____D C:\Program Files (x86)\Seagate
  478. 2013-07-24 04:15 - 2013-07-24 04:15 - 21700280 _____ C:\Users\Lau Chee Keong\Downloads\SeaToolsforWindowsSetup-1208.exe
  479. 2013-07-23 04:49 - 2010-10-23 17:33 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Local\VirtualStore
  480. 2013-07-22 02:30 - 2013-03-31 03:44 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Local\GOG.com
  481. 2013-07-22 02:30 - 2013-03-31 03:44 - 00000000 ____D C:\Program Files (x86)\GOG.com
  482. 2013-07-21 17:33 - 2012-04-14 04:52 - 00000000 ____D C:\Users\Public\Documents\Virtual PC
  483. 2013-07-21 07:39 - 2013-07-09 22:36 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\Larian Studios
  484. 2013-07-21 06:56 - 2010-11-03 05:10 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\my games
  485. 2013-07-21 06:55 - 2010-10-23 17:36 - 00980111 _____ C:\Windows\DirectX.log
  486. 2013-07-20 18:16 - 2011-03-05 06:52 - 00000000 ____D C:\ProgramData\Stardock
  487. 2013-07-17 17:41 - 2012-05-20 03:18 - 00000000 ____D C:\Windows\System32\Service
  488. 2013-07-15 18:40 - 2010-08-26 12:40 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  489. 2013-07-15 18:40 - 2010-08-26 12:40 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  490. 2013-07-14 19:28 - 2009-07-13 21:13 - 00787066 _____ C:\Windows\System32\PerfStringBackup.INI
  491. 2013-07-12 19:38 - 2013-07-12 19:38 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\Gaslamp Games
  492. 2013-07-09 01:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
  493. 2013-07-05 21:37 - 2013-07-05 21:37 - 00000000 ____D C:\DA5
  494. 2013-07-04 01:19 - 2013-07-04 01:18 - 15562212 _____ C:\Users\Lau Chee Keong\Downloads\microstran-student-2013.exe
  495. 2013-07-04 01:19 - 2012-08-30 06:11 - 00000000 ____D C:\Mswin
  496. 2013-07-03 05:20 - 2012-04-05 18:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
  497. 2013-07-02 19:38 - 2013-07-02 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
  498. 2013-07-02 06:31 - 2013-07-02 06:13 - 00000000 ____D C:\Users\Lau Chee Keong\Documents\PineappleSmashCrew
  499. 2013-07-02 06:12 - 2013-07-02 06:12 - 00000000 ____D C:\Users\Lau Chee Keong\AppData\Roaming\Quest3D
  500. 2013-06-30 00:44 - 2013-06-30 00:41 - 00000000 ____D C:\Void Destroyer
  501.  
  502. Files to move or delete:
  503. ====================
  504. C:\ProgramData\hash.dat
  505.  
  506. ==================== Known DLLs (Whitelisted) ================
  507.  
  508.  
  509. ==================== Bamital & volsnap Check =================
  510.  
  511. C:\Windows\System32\winlogon.exe => MD5 is legit
  512. C:\Windows\System32\wininit.exe => MD5 is legit
  513. C:\Windows\SysWOW64\wininit.exe => MD5 is legit
  514. C:\Windows\explorer.exe => MD5 is legit
  515. C:\Windows\SysWOW64\explorer.exe => MD5 is legit
  516. C:\Windows\System32\svchost.exe => MD5 is legit
  517. C:\Windows\SysWOW64\svchost.exe => MD5 is legit
  518. C:\Windows\System32\services.exe => MD5 is legit
  519. C:\Windows\System32\User32.dll => MD5 is legit
  520. C:\Windows\SysWOW64\User32.dll => MD5 is legit
  521. C:\Windows\System32\userinit.exe => MD5 is legit
  522. C:\Windows\SysWOW64\userinit.exe => MD5 is legit
  523. C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
  524.  
  525. ==================== EXE ASSOCIATION =====================
  526.  
  527. HKLM\...\.exe: exefile => OK
  528. HKLM\...\exefile\DefaultIcon: %1 => OK
  529. HKLM\...\exefile\open\command: "%1" %* => OK
  530.  
  531. ==================== Restore Points =========================
  532.  
  533. Restore point made on: 2013-07-29 02:25:36
  534. Restore point made on: 2013-07-29 02:43:47
  535.  
  536. ==================== BCD ================================
  537.  
  538. Windows Boot Manager
  539. --------------------
  540. identifier {bootmgr}
  541. device boot
  542. description Windows Boot Manager
  543. locale en-US
  544. inherit {globalsettings}
  545. default {default}
  546. resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
  547. displayorder {default}
  548. toolsdisplayorder {memdiag}
  549. timeout 30
  550.  
  551. Windows Boot Loader
  552. -------------------
  553. identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
  554. device ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
  555. path \windows\system32\boot\winload.exe
  556. description Windows Recovery Environment
  557. osdevice ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
  558. systemroot \windows
  559. nx OptIn
  560. detecthal Yes
  561. winpe Yes
  562.  
  563. Windows Boot Loader
  564. -------------------
  565. identifier {default}
  566. device boot
  567. path \Windows\system32\winload.exe
  568. description Windows 7
  569. locale en-US
  570. inherit {bootloadersettings}
  571. recoverysequence {current}
  572. recoveryenabled Yes
  573. osdevice boot
  574. systemroot \Windows
  575. resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
  576. nx OptIn
  577.  
  578. Windows Boot Loader
  579. -------------------
  580. identifier {current}
  581. device ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
  582. path \windows\system32\winload.exe
  583. description Windows Recovery Environment
  584. inherit {bootloadersettings}
  585. osdevice ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa}
  586. systemroot \windows
  587. nx OptIn
  588. winpe Yes
  589.  
  590. Resume from Hibernate
  591. ---------------------
  592. identifier {8cb2d9b0-7c05-11de-842e-b4611d44fefa}
  593. device boot
  594. path \Windows\system32\winresume.exe
  595. description Windows Resume Application
  596. locale en-US
  597. inherit {resumeloadersettings}
  598. filedevice partition=C:
  599. filepath \hiberfil.sys
  600. debugoptionenabled No
  601.  
  602. Windows Memory Tester
  603. ---------------------
  604. identifier {memdiag}
  605. device partition=C:
  606. path \boot\memtest.exe
  607. description Windows Memory Diagnostic
  608. locale en-US
  609. inherit {globalsettings}
  610. badmemoryaccess Yes
  611.  
  612. EMS Settings
  613. ------------
  614. identifier {emssettings}
  615. bootems Yes
  616.  
  617. Debugger Settings
  618. -----------------
  619. identifier {dbgsettings}
  620. debugtype Serial
  621. debugport 1
  622. baudrate 115200
  623.  
  624. RAM Defects
  625. -----------
  626. identifier {badmemory}
  627.  
  628. Global Settings
  629. ---------------
  630. identifier {globalsettings}
  631. inherit {dbgsettings}
  632. {emssettings}
  633. {badmemory}
  634.  
  635. Boot Loader Settings
  636. --------------------
  637. identifier {bootloadersettings}
  638. inherit {globalsettings}
  639. {hypervisorsettings}
  640.  
  641. Hypervisor Settings
  642. -------------------
  643. identifier {hypervisorsettings}
  644. hypervisordebugtype Serial
  645. hypervisordebugport 1
  646. hypervisorbaudrate 115200
  647.  
  648. Resume Loader Settings
  649. ----------------------
  650. identifier {resumeloadersettings}
  651. inherit {globalsettings}
  652.  
  653. Device options
  654. --------------
  655. identifier {8cb2d9b5-7c05-11de-842e-b4611d44fefa}
  656. description Ramdisk Options
  657. ramdisksdidevice partition=C:
  658. ramdisksdipath \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi
  659.  
  660. Device options
  661. --------------
  662. identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
  663. description Ramdisk Device Options
  664. ramdisksdidevice partition=\Device\HarddiskVolume1
  665. ramdisksdipath \boot.sdi
  666.  
  667.  
  668. ==================== Memory info ===========================
  669.  
  670. Percentage of memory in use: 16%
  671. Total physical RAM: 4020.55 MB
  672. Available physical RAM: 3352.84 MB
  673. Total Pagefile: 4018.7 MB
  674. Available Pagefile: 3351.4 MB
  675. Total Virtual: 8192 MB
  676. Available Virtual: 8191.85 MB
  677.  
  678. ==================== Drives ================================
  679.  
  680. Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:15.46 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
  681. Drive d: (SDATA1) (Fixed) (Total:232.87 GB) (Free:25.4 GB) NTFS (Disk=1 Partition=1)
  682. Drive e: (DATA) (Fixed) (Total:329.79 GB) (Free:11.05 GB) NTFS (Disk=0 Partition=3)
  683. Drive f: (SDATA2) (Fixed) (Total:232.89 GB) (Free:57.09 GB) NTFS (Disk=1 Partition=2)
  684. Drive h: () (Removable) (Total:3.78 GB) (Free:3.78 GB) FAT (Disk=2 Partition=1)
  685. Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
  686.  
  687. ==================== MBR & Partition Table ==================
  688.  
  689. ========================================================
  690. Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
  691. Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
  692. Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
  693. Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)
  694.  
  695. ========================================================
  696. Disk: 1 (Size: 466 GB) (Disk ID: BBC58B91)
  697. Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
  698. Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
  699.  
  700. ========================================================
  701. Disk: 2 (Size: 4 GB) (Disk ID: 0FAE83BF)
  702. Partition 1: (Not Active) - (Size=4 GB) - (Type=06)
  703.  
  704.  
  705. LastRegBack: 2013-07-22 20:56
  706.  
  707. ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!