Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer wont boot - might be virus [Solved]

Started by katchj , Nov 27 2014 03:46 PM

  • This topic is locked This topic is locked

#1
katchj
Posted 27 November 2014 - 03:46 PM

katchj

    Member

  • Member
  • PipPip
  • 10 posts
Hello, 
Im running Windows 7 x64 and yesterday I rebooted and started getting into a Startup Repair loop which I was able to get out of- at the price of now not being able to boot at all - Windows BSOD during normal and safe mode startup.
 
When I boot to safe mode it gets to aswRvrt.sys and then BSOD. 
 
I am able to get to a recovery environment as well as windows installed on another partition but not sure what to do from here. 
 
From googling it seems some of the symptoms show like I might be infected but I'm not sure.
chkdsk doesnt return any issues. 
the things I may have done which could have caused this are :  
-running  Windows disk cleanup, which may have corrupted something. (it seems some people run it and then cant boot) 
-I upgraded Avast (the actual version) to the latest version
 
I was able to run FRST from Recovery Console and some things were flagged- could this be an infection?
I ran Avast and Malwarebytes from the other  windows installation and nothing was found. 
 
Im attaching FRST.txt
 
thanks in advance!
 
 
Attached File  FRST.txt   53.85KB   461 downloads

  • 0

Advertisements

#2
emeraldnzl
Posted 28 November 2014 - 04:04 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello Katchj,

 

Sorry for the delay.

 

Could be a number of things causing this including a something going wrong with your hardware.

 

I don't know whether we can solve it but let's give it a shot.

 

Note: Please copy and past your logs back into the thread. Easier to analyze. :)

 

Now

 

Boot to System Recovery Options and run FRST, as you have done previously.

Type the following in the edit box after "Search:".

volsnap.sys

Click Search button and copy and paste the log (Search.txt) it makes back here.


  • 0

#3
katchj
Posted 30 November 2014 - 03:12 AM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi, 

Thanks for the reply.

 

I think this is what you asked for....

 

-----------------------

Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by SYSTEM at 2014-11-30 11:02:56
Running from H:\tools
Boot Mode: Recovery
 
================== Search Files: "volsnap.sys" =============
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2011-03-16 03:09][2010-11-20 05:34] 0295808 ____N (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
 
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
[2009-07-13 15:20][2009-07-13 17:45] 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C
 
X:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2010-11-20 08:00][2010-11-20 08:00] 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
 
X:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010-11-20 08:00][2010-11-20 08:00] 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
 
X:\Windows\System32\drivers\volsnap.sys
[2010-11-20 08:00][2010-11-20 08:00] 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639
 
====== End Of Search ======

  • 0

#4
emeraldnzl
Posted 30 November 2014 - 02:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello katchj,

 

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

HKU\Yo\...\Run: [] => [X]
S3 wjhvfpd; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [57344 2008-07-22] ()
S3 xyurnkmu; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [57344 2008-07-22] ()
C:\Program Files (x86)\ophcrack
replace: C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys C:\Windows\System32\Drivers\volsnap.sys

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

After that



  • Boot into System Recovery Options
  • Choose the Command Prompt option
  • Type the following and hit enter:

    sfc /SCANNOW /OFFBOOTDIR=C:\  /OFFWINDIR=C:\Windows

    Note the spaces... they should be there.

Let it run through it's check.

Try a reboot when it's finished.

Come back and tell me how you got on.

So when you return please post

  • Fixlog.txt
  • tell me if you can boot up now

 


  • 0

#5
katchj
Posted 30 November 2014 - 03:11 PM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello,

thanks again. 

 

heres fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01

Ran by SYSTEM at 2014-11-30 22:41:30 Run:1
Running from H:\tools
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKU\Yo\...\Run: [] => [X]
S3 wjhvfpd; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [57344 2008-07-22] ()
S3 xyurnkmu; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [57344 2008-07-22] ()
C:\Program Files (x86)\ophcrack
replace: C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys C:\Windows\System32\Drivers\volsnap.sys
*****************
 
HKU\Yo\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
wjhvfpd => Service deleted successfully.
xyurnkmu => Service deleted successfully.
C:\Program Files (x86)\ophcrack => Moved successfully.
Could not find C:\Windows\System32\Drivers\volsnap.sys.
C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys copied successfully to C:\Windows\System32\Drivers\volsnap.sys
 
==== End of Fixlog ====

 

after that I ran sfc but it didnt seem to find any problems.

 

 

H:\tools>sfc /SCANNOW /OFFBOOTDIR=C:\  /OFFWINDIR=C:\Windows

Beginning system scan.  This process will take some time.
Windows Resource Protection did not find any integrity violations.

 

I rebooted and no changes - it still crashed. and I tried safemode and it seemed to crash in the same place....


  • 0

#6
emeraldnzl
Posted 30 November 2014 - 03:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

I tried safemode and it seemed to crash in the same place....

 

Was there a message? Tell me when you return.

 

For now

 

Please run a scan with FRST again and post back the log.


  • 0

#7
katchj
Posted 30 November 2014 - 03:54 PM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I got a bluescreen saying 


A problem was detected and Windows has been shut down to protect your computer...

STOP 0x0000007B (0xFFFFF880009A9928, 0xFFFFFFFFC0000034, 0x0.... , 0x0...)

 

 

when I started in Safemode the last module to load was aswRvrt.sys

 

 

here is  FRST.txt (you said not to attach, so here we go... ;)

 


 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01

Ran by SYSTEM on MININT-UF5STF4 on 30-11-2014 23:18:55
Running from H:\tools
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1260616 2014-10-12] (r2 Studios)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [LastApp] => C:\Program Files (x86)\LastPass\lastapp_x64.exe [36637240 2014-07-01] (LastPass)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-18] (Microsoft Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\Guest\...\Run: [Cloudfogger] => "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent --autostart
HKU\Guest\...\Run: [Growl] => C:\Program Files (x86)\Growl for Windows\Growl.exe [3817472 2012-03-21] (element code project)
HKU\Guest\...\Run: [ctfmon.exe] => C:\Windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Guest\...\Run: [uTray] => C:\Program Files\ITknowledge24\uTray.exe [55296 2010-07-05] (ITknowledge24.com)
HKU\Guest\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKU\Guest\...\Run: [ManicTime] => C:\Program Files (x86)\ManicTime\ManicTime.exe /minimized /name: 
HKU\Guest\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\Guest\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\Guest\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Yo\...\Run: [Growl] => C:\Program Files (x86)\Growl for Windows\Growl.exe [3817472 2012-03-21] (element code project)
HKU\Yo\...\Run: [ctfmon.exe] => C:\Windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Yo\...\Run: [Google Update] => C:\Users\Yo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-14] (Google Inc.)
HKU\Yo\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-11-09] (Glarysoft Ltd)
HKU\Yo\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\Yo\...\Policies\Explorer: [NoViewContextMenu] 0
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe - Shortcut.lnk
ShortcutTarget: RBTray.exe - Shortcut.lnk -> C:\Program Files (standalone)\RBTray-4_3\64bit\RBTray.exe ()
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Test Mail Server Tool.lnk
ShortcutTarget: Test Mail Server Tool.lnk -> C:\Users\Yo\AppData\Roaming\Microsoft\Installer\{5781A356-8BC3-4AD1-8214-DDD0CCA85B2A}\_96BD5A428272B92E9478FA.exe ()
BootExecute: autocheck autochk *  
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-28] (Conexant Systems, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)
S2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [153088 2014-10-13] (Code 42 Software)
S2 DokanMounter; C:\Program Files (x86)\SafeMonk\mounter.exe [14848 2013-08-19] ()
S2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
S4 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-27] (SafeNet Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2154272 2014-09-30] (IObit)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [327544 2014-11-18] (Mailbird)
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SMService; C:\Program Files (x86)\SafeMonk\smservice.exe [172368 2014-04-10] (SafeNet)
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] ()
S2 DeltaCopyService; No ImagePath
S3 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
S3 AWEAlloc; No ImagePath
S3 FLASHSYS; No ImagePath
S5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-22] (Glarysoft Ltd)
S2 MCSTRM; No ImagePath
S3 NLNdisMP; No ImagePath
S3 NLNdisPT; No ImagePath
S3 NTIOLib_1_0_0; C:\Program Files (x86)\MSI\DirectOC\NTIOLib_X64.sys [14136 2009-06-11] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7586v1B0\NTIOLib_X64.sys [11888 2011-01-06] (MSI)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 secdrv; No ImagePath
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)
S3 vmci; No ImagePath
S3 VMnetAdapter; No ImagePath
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S3 acfva; system32\DRIVERS\ACFVA64.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S2 aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [X]
S2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 ALSysIO; \??\C:\Users\Yo\AppData\Local\Temp\ALSysIO64.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 androidusb; System32\Drivers\androidusb.sys [X]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]
S3 arusb_win7x; system32\DRIVERS\arusb_win7x.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BthEnum; \SystemRoot\system32\drivers\BthEnum.sys [X]
S3 BTHMODEM; system32\DRIVERS\bthmodem.sys [X]
S3 BthPan; system32\DRIVERS\bthpan.sys [X]
S3 BTHPORT; System32\Drivers\BTHport.sys [X]
S3 BTHUSB; System32\Drivers\BTHUSB.sys [X]
S3 btusbflt; system32\drivers\btusbflt.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S1 CBFilterFS; \??\C:\Windows\system32\drivers\cbfltfs.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X]
S3 CmBatt; \SystemRoot\system32\DRIVERS\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S0 Compbatt; system32\DRIVERS\compbatt.sys [X]
S3 CompFilter64; system32\DRIVERS\lvbflt64.sys [X]
S3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [X]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X]
S3 DFX11_1; system32\drivers\dfx11_1x64.sys [X]
S3 dgcfltr; system32\DRIVERS\ACFDCP64.sys [X]
S3 DigiartyVirtualCDBus; system32\drivers\DigiartyVirtualCDBus.sys [X]
S0 Disk; system32\DRIVERS\disk.sys [X]
S2 Dokan; \??\C:\Windows\system32\drivers\dokan.sys [X]
S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [X]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbda.sys [X]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X]
S3 emAudio; system32\drivers\emAudio64.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]
S3 grmnusb; system32\drivers\grmnusb.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HdAudAddService; system32\drivers\HdAudio.sys [X]
S3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [X]
S3 HidBatt; system32\DRIVERS\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S0 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S3 LHidFilt; system32\DRIVERS\LHidFilt.Sys [X]
S3 LMouFilt; system32\DRIVERS\LMouFilt.Sys [X]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X]
S3 LUsbFilt; System32\Drivers\LUsbFilt.Sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUVC64; system32\DRIVERS\lvuvc64.sys [X]
S3 ManyCam; system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [X]
S2 mdmxsdk; system32\DRIVERS\ACFSDK64.sys [X]
S2 MegaCom; system32\DRIVERS\megabatteryX64.sys [X]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]
S3 MODEMCSA; system32\drivers\MODEMCSA.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S3 MSI_DVD_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\DVDSYS64_100507.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 MSI_VGASYS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\VGASYS64_100507.sys [X]
S3 msloop; system32\DRIVERS\loop.sys [X]
S1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]
S1 nm3; system32\DRIVERS\nm3.sys [X]
S2 NPF; system32\drivers\npf.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; system32\DRIVERS\parport.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S0 pciide; system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]
S3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [X]
S3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [X]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X]
S3 rdpbus; system32\DRIVERS\rdpbus.sys [X]
S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X]
S3 RFDisplay; system32\DRIVERS\RFDisplay.sys [X]
S3 RFMirror; system32\DRIVERS\RFMirror.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S3 RTL8169; system32\DRIVERS\Rtlh64.sys [X]
S3 s3cap; \SystemRoot\system32\drivers\vms3cap.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 Serenum; system32\DRIVERS\serenum.sys [X]
S1 Serial; system32\DRIVERS\serial.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]
S3 silabenm; system32\DRIVERS\silabenm.sys [X]
S3 silabser; system32\DRIVERS\silabser.sys [X]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X]
S0 storflt; system32\drivers\vmstorfl.sys [X]
S3 storvsc; \SystemRoot\system32\drivers\storvsc.sys [X]
S3 swenum; \SystemRoot\system32\drivers\swenum.sys [X]
S3 tap-tb-0901; system32\DRIVERS\tap-tb-0901.sys [X]
S3 tap0901; system32\DRIVERS\tap0901.sys [X]
S3 tapoas; system32\DRIVERS\tapoas.sys [X]
S1 TermDD; \SystemRoot\system32\drivers\termdd.sys [X]
S2 TurboB; system32\DRIVERS\TurboB.sys [X]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [X]
S3 usbaudio; system32\drivers\usbaudio.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbehci; \SystemRoot\system32\drivers\usbehci.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; system32\DRIVERS\usbprint.sys [X]
S3 usbscan; \SystemRoot\system32\drivers\usbscan.sys [X]
S3 usbser; system32\DRIVERS\usbser.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
S3 usbvideo; \SystemRoot\System32\Drivers\usbvideo.sys [X]
S3 VBoxUSB; System32\Drivers\VBoxUSB.sys [X]
S3 VClone; system32\DRIVERS\VClone.sys [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S0 vmbus; system32\drivers\vmbus.sys [X]
S3 VMBusHID; \SystemRoot\system32\drivers\VMBusHID.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S3 vpcbus; system32\DRIVERS\vpchbus.sys [X]
S3 vpcusb; system32\DRIVERS\vpcusb.sys [X]
S3 vpcuxd; \SystemRoot\system32\drivers\vpcuxd.sys [X]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X]
S3 VUSB3HUB; system32\DRIVERS\ViaHub3.sys [X]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X]
S3 WDC_SAM; system32\DRIVERS\wdcsam64.sys [X]
S3 WinUsb; system32\DRIVERS\WinUsb.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S2 XAudio; system32\DRIVERS\ACFXAU64.sys [X]
S3 xhcdrv; system32\DRIVERS\xhcdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 22:41 - 2010-11-20 05:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2014-11-27 23:02 - 2014-11-30 23:18 - 00000000 ____D () C:\FRST
2014-11-26 19:16 - 2014-11-26 19:16 - 00000000 ____D () C:\Windows\System32\MUI
2014-11-26 19:14 - 2014-11-26 19:14 - 00000000 ____D () C:\Windows\System32\winrm
2014-11-26 19:14 - 2014-11-26 19:14 - 00000000 ____D () C:\Windows\System32\WinBioDatabase
2014-11-26 19:14 - 2014-11-26 19:14 - 00000000 ____D () C:\Windows\System32\WCN
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\tr-TR
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\th-TH
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\ro-RO
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\he-IL
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\ar-SA
2014-11-26 19:11 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sysprep
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\WinBioPlugIns
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sppui
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\slmgr
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\icsxml
2014-11-26 19:09 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Speech
2014-11-26 19:08 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ras
2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 ____D () C:\Windows\System32\Printing_Admin_Scripts
2014-11-26 19:06 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ias
2014-11-26 19:06 - 2014-11-26 19:06 - 00000000 ____D () C:\Windows\System32\NetworkList
2014-11-26 19:04 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\migwiz
2014-11-26 19:00 - 2014-11-26 19:00 - 00000000 ____D () C:\Windows\System32\WindowsPowerShell
2014-11-26 19:00 - 2014-11-26 19:00 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\zh-HK
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\uk-UA
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\tr-TR
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\th-TH
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sr-Latn-CS
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sl-SI
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sk-SK
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Setup
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ro-RO
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\oobe
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\lv-LV
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\lt-LT
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\hr-HR
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\he-IL
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\et-EE
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\bg-BG
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ar-SA
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2014-11-26 18:57 - 2014-11-26 19:03 - 00000000 ____D () C:\Windows\System32\IME
2014-11-26 18:57 - 2014-11-26 18:57 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-11-26 18:57 - 2014-11-26 18:57 - 00000000 ____D () C:\Windows\System32\config\Journal
2014-11-26 18:56 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\com
2014-11-26 18:56 - 2014-11-26 19:09 - 00000000 ____D () C:\Windows\System32\spp
2014-11-26 18:55 - 2014-11-26 21:29 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-11-26 18:55 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\manifeststore
2014-11-26 16:27 - 2014-11-26 16:27 - 00000073 _____ () C:\Windows\{6a705f70-d849-4b5e-9cda-5a04869d0cd2}
2014-11-26 13:10 - 2014-11-26 13:10 - 00132645 _____ () C:\wubildr
2014-11-26 07:35 - 2014-11-26 07:35 - 09439496 _____ () C:\Users\Yo\Downloads\Fences_v2.13_setup_sd.exe
2014-11-26 03:43 - 2014-11-26 03:43 - 00000197 _____ () C:\Windows\System32\2014-11-26-11-43-43.056-AvastVBoxSVC.exe-3348.log
2014-11-26 03:08 - 2014-11-26 03:08 - 00543483 _____ () C:\Users\Yo\Downloads\Windows6.1-KB2852386-x64.msu
2014-11-26 01:31 - 2014-11-26 01:31 - 00000024 _____ () C:\Users\Yo\Downloads\cc_config.ini
2014-11-26 01:30 - 2014-11-26 01:30 - 00285696 _____ (SingularLabs) C:\Users\Yo\Downloads\CCEnhancer-4.1.exe
2014-11-25 14:57 - 2014-11-25 14:57 - 00000197 _____ () C:\Windows\System32\2014-11-25-22-57-39.039-AvastVBoxSVC.exe-5376.log
2014-11-25 09:17 - 2014-11-26 07:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 09:17 - 2014-11-25 09:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 12:15 - 2014-11-26 21:29 - 00000000 ____D () C:\Users\Yo\AppData\Local\Mailbird
2014-11-24 12:15 - 2014-11-24 12:15 - 00000952 _____ () C:\Users\Public\Desktop\Mailbird.lnk
2014-11-24 12:15 - 2014-11-24 12:15 - 00000000 ____D () C:\ProgramData\Mailbird
2014-11-24 12:12 - 2014-11-26 21:29 - 00000000 ____D () C:\Program Files (x86)\Mailbird
2014-11-24 12:12 - 2014-11-24 12:12 - 45225960 _____ (Mailbird) C:\Users\Yo\Downloads\MailbirdOfflineInstaller.exe
2014-11-24 11:45 - 2014-11-24 02:07 - 00916024 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-11-24 11:44 - 2014-11-24 02:07 - 00128080 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2014-11-24 03:35 - 2014-11-24 03:35 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\Yo\Downloads\CG_5.0.14.7.exe
2014-11-24 03:07 - 2014-11-24 03:07 - 16724942 _____ () C:\Users\Yo\Downloads\HandBrake-0.10.0-x86_64-Win_GUI.exe
2014-11-24 02:07 - 2014-11-24 02:07 - 00141440 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-11-24 02:06 - 2014-11-24 02:06 - 00204264 _____ (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2014-11-24 02:06 - 2014-11-24 02:06 - 00156360 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2014-11-23 00:52 - 2014-11-23 07:59 - 00000000 ____D () C:\Users\Yo\AppData\Local\Tomahawk
2014-11-23 00:51 - 2014-11-23 00:52 - 00000000 ____D () C:\Program Files (x86)\Tomahawk
2014-11-22 12:49 - 2014-11-22 14:36 - 00000000 ____D () C:\Users\Yo\AppData\Local\Atraci
2014-11-22 12:49 - 2014-11-22 12:49 - 00001706 _____ () C:\Users\Yo\Desktop\Atraci.lnk
2014-11-22 12:48 - 2014-11-22 12:49 - 00000000 ____D () C:\Users\Yo\Desktop\Atraci
2014-11-22 11:32 - 2014-11-22 11:32 - 00000197 _____ () C:\Windows\System32\2014-11-22-19-32-19.082-AvastVBoxSVC.exe-5592.log
2014-11-22 10:42 - 2014-11-26 04:01 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-11-22 10:42 - 2014-11-22 10:43 - 00002960 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-11-22 10:42 - 2014-11-22 10:43 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-11-22 10:42 - 2014-11-22 10:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\System32\Drivers\GUBootStartup.sys
2014-11-22 10:42 - 2014-11-22 10:42 - 00002610 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-11-19 01:30 - 2014-11-10 19:08 - 00728064 ____N (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 01:30 - 2014-11-10 19:08 - 00241152 ____N (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-19 01:30 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 01:29 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 08:32 - 2014-11-26 21:29 - 00000000 ____D () C:\Users\Yo\AppData\Local\RescueTime.com
2014-11-18 08:32 - 2014-11-18 08:32 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2014-11-17 02:26 - 2014-11-17 02:26 - 00000000 ____D () C:\Users\Yo\Desktop\WinDlg_v1_27
2014-11-16 10:01 - 2014-11-16 10:03 - 38852275 ____H () C:\Users\Yo\Downloads\vpngate-client-2014.11.17-build-9506.131126.zip
2014-11-16 04:46 - 2014-11-16 04:46 - 00792029 _____ () C:\Users\Yo\Downloads\CrashPlanFix-Windows.zip
2014-11-16 04:46 - 2014-11-16 04:46 - 00000000 ____D () C:\Users\Yo\Downloads\CrashPlanFix-Windows
2014-11-16 04:18 - 2014-11-16 04:18 - 00000770 _____ () C:\Users\Yo\Downloads\status_reports_2014-11-16T12-18-18+00-00.csv
2014-11-16 04:06 - 2014-11-16 04:30 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\S3Browser
2014-11-16 04:06 - 2014-11-16 04:06 - 00000000 ____D () C:\Program Files\S3 Browser
2014-11-16 03:53 - 2014-11-16 03:53 - 13898200 _____ () C:\Users\Yo\Downloads\CloudBerryOnlineBackupSetup_v3.9.6.31S3netv4.0.exe
2014-11-16 03:30 - 2014-11-16 03:30 - 09829948 _____ () C:\Users\Yo\Downloads\duplicati-latest.zip
2014-11-16 02:40 - 2014-11-16 12:01 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\FastGlacier
2014-11-16 02:40 - 2014-11-16 02:40 - 00000000 ____D () C:\Program Files\FastGlacier
2014-11-16 02:00 - 2014-11-16 02:00 - 00000000 ____D () C:\Program Files (x86)\Firefox Developer Edition
2014-11-15 08:49 - 2014-11-15 08:51 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-15 08:15 - 2014-11-15 08:15 - 00364512 ____N (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-15 08:15 - 2014-11-15 08:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-13 01:36 - 2014-11-13 01:37 - 00000000 ____D () C:\Users\Yo\Desktop\FirefoxPortable
2014-11-12 07:43 - 2014-11-12 07:44 - 00000000 ____D () C:\Users\Yo\Documents\AlephOne
2014-11-12 07:43 - 2014-11-12 07:43 - 00000000 ____D () C:\Users\Yo\AppData\Local\AlephOne
2014-11-12 00:08 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 00:08 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 00:08 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 00:08 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 00:07 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 00:07 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 00:07 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 00:07 - 2014-11-05 20:03 - 25110016 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 00:07 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 00:07 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 00:07 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 00:07 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 00:07 - 2014-11-05 19:43 - 02884096 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 00:07 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 00:07 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 00:07 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 00:07 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 00:07 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 00:07 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 00:07 - 2014-11-05 19:23 - 06040064 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 00:07 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 00:07 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 00:07 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 00:07 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 00:07 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 00:07 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 00:07 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 00:07 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 00:07 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 00:07 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 00:07 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 00:07 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 00:07 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 00:07 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 00:07 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 00:07 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 00:07 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 00:07 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 00:07 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 00:07 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-12 00:07 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 00:07 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 00:07 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 00:07 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 00:07 - 2014-11-05 18:30 - 14390272 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 00:07 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 00:07 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 00:07 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 00:07 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 00:07 - 2014-11-05 18:17 - 02365440 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 00:07 - 2014-11-05 18:04 - 01550336 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 00:07 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 00:07 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 00:07 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 00:07 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 00:07 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 00:07 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 00:07 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 00:07 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 00:07 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 00:07 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 00:07 - 2014-10-17 18:05 - 00861696 ____N (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 00:07 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 00:07 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 00:07 - 2014-10-13 18:13 - 00683520 ____N (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 00:07 - 2014-10-13 18:12 - 01460736 ____N (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 00:07 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 00:07 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 00:07 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 00:07 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 00:07 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 00:07 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 00:07 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 00:07 - 2014-10-02 18:12 - 00500224 ____N (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00680960 ____N (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00440832 ____N (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00296448 ____N (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 00:07 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 00:07 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 00:07 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00342016 ____N (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00314880 ____N (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00309760 ____N (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00210944 ____N (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00086528 ____N (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00022016 ____N (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 00:07 - 2014-08-20 22:43 - 01882624 ____N (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 00:07 - 2014-08-20 22:40 - 00002048 ____N (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 00:07 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 00:07 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 00:07 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 00:07 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 00:04 - 2014-10-13 18:13 - 03241984 ____N (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 00:04 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-09 05:43 - 2014-11-09 05:43 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\Yo\Downloads\RegistrarHomeV7.exe
2014-11-06 05:04 - 2014-11-06 05:04 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\TightVNC
2014-11-06 05:04 - 2014-11-06 05:04 - 00000000 ____D () C:\Program Files\TightVNC
2014-11-05 06:27 - 2014-11-05 06:27 - 00000000 ____D () C:\Users\Yo\Desktop\winmtr_bin_0.8
2014-11-05 06:26 - 2014-11-05 06:27 - 00000000 ____D () C:\Users\Yo\Desktop\multiping-v0.2
2014-11-04 23:34 - 2014-11-04 23:34 - 00000000 ____D () C:\ProgramData\Paessler
2014-11-04 23:34 - 2014-11-04 23:34 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-04 11:17 - 2014-11-05 01:05 - 00000470 _____ () C:\Users\Yo\_vim_mru_files
2014-11-04 09:06 - 2014-09-18 02:51 - 00001006 _____ () C:\Users\Yo\_vimrc.bak
2014-11-04 09:04 - 2014-11-04 10:15 - 00000000 ____D () C:\Users\Yo\vimfiles
2014-11-04 05:28 - 2014-11-04 05:28 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\RStudio
2014-11-04 05:26 - 2014-11-04 05:26 - 00000000 ____D () C:\Users\Yo\Documents\R
2014-11-04 05:25 - 2014-11-04 05:26 - 00000000 ____D () C:\Program Files\RStudio
2014-11-04 05:24 - 2014-11-04 05:24 - 00000000 ____D () C:\Program Files\R
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-26 21:29 - 2014-09-30 05:24 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\ProductData
2014-11-26 21:29 - 2014-08-07 04:41 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Everything
2014-11-26 21:29 - 2011-11-19 08:28 - 00000000 ____D () C:\Windows\System32\Macromed
2014-11-26 21:29 - 2011-05-25 04:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-26 21:29 - 2010-11-04 03:31 - 00000000 ____D () C:\Program Files (standalone)
2014-11-26 21:29 - 2010-08-24 00:37 - 00000000 ___RD () C:\Users\Yo\Dropbox
2014-11-26 21:29 - 2010-08-19 00:07 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Launchy
2014-11-26 21:29 - 2010-08-18 23:10 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-11-26 21:29 - 2010-08-18 22:43 - 00000000 ____D () C:\users\Yo
2014-11-26 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-11-26 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-26 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-11-26 19:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\SMI
2014-11-26 19:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-11-26 07:47 - 2010-08-18 03:14 - 01136666 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 07:46 - 2014-10-05 11:46 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Free Download Manager
2014-11-26 07:46 - 2013-03-05 02:56 - 00000028 _____ () C:\Users\Yo\AppData\Roaming\Network Meter_Usage.ini
2014-11-26 07:41 - 2010-08-18 23:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003UA.job
2014-11-26 07:27 - 2013-10-20 01:17 - 00194026 _____ () C:\Users\Yo\IP_Log_Data.js
2014-11-26 07:20 - 2013-08-19 22:49 - 00000008 __RSH () C:\Users\Yo\ntuser.pol
2014-11-26 07:19 - 2013-06-12 01:37 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-26 07:00 - 2013-07-25 00:47 - 00185983 _____ () C:\Users\Yo\Network_Meter_Data.js
2014-11-26 06:57 - 2014-08-11 05:52 - 00000876 _____ () C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003UA.job
2014-11-26 06:57 - 2014-08-11 05:52 - 00000824 _____ () C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003Core.job
2014-11-26 05:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\winevt
2014-11-26 05:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-26 04:02 - 2010-08-18 23:13 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Dropbox
2014-11-26 03:59 - 2010-11-29 23:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 03:51 - 2009-07-13 20:45 - 00026368 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 03:51 - 2009-07-13 20:45 - 00026368 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 03:41 - 2014-09-30 05:23 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 03:40 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 03:39 - 2013-01-17 06:19 - 00102859 _____ () C:\Windows\setupact.log
2014-11-25 14:50 - 2013-01-21 11:25 - 00167754 _____ () C:\Windows\PFRO.log
2014-11-25 14:42 - 2010-08-19 00:10 - 00000000 ____D () C:\Users\Yo\.VirtualBox
2014-11-25 10:41 - 2010-08-18 23:09 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003Core.job
2014-11-25 09:17 - 2012-03-31 13:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 09:17 - 2011-05-17 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 12:16 - 2012-09-16 00:14 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\foobar2000
2014-11-23 08:40 - 2012-10-02 03:32 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Ketarin
2014-11-23 02:12 - 2013-07-04 02:39 - 00031616 _____ () C:\Windows\System32\FoolishEventLogMsgHelper.dll
2014-11-22 11:24 - 2012-06-18 01:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-22 11:03 - 2010-08-19 01:49 - 00007657 _____ () C:\Users\Yo\AppData\Local\resmon.resmoncfg
2014-11-22 11:02 - 2013-03-08 01:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 11:01 - 2014-10-21 01:00 - 00000000 ____D () C:\Program Files (x86)\LastPass
2014-11-22 10:59 - 2013-02-12 09:09 - 00000000 ____D () C:\Program Files\PeaZip
2014-11-22 10:43 - 2014-01-22 03:04 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-11-22 10:43 - 2010-11-20 08:16 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\GlarySoft
2014-11-22 10:42 - 2013-06-28 05:56 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-11-22 09:59 - 2010-10-31 00:25 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-11-22 09:23 - 2013-04-29 07:22 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-11-20 13:07 - 2011-01-27 07:44 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\MediaMonkey
2014-11-19 01:56 - 2012-03-20 12:24 - 00000000 ____D () C:\Users\Yo\AppData\Local\CrashDumps
2014-11-17 11:13 - 2010-08-19 07:59 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Thunderbird
2014-11-17 03:01 - 2010-08-19 00:16 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Mozilla
2014-11-17 02:16 - 2014-06-22 00:50 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\uTorrent
2014-11-17 02:14 - 2010-09-11 11:29 - 00000000 ____D () C:\users\Guest
2014-11-16 11:46 - 2013-04-18 11:31 - 00093144 _____ () C:\Users\Yo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 09:16 - 2014-09-15 02:40 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-11-15 08:15 - 2014-04-21 10:26 - 00029208 ____N () C:\Windows\System32\Drivers\aswHwid.sys
2014-11-15 08:15 - 2013-12-24 04:50 - 00116728 ____N (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00436624 ____N (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00267632 ____N () C:\Windows\System32\Drivers\aswVmm.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00093568 ____N (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00083280 ____N (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00065776 ____N () C:\Windows\System32\Drivers\aswRvrt.sys
2014-11-13 00:25 - 2010-11-29 23:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 08:05 - 2010-08-19 06:21 - 00000000 ___RD () C:\Users\Yo\Virtual Machines
2014-11-12 03:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-11 08:05 - 2013-02-20 04:35 - 00008963 _____ () C:\Windows\LkmdfCoInst.log
2014-11-09 05:07 - 2012-01-15 02:45 - 00000000 ____D () C:\ProgramData\Logitech
2014-11-09 03:15 - 2014-07-14 08:23 - 00000000 ____D () C:\AdwCleaner
2014-11-09 02:19 - 2014-03-26 02:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 01:25 - 2014-10-05 11:45 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-11-08 09:26 - 2010-08-18 23:21 - 00000000 ____D () C:\Users\Yo\AppData\Local\Paint.NET
2014-11-06 10:20 - 2010-08-24 23:53 - 00000600 _____ () C:\Users\Yo\AppData\Local\PUTTY.RND
2014-11-06 04:59 - 2012-09-27 23:49 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\mRemoteNG
2014-11-05 01:05 - 2014-08-07 06:31 - 00009211 ____H () C:\Users\Yo\_viminfo
2014-11-05 01:04 - 2014-09-18 02:15 - 00002759 _____ () C:\Users\Yo\_vimrc
2014-11-05 01:04 - 2014-02-04 03:03 - 00000000 ____D () C:\Temp
2014-11-05 00:30 - 2014-09-18 02:15 - 00002512 _____ () C:\Users\Yo\_vimrc~
2014-11-05 00:10 - 2010-11-12 01:46 - 00000000 ____D () C:\ProgramData\Temp
2014-11-04 23:34 - 2011-12-20 03:15 - 00001024 _____ () C:\.rnd
2014-11-04 11:21 - 2012-04-24 11:27 - 00000000 ___RD () C:\Users\Yo\Google Drive
2014-11-01 09:02 - 2013-03-01 02:44 - 00000000 ____D () C:\Users\Yo\AppData\Local\Skitch
 
Files to move or delete:
====================
C:\Users\Yo\IP_Log_Data.js
C:\Users\Yo\Network_Meter_Data.js
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
 
 
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
==================== Restore Points  =========================
 
Restore point made on: 2014-11-12 00:08:41
Restore point made on: 2014-11-15 08:14:17
Restore point made on: 2014-11-15 08:52:29
Restore point made on: 2014-11-16 08:54:47
Restore point made on: 2014-11-16 11:19:14
Restore point made on: 2014-11-19 01:31:05
Restore point made on: 2014-11-22 09:56:28
Restore point made on: 2014-11-22 10:12:32
Restore point made on: 2014-11-24 11:41:34
Restore point made on: 2014-11-24 12:08:16
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 6135.12 MB
Available physical RAM: 5296.36 MB
Total Pagefile: 6133.32 MB
Available Pagefile: 5288.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:203.09 GB) (Free:50.36 GB) NTFS
Drive e: () (Fixed) (Total:470 GB) (Free:154.88 GB) NTFS
Drive f: () (Fixed) (Total:228.32 GB) (Free:160.51 GB) NTFS
Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: (yug) (Removable) (Total:3.61 GB) (Free:3.37 GB) FAT32
Drive i: () (Removable) (Total:7.49 GB) (Free:4.3 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=203.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=470 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=228.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.6 GB) (Disk ID: 00014B5E)
Partition 1: (Active) - (Size=3.6 GB) - (Type=0C)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 021F0374)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-11-25 01:21
 
==================== End Of Log ============================

 


  • 0

#8
emeraldnzl
Posted 30 November 2014 - 04:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello katchj,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

LastRegBack: 2014-11-25 01:21


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

After that

 

Please run another scan with FRST and post the log back here.

 

So when you return please post

Fixlog.txt

FRST.txt
 

 


  • 0

#9
katchj
Posted 01 December 2014 - 05:45 AM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi,

here is fixlog:


 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01

Ran by SYSTEM at 2014-12-01 13:27:04 Run:2
Running from H:\tools
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
LastRegBack: 2014-11-25 01:21
*****************
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====

 

and here is FRST.txt

 


 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01

Ran by SYSTEM on MININT-9V22CLE on 01-12-2014 13:27:51
Running from H:\tools
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3993744 2014-05-22] (Stardock Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [StartupDelayer] => C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1260616 2014-10-12] (r2 Studios)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
HKLM-x32\...\Run: [LastApp] => C:\Program Files (x86)\LastPass\lastapp_x64.exe [36637240 2014-07-01] (LastPass)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKU\Guest\...\Run: [Cloudfogger] => "C:\Program Files\Cloudfogger\Cloudfogger.exe" --silent --autostart
HKU\Guest\...\Run: [Growl] => C:\Program Files (x86)\Growl for Windows\Growl.exe [3817472 2012-03-21] (element code project)
HKU\Guest\...\Run: [ctfmon.exe] => C:\Windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Guest\...\Run: [uTray] => C:\Program Files\ITknowledge24\uTray.exe [55296 2010-07-05] (ITknowledge24.com)
HKU\Guest\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKU\Guest\...\Run: [ManicTime] => C:\Program Files (x86)\ManicTime\ManicTime.exe /minimized /name: 
HKU\Guest\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\Guest\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\Guest\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Yo\...\Run: [Growl] => C:\Program Files (x86)\Growl for Windows\Growl.exe [3817472 2012-03-21] (element code project)
HKU\Yo\...\Run: [ctfmon.exe] => C:\Windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\Yo\...\Run: [Google Update] => C:\Users\Yo\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-14] (Google Inc.)
HKU\Yo\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-11-09] (Glarysoft Ltd)
HKU\Yo\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\Yo\...\Policies\Explorer: [NoViewContextMenu] 0
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe - Shortcut.lnk
ShortcutTarget: RBTray.exe - Shortcut.lnk -> C:\Program Files (standalone)\RBTray-4_3\64bit\RBTray.exe ()
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Test Mail Server Tool.lnk
ShortcutTarget: Test Mail Server Tool.lnk -> C:\Users\Yo\AppData\Roaming\Microsoft\Installer\{5781A356-8BC3-4AD1-8214-DDD0CCA85B2A}\_96BD5A428272B92E9478FA.exe ()
BootExecute: autocheck autochk *  
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-28] (Conexant Systems, Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)
S2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [153088 2014-10-13] (Code 42 Software)
S2 DokanMounter; C:\Program Files (x86)\SafeMonk\mounter.exe [14848 2013-08-19] ()
S2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
S4 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-27] (SafeNet Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2154272 2014-09-30] (IObit)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [327544 2014-11-18] (Mailbird)
S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SMService; C:\Program Files (x86)\SafeMonk\smservice.exe [172368 2014-04-10] (SafeNet)
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] ()
S2 DeltaCopyService; No ImagePath
S3 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [X]
S3 wjhvfpd; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [X]
S3 xyurnkmu; C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
S3 AWEAlloc; No ImagePath
S3 FLASHSYS; No ImagePath
S5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-22] (Glarysoft Ltd)
S2 MCSTRM; No ImagePath
S3 NLNdisMP; No ImagePath
S3 NLNdisPT; No ImagePath
S3 NTIOLib_1_0_0; C:\Program Files (x86)\MSI\DirectOC\NTIOLib_X64.sys [14136 2009-06-11] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7586v1B0\NTIOLib_X64.sys [11888 2011-01-06] (MSI)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 secdrv; No ImagePath
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)
S3 vmci; No ImagePath
S3 VMnetAdapter; No ImagePath
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S3 acfva; system32\DRIVERS\ACFVA64.sys [X]
S0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S2 aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [X]
S2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 ALSysIO; \??\C:\Users\Yo\AppData\Local\Temp\ALSysIO64.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 androidusb; System32\Drivers\androidusb.sys [X]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]
S3 arusb_win7x; system32\DRIVERS\arusb_win7x.sys [X]
S0 atapi; system32\drivers\atapi.sys [X]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BthEnum; \SystemRoot\system32\drivers\BthEnum.sys [X]
S3 BTHMODEM; system32\DRIVERS\bthmodem.sys [X]
S3 BthPan; system32\DRIVERS\bthpan.sys [X]
S3 BTHPORT; System32\Drivers\BTHport.sys [X]
S3 BTHUSB; System32\Drivers\BTHUSB.sys [X]
S3 btusbflt; system32\drivers\btusbflt.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S1 CBFilterFS; \??\C:\Windows\system32\drivers\cbfltfs.sys [X]
S1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X]
S3 CmBatt; \SystemRoot\system32\DRIVERS\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S0 Compbatt; system32\DRIVERS\compbatt.sys [X]
S3 CompFilter64; system32\DRIVERS\lvbflt64.sys [X]
S3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [X]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X]
S3 DFX11_1; system32\drivers\dfx11_1x64.sys [X]
S3 dgcfltr; system32\DRIVERS\ACFDCP64.sys [X]
S3 DigiartyVirtualCDBus; system32\drivers\DigiartyVirtualCDBus.sys [X]
S0 Disk; system32\DRIVERS\disk.sys [X]
S2 Dokan; \??\C:\Windows\system32\drivers\dokan.sys [X]
S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [X]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbda.sys [X]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X]
S3 emAudio; system32\drivers\emAudio64.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]
S3 grmnusb; system32\drivers\grmnusb.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HdAudAddService; system32\drivers\HdAudio.sys [X]
S3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [X]
S3 HidBatt; system32\DRIVERS\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
S3 kbdclass; system32\DRIVERS\kbdclass.sys [X]
S3 kbdhid; system32\DRIVERS\kbdhid.sys [X]
S3 LHidFilt; system32\DRIVERS\LHidFilt.Sys [X]
S3 LMouFilt; system32\DRIVERS\LMouFilt.Sys [X]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X]
S3 LUsbFilt; System32\Drivers\LUsbFilt.Sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUVC64; system32\DRIVERS\lvuvc64.sys [X]
S3 ManyCam; system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [X]
S2 mdmxsdk; system32\DRIVERS\ACFSDK64.sys [X]
S2 MegaCom; system32\DRIVERS\megabatteryX64.sys [X]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]
S3 MODEMCSA; system32\drivers\MODEMCSA.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S3 mouclass; system32\DRIVERS\mouclass.sys [X]
S3 mouhid; system32\DRIVERS\mouhid.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S0 msisadrv; system32\drivers\msisadrv.sys [X]
S3 MSI_DVD_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\DVDSYS64_100507.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 MSI_VGASYS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\VGASYS64_100507.sys [X]
S3 msloop; system32\DRIVERS\loop.sys [X]
S1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]
S1 nm3; system32\DRIVERS\nm3.sys [X]
S2 NPF; system32\drivers\npf.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; system32\DRIVERS\parport.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S0 pci; system32\drivers\pci.sys [X]
S0 pciide; system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]
S3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [X]
S3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [X]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X]
S3 rdpbus; system32\DRIVERS\rdpbus.sys [X]
S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X]
S3 RFDisplay; system32\DRIVERS\RFDisplay.sys [X]
S3 RFMirror; system32\DRIVERS\RFMirror.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S3 RTL8169; system32\DRIVERS\Rtlh64.sys [X]
S3 s3cap; \SystemRoot\system32\drivers\vms3cap.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 Serenum; system32\DRIVERS\serenum.sys [X]
S1 Serial; system32\DRIVERS\serial.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]
S3 silabenm; system32\DRIVERS\silabenm.sys [X]
S3 silabser; system32\DRIVERS\silabser.sys [X]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X]
S0 storflt; system32\drivers\vmstorfl.sys [X]
S3 storvsc; \SystemRoot\system32\drivers\storvsc.sys [X]
S3 swenum; \SystemRoot\system32\drivers\swenum.sys [X]
S3 tap-tb-0901; system32\DRIVERS\tap-tb-0901.sys [X]
S3 tap0901; system32\DRIVERS\tap0901.sys [X]
S3 tapoas; system32\DRIVERS\tapoas.sys [X]
S1 TermDD; \SystemRoot\system32\drivers\termdd.sys [X]
S2 TurboB; system32\DRIVERS\TurboB.sys [X]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 umbus; system32\DRIVERS\umbus.sys [X]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [X]
S3 usbaudio; system32\drivers\usbaudio.sys [X]
S3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbehci; \SystemRoot\system32\drivers\usbehci.sys [X]
S3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; system32\DRIVERS\usbprint.sys [X]
S3 usbscan; \SystemRoot\system32\drivers\usbscan.sys [X]
S3 usbser; system32\DRIVERS\usbser.sys [X]
S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\system32\drivers\usbuhci.sys [X]
S3 usbvideo; \SystemRoot\System32\Drivers\usbvideo.sys [X]
S3 VBoxUSB; System32\Drivers\VBoxUSB.sys [X]
S3 VClone; system32\DRIVERS\VClone.sys [X]
S0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S0 vmbus; system32\drivers\vmbus.sys [X]
S3 VMBusHID; \SystemRoot\system32\drivers\VMBusHID.sys [X]
S0 volmgr; system32\drivers\volmgr.sys [X]
S3 vpcbus; system32\DRIVERS\vpchbus.sys [X]
S3 vpcusb; system32\DRIVERS\vpcusb.sys [X]
S3 vpcuxd; \SystemRoot\system32\drivers\vpcuxd.sys [X]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X]
S3 VUSB3HUB; system32\DRIVERS\ViaHub3.sys [X]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X]
S3 WDC_SAM; system32\DRIVERS\wdcsam64.sys [X]
S3 WinUsb; system32\DRIVERS\WinUsb.sys [X]
S3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
S2 XAudio; system32\DRIVERS\ACFXAU64.sys [X]
S3 xhcdrv; system32\DRIVERS\xhcdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 13:27 - 2014-12-01 13:27 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2014-11-30 22:41 - 2010-11-20 05:34 - 00295808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2014-11-27 23:02 - 2014-12-01 13:27 - 00000000 ____D () C:\FRST
2014-11-26 19:16 - 2014-11-26 19:16 - 00000000 ____D () C:\Windows\System32\MUI
2014-11-26 19:14 - 2014-11-26 19:14 - 00000000 ____D () C:\Windows\System32\winrm
2014-11-26 19:14 - 2014-11-26 19:14 - 00000000 ____D () C:\Windows\System32\WinBioDatabase
2014-11-26 19:14 - 2014-11-26 19:14 - 00000000 ____D () C:\Windows\System32\WCN
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\tr-TR
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\th-TH
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\ro-RO
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\he-IL
2014-11-26 19:13 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Drivers\ar-SA
2014-11-26 19:11 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sysprep
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\WinBioPlugIns
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sppui
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\slmgr
2014-11-26 19:10 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\icsxml
2014-11-26 19:09 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Speech
2014-11-26 19:08 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ras
2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 ____D () C:\Windows\System32\Printing_Admin_Scripts
2014-11-26 19:06 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ias
2014-11-26 19:06 - 2014-11-26 19:06 - 00000000 ____D () C:\Windows\System32\NetworkList
2014-11-26 19:04 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\migwiz
2014-11-26 19:00 - 2014-11-26 19:00 - 00000000 ____D () C:\Windows\System32\WindowsPowerShell
2014-11-26 19:00 - 2014-11-26 19:00 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\zh-HK
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\uk-UA
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\tr-TR
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\th-TH
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sr-Latn-CS
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sl-SI
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\sk-SK
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\Setup
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ro-RO
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\oobe
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\lv-LV
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\lt-LT
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\hr-HR
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\he-IL
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\et-EE
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\bg-BG
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\ar-SA
2014-11-26 18:57 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2014-11-26 18:57 - 2014-11-26 19:03 - 00000000 ____D () C:\Windows\System32\IME
2014-11-26 18:57 - 2014-11-26 18:57 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-11-26 18:57 - 2014-11-26 18:57 - 00000000 ____D () C:\Windows\System32\config\Journal
2014-11-26 18:56 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\com
2014-11-26 18:56 - 2014-11-26 19:09 - 00000000 ____D () C:\Windows\System32\spp
2014-11-26 18:55 - 2014-11-26 21:29 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-11-26 18:55 - 2014-11-26 21:29 - 00000000 ____D () C:\Windows\System32\manifeststore
2014-11-26 16:27 - 2014-11-26 16:27 - 00000073 _____ () C:\Windows\{6a705f70-d849-4b5e-9cda-5a04869d0cd2}
2014-11-26 13:10 - 2014-11-26 13:10 - 00132645 _____ () C:\wubildr
2014-11-26 07:35 - 2014-11-26 07:35 - 09439496 _____ () C:\Users\Yo\Downloads\Fences_v2.13_setup_sd.exe
2014-11-26 03:43 - 2014-11-26 03:43 - 00000197 _____ () C:\Windows\System32\2014-11-26-11-43-43.056-AvastVBoxSVC.exe-3348.log
2014-11-26 03:08 - 2014-11-26 03:08 - 00543483 _____ () C:\Users\Yo\Downloads\Windows6.1-KB2852386-x64.msu
2014-11-26 01:31 - 2014-11-26 01:31 - 00000024 _____ () C:\Users\Yo\Downloads\cc_config.ini
2014-11-26 01:30 - 2014-11-26 01:30 - 00285696 _____ (SingularLabs) C:\Users\Yo\Downloads\CCEnhancer-4.1.exe
2014-11-25 14:57 - 2014-11-25 14:57 - 00000197 _____ () C:\Windows\System32\2014-11-25-22-57-39.039-AvastVBoxSVC.exe-5376.log
2014-11-25 09:17 - 2014-11-26 07:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 09:17 - 2014-11-25 09:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 12:15 - 2014-11-26 21:29 - 00000000 ____D () C:\Users\Yo\AppData\Local\Mailbird
2014-11-24 12:15 - 2014-11-24 12:15 - 00000952 _____ () C:\Users\Public\Desktop\Mailbird.lnk
2014-11-24 12:15 - 2014-11-24 12:15 - 00000000 ____D () C:\ProgramData\Mailbird
2014-11-24 12:12 - 2014-11-26 21:29 - 00000000 ____D () C:\Program Files (x86)\Mailbird
2014-11-24 12:12 - 2014-11-24 12:12 - 45225960 _____ (Mailbird) C:\Users\Yo\Downloads\MailbirdOfflineInstaller.exe
2014-11-24 11:45 - 2014-11-24 02:07 - 00916024 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2014-11-24 11:44 - 2014-11-24 02:07 - 00128080 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2014-11-24 03:35 - 2014-11-24 03:35 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\Yo\Downloads\CG_5.0.14.7.exe
2014-11-24 03:07 - 2014-11-24 03:07 - 16724942 _____ () C:\Users\Yo\Downloads\HandBrake-0.10.0-x86_64-Win_GUI.exe
2014-11-24 02:07 - 2014-11-24 02:07 - 00141440 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2014-11-24 02:06 - 2014-11-24 02:06 - 00204264 _____ (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2014-11-24 02:06 - 2014-11-24 02:06 - 00156360 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2014-11-23 00:52 - 2014-11-23 07:59 - 00000000 ____D () C:\Users\Yo\AppData\Local\Tomahawk
2014-11-23 00:51 - 2014-11-23 00:52 - 00000000 ____D () C:\Program Files (x86)\Tomahawk
2014-11-22 12:49 - 2014-11-22 14:36 - 00000000 ____D () C:\Users\Yo\AppData\Local\Atraci
2014-11-22 12:49 - 2014-11-22 12:49 - 00001706 _____ () C:\Users\Yo\Desktop\Atraci.lnk
2014-11-22 12:48 - 2014-11-22 12:49 - 00000000 ____D () C:\Users\Yo\Desktop\Atraci
2014-11-22 11:32 - 2014-11-22 11:32 - 00000197 _____ () C:\Windows\System32\2014-11-22-19-32-19.082-AvastVBoxSVC.exe-5592.log
2014-11-22 10:42 - 2014-11-26 04:01 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-11-22 10:42 - 2014-11-22 10:43 - 00002960 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-11-22 10:42 - 2014-11-22 10:43 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-11-22 10:42 - 2014-11-22 10:42 - 00020160 _____ (Glarysoft Ltd) C:\Windows\System32\Drivers\GUBootStartup.sys
2014-11-22 10:42 - 2014-11-22 10:42 - 00002610 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-11-19 01:30 - 2014-11-10 19:08 - 00728064 ____N (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 01:30 - 2014-11-10 19:08 - 00241152 ____N (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-19 01:30 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 01:29 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 08:32 - 2014-11-26 21:29 - 00000000 ____D () C:\Users\Yo\AppData\Local\RescueTime.com
2014-11-18 08:32 - 2014-11-18 08:32 - 00000000 ____D () C:\Program Files (x86)\RescueTime
2014-11-17 02:26 - 2014-11-17 02:26 - 00000000 ____D () C:\Users\Yo\Desktop\WinDlg_v1_27
2014-11-16 10:01 - 2014-11-16 10:03 - 38852275 ____H () C:\Users\Yo\Downloads\vpngate-client-2014.11.17-build-9506.131126.zip
2014-11-16 04:46 - 2014-11-16 04:46 - 00792029 _____ () C:\Users\Yo\Downloads\CrashPlanFix-Windows.zip
2014-11-16 04:46 - 2014-11-16 04:46 - 00000000 ____D () C:\Users\Yo\Downloads\CrashPlanFix-Windows
2014-11-16 04:18 - 2014-11-16 04:18 - 00000770 _____ () C:\Users\Yo\Downloads\status_reports_2014-11-16T12-18-18+00-00.csv
2014-11-16 04:06 - 2014-11-16 04:30 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\S3Browser
2014-11-16 04:06 - 2014-11-16 04:06 - 00000000 ____D () C:\Program Files\S3 Browser
2014-11-16 03:53 - 2014-11-16 03:53 - 13898200 _____ () C:\Users\Yo\Downloads\CloudBerryOnlineBackupSetup_v3.9.6.31S3netv4.0.exe
2014-11-16 03:30 - 2014-11-16 03:30 - 09829948 _____ () C:\Users\Yo\Downloads\duplicati-latest.zip
2014-11-16 02:40 - 2014-11-16 12:01 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\FastGlacier
2014-11-16 02:40 - 2014-11-16 02:40 - 00000000 ____D () C:\Program Files\FastGlacier
2014-11-16 02:00 - 2014-11-16 02:00 - 00000000 ____D () C:\Program Files (x86)\Firefox Developer Edition
2014-11-15 08:49 - 2014-11-15 08:51 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-15 08:15 - 2014-11-15 08:15 - 00364512 ____N (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-15 08:15 - 2014-11-15 08:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-13 01:36 - 2014-11-13 01:37 - 00000000 ____D () C:\Users\Yo\Desktop\FirefoxPortable
2014-11-12 07:43 - 2014-11-12 07:44 - 00000000 ____D () C:\Users\Yo\Documents\AlephOne
2014-11-12 07:43 - 2014-11-12 07:43 - 00000000 ____D () C:\Users\Yo\AppData\Local\AlephOne
2014-11-12 00:08 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 00:08 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 00:08 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 00:08 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 00:07 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 00:07 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 00:07 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 00:07 - 2014-11-05 20:03 - 25110016 ____N (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 00:07 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 00:07 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 00:07 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 00:07 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 00:07 - 2014-11-05 19:43 - 02884096 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 00:07 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 00:07 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 00:07 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 00:07 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 00:07 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 00:07 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 00:07 - 2014-11-05 19:23 - 06040064 ____N (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 00:07 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 00:07 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 00:07 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 00:07 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 00:07 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 00:07 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 00:07 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 00:07 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 00:07 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 00:07 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 00:07 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 00:07 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 00:07 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 00:07 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 00:07 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 00:07 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 00:07 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 00:07 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 00:07 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 00:07 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-12 00:07 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 00:07 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 00:07 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 00:07 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 00:07 - 2014-11-05 18:30 - 14390272 ____N (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 00:07 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 00:07 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 00:07 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 00:07 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 00:07 - 2014-11-05 18:17 - 02365440 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 00:07 - 2014-11-05 18:04 - 01550336 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 00:07 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 00:07 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 00:07 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 00:07 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 00:07 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 00:07 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 00:07 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 00:07 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 00:07 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 00:07 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 00:07 - 2014-10-17 18:05 - 00861696 ____N (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 00:07 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 00:07 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 00:07 - 2014-10-13 18:13 - 00683520 ____N (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 00:07 - 2014-10-13 18:12 - 01460736 ____N (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 00:07 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 00:07 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 00:07 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 00:07 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 00:07 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 00:07 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 00:07 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 00:07 - 2014-10-02 18:12 - 00500224 ____N (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00680960 ____N (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00440832 ____N (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00296448 ____N (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 00:07 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 00:07 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 00:07 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 00:07 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00342016 ____N (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00314880 ____N (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00309760 ____N (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00210944 ____N (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00086528 ____N (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 00:07 - 2014-09-19 01:42 - 00022016 ____N (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 00:07 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 00:07 - 2014-08-20 22:43 - 01882624 ____N (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 00:07 - 2014-08-20 22:40 - 00002048 ____N (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 00:07 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 00:07 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 00:07 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 00:07 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 00:04 - 2014-10-13 18:13 - 03241984 ____N (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 00:04 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-09 05:43 - 2014-11-09 05:43 - 04968008 _____ (Resplendence Software Projects Sp. ) C:\Users\Yo\Downloads\RegistrarHomeV7.exe
2014-11-06 05:04 - 2014-11-06 05:04 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\TightVNC
2014-11-06 05:04 - 2014-11-06 05:04 - 00000000 ____D () C:\Program Files\TightVNC
2014-11-05 06:27 - 2014-11-05 06:27 - 00000000 ____D () C:\Users\Yo\Desktop\winmtr_bin_0.8
2014-11-05 06:26 - 2014-11-05 06:27 - 00000000 ____D () C:\Users\Yo\Desktop\multiping-v0.2
2014-11-04 23:34 - 2014-11-04 23:34 - 00000000 ____D () C:\ProgramData\Paessler
2014-11-04 23:34 - 2014-11-04 23:34 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-04 11:17 - 2014-11-05 01:05 - 00000470 _____ () C:\Users\Yo\_vim_mru_files
2014-11-04 09:06 - 2014-09-18 02:51 - 00001006 _____ () C:\Users\Yo\_vimrc.bak
2014-11-04 09:04 - 2014-11-04 10:15 - 00000000 ____D () C:\Users\Yo\vimfiles
2014-11-04 05:28 - 2014-11-04 05:28 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\RStudio
2014-11-04 05:26 - 2014-11-04 05:26 - 00000000 ____D () C:\Users\Yo\Documents\R
2014-11-04 05:25 - 2014-11-04 05:26 - 00000000 ____D () C:\Program Files\RStudio
2014-11-04 05:24 - 2014-11-04 05:24 - 00000000 ____D () C:\Program Files\R
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-26 21:29 - 2014-09-30 05:24 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\ProductData
2014-11-26 21:29 - 2014-08-07 04:41 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Everything
2014-11-26 21:29 - 2011-11-19 08:28 - 00000000 ____D () C:\Windows\System32\Macromed
2014-11-26 21:29 - 2011-05-25 04:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-26 21:29 - 2010-11-04 03:31 - 00000000 ____D () C:\Program Files (standalone)
2014-11-26 21:29 - 2010-08-24 00:37 - 00000000 ___RD () C:\Users\Yo\Dropbox
2014-11-26 21:29 - 2010-08-19 00:07 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Launchy
2014-11-26 21:29 - 2010-08-18 23:10 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-11-26 21:29 - 2010-08-18 22:43 - 00000000 ____D () C:\users\Yo
2014-11-26 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-11-26 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-26 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-11-26 19:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\SMI
2014-11-26 19:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-11-26 07:47 - 2010-08-18 03:14 - 01136666 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 07:46 - 2014-10-05 11:46 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Free Download Manager
2014-11-26 07:46 - 2013-03-05 02:56 - 00000028 _____ () C:\Users\Yo\AppData\Roaming\Network Meter_Usage.ini
2014-11-26 07:41 - 2010-08-18 23:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003UA.job
2014-11-26 07:27 - 2013-10-20 01:17 - 00194026 _____ () C:\Users\Yo\IP_Log_Data.js
2014-11-26 07:20 - 2013-08-19 22:49 - 00000008 __RSH () C:\Users\Yo\ntuser.pol
2014-11-26 07:19 - 2013-06-12 01:37 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-26 07:00 - 2013-07-25 00:47 - 00185983 _____ () C:\Users\Yo\Network_Meter_Data.js
2014-11-26 06:57 - 2014-08-11 05:52 - 00000876 _____ () C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003UA.job
2014-11-26 06:57 - 2014-08-11 05:52 - 00000824 _____ () C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003Core.job
2014-11-26 05:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\winevt
2014-11-26 05:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-11-26 04:02 - 2010-08-18 23:13 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Dropbox
2014-11-26 03:59 - 2010-11-29 23:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-26 03:51 - 2009-07-13 20:45 - 00026368 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 03:51 - 2009-07-13 20:45 - 00026368 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 03:41 - 2014-09-30 05:23 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-26 03:40 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 03:39 - 2013-01-17 06:19 - 00102859 _____ () C:\Windows\setupact.log
2014-11-25 14:50 - 2013-01-21 11:25 - 00167754 _____ () C:\Windows\PFRO.log
2014-11-25 14:42 - 2010-08-19 00:10 - 00000000 ____D () C:\Users\Yo\.VirtualBox
2014-11-25 10:41 - 2010-08-18 23:09 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3683066952-1858823872-378675339-1003Core.job
2014-11-25 09:17 - 2012-03-31 13:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 09:17 - 2011-05-17 01:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-23 12:16 - 2012-09-16 00:14 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\foobar2000
2014-11-23 08:40 - 2012-10-02 03:32 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Ketarin
2014-11-23 02:12 - 2013-07-04 02:39 - 00031616 _____ () C:\Windows\System32\FoolishEventLogMsgHelper.dll
2014-11-22 11:24 - 2012-06-18 01:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-22 11:03 - 2010-08-19 01:49 - 00007657 _____ () C:\Users\Yo\AppData\Local\resmon.resmoncfg
2014-11-22 11:02 - 2013-03-08 01:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-22 11:01 - 2014-10-21 01:00 - 00000000 ____D () C:\Program Files (x86)\LastPass
2014-11-22 10:59 - 2013-02-12 09:09 - 00000000 ____D () C:\Program Files\PeaZip
2014-11-22 10:43 - 2014-01-22 03:04 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-11-22 10:43 - 2010-11-20 08:16 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\GlarySoft
2014-11-22 10:42 - 2013-06-28 05:56 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-11-22 09:59 - 2010-10-31 00:25 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-11-22 09:23 - 2013-04-29 07:22 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2014-11-20 13:07 - 2011-01-27 07:44 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\MediaMonkey
2014-11-19 01:56 - 2012-03-20 12:24 - 00000000 ____D () C:\Users\Yo\AppData\Local\CrashDumps
2014-11-17 11:13 - 2010-08-19 07:59 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Thunderbird
2014-11-17 03:01 - 2010-08-19 00:16 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\Mozilla
2014-11-17 02:16 - 2014-06-22 00:50 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\uTorrent
2014-11-17 02:14 - 2010-09-11 11:29 - 00000000 ____D () C:\users\Guest
2014-11-16 11:46 - 2013-04-18 11:31 - 00093144 _____ () C:\Users\Yo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 09:16 - 2014-09-15 02:40 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-11-15 08:15 - 2014-04-21 10:26 - 00029208 ____N () C:\Windows\System32\Drivers\aswHwid.sys
2014-11-15 08:15 - 2013-12-24 04:50 - 00116728 ____N (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00436624 ____N (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00267632 ____N () C:\Windows\System32\Drivers\aswVmm.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00093568 ____N (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00083280 ____N (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-11-15 08:15 - 2013-04-29 07:22 - 00065776 ____N () C:\Windows\System32\Drivers\aswRvrt.sys
2014-11-13 00:25 - 2010-11-29 23:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 08:05 - 2010-08-19 06:21 - 00000000 ___RD () C:\Users\Yo\Virtual Machines
2014-11-12 03:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-11 08:05 - 2013-02-20 04:35 - 00008963 _____ () C:\Windows\LkmdfCoInst.log
2014-11-09 05:07 - 2012-01-15 02:45 - 00000000 ____D () C:\ProgramData\Logitech
2014-11-09 03:15 - 2014-07-14 08:23 - 00000000 ____D () C:\AdwCleaner
2014-11-09 02:19 - 2014-03-26 02:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 01:25 - 2014-10-05 11:45 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-11-08 09:26 - 2010-08-18 23:21 - 00000000 ____D () C:\Users\Yo\AppData\Local\Paint.NET
2014-11-06 10:20 - 2010-08-24 23:53 - 00000600 _____ () C:\Users\Yo\AppData\Local\PUTTY.RND
2014-11-06 04:59 - 2012-09-27 23:49 - 00000000 ____D () C:\Users\Yo\AppData\Roaming\mRemoteNG
2014-11-05 01:05 - 2014-08-07 06:31 - 00009211 ____H () C:\Users\Yo\_viminfo
2014-11-05 01:04 - 2014-09-18 02:15 - 00002759 _____ () C:\Users\Yo\_vimrc
2014-11-05 01:04 - 2014-02-04 03:03 - 00000000 ____D () C:\Temp
2014-11-05 00:30 - 2014-09-18 02:15 - 00002512 _____ () C:\Users\Yo\_vimrc~
2014-11-05 00:10 - 2010-11-12 01:46 - 00000000 ____D () C:\ProgramData\Temp
2014-11-04 23:34 - 2011-12-20 03:15 - 00001024 _____ () C:\.rnd
2014-11-04 11:21 - 2012-04-24 11:27 - 00000000 ___RD () C:\Users\Yo\Google Drive
2014-11-01 09:02 - 2013-03-01 02:44 - 00000000 ____D () C:\Users\Yo\AppData\Local\Skitch
 
Files to move or delete:
====================
C:\Users\Yo\IP_Log_Data.js
C:\Users\Yo\Network_Meter_Data.js
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
 
 
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
==================== Restore Points  =========================
 
Restore point made on: 2014-11-12 00:08:41
Restore point made on: 2014-11-15 08:14:17
Restore point made on: 2014-11-15 08:52:29
Restore point made on: 2014-11-16 08:54:47
Restore point made on: 2014-11-16 11:19:14
Restore point made on: 2014-11-19 01:31:05
Restore point made on: 2014-11-22 09:56:28
Restore point made on: 2014-11-22 10:12:32
Restore point made on: 2014-11-24 11:41:34
Restore point made on: 2014-11-24 12:08:16
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 6135.12 MB
Available physical RAM: 5298.18 MB
Total Pagefile: 6133.32 MB
Available Pagefile: 5286.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:203.09 GB) (Free:50.25 GB) NTFS
Drive e: () (Fixed) (Total:470 GB) (Free:154.88 GB) NTFS
Drive f: () (Fixed) (Total:228.32 GB) (Free:159.71 GB) NTFS
Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: (yug) (Removable) (Total:3.61 GB) (Free:3.37 GB) FAT32
Drive i: () (Removable) (Total:7.49 GB) (Free:4.3 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=203.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=470 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=228.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.6 GB) (Disk ID: 00014B5E)
Partition 1: (Active) - (Size=3.6 GB) - (Type=0C)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 021F0374)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-11-25 01:21
 
==================== End Of Log ============================

 


  • 0

#10
emeraldnzl
Posted 01 December 2014 - 02:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Before we move on.

I noticed some unusual things in your log.

Amongst other things you had a Windows password cracker program and Integrity Checks disabled. It means the BCD is changed to skip integrity checks at boot.

They may be innocent but I must ask you is that machine genuine or is a pirated Windows OS?

 


  • 0

Advertisements

#11
katchj
Posted 01 December 2014 - 03:18 PM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

It's totally legit copy of Windows.

 

I had used Easy RE to get out of  a startup repair loop when the system refused to load which may be why the checks are disabled.

( If you want me to try to take this up with them thats fine. )

 

The reason I posted here first was because from googling symptoms it seemed like I may have some sort of malware. I am usually pretty careful about what I install so it seemed a longshot but that was my thinking... 

 


  • 0

#12
emeraldnzl
Posted 01 December 2014 - 04:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Thank you. I just needed your answer on that.

Now

This is where I see things.

We have successfully replaced the missing file volsnap.sys.

We have tried a regback to see if the problems to the missing bootcat.cache were caused by registry corruption.

There are some other possibilities:.

I have seen it where an antivirus driver became corrupted and causes boot problems also where the AV has corrupted bootcat.cache.

I have also seen similar problems associated with a failing hard drive although you say you ran chkdsk without any alerts and that is a good sign.

We can rebuild the boot configuration data etc. but before we try that route I wonder whether we should try removing the Avast drivers and see if that will enable you to boot up. You can remove the remainder of Avast and re-install it afterwards.

Assuming you think that's worth a try, do this:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)
2014-11-15 08:15 - 2014-11-15 08:15 - 00364512 ____N (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-15 08:15 - 2014-11-15 08:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 09:23 - 2013-04-29 07:22 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also try a reboot and tell me if there has been any change.

 


  • 0

#13
katchj
Posted 01 December 2014 - 05:12 PM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thanks. 

 

I had recently installed the new Avast so that's a major candidate for the culprit.

I ran FRST

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01

Ran by SYSTEM at 2014-12-02 00:55:02 Run:3
Running from H:\tools
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-20] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-15] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-15] (Avast Software)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-15] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-15] ()
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-15] (Avast Software)
2014-11-15 08:15 - 2014-11-15 08:15 - 00364512 ____N (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-11-15 08:15 - 2014-11-15 08:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 09:23 - 2013-04-29 07:22 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => value deleted successfully.
avast! Antivirus => Service deleted successfully.
AvastVBoxSvc => Service deleted successfully.
aswHwid => Service deleted successfully.
aswMonFlt => Service deleted successfully.
aswRdr => Service deleted successfully.
aswRvrt => Service deleted successfully.
aswSnx => Service deleted successfully.
aswSP => Service deleted successfully.
aswStm => Service deleted successfully.
aswVmm => Service deleted successfully.
VBoxAswDrv => Service deleted successfully.
C:\Windows\System32\aswBoot.exe => Moved successfully.
C:\Windows\avastSS.scr => Moved successfully.
C:\Windows\System32\Drivers\aswsnx.sys => Moved successfully.
 
==== End of Fixlog ====

 

I then tried to reboot and there seems to be progress.

 

It stopped loading at the Windows Boot Manager (not blue screen this time )

"Windows failed to start..."

file: ACPI.sys

status 0xc000000f

"Critical system file is missing or corrupt"


  • 0

#14
emeraldnzl
Posted 01 December 2014 - 06:58 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

It stopped loading at the Windows Boot Manager (not blue screen this time )

"Windows failed to start..."

file: ACPI.sys

status 0xc000000f

"Critical system file is missing or corrupt"

 

I am leaning towards failing hard drive now.

 

We could try repairing your master boot record and building a new boot sector but if we do that you will lose the ability to run a factory reset which actually might be the better option if there are a swag of corrupted drivers.

 

Does that machine have a factory reset option or do you have the installation disk to use for a re-installation?

 

If you want to backup data before a re-installation I can give you some instructions to make a CD to help you access your files.

 

Also, if you want to check for a failing hard disk I can give you some instructions for creating a bootable DVD/CD to check your hard drive.

 

Tell me what you would like to do.


  • 0

#15
katchj
Posted 02 December 2014 - 02:28 PM

katchj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

I checked the drive with the WD software -long test- and it didn't find anything, so I guess its some form of reinstallation. I have an install disk.

 

if you think that just redoing the MBR will help lets do that.

I am planning on setting up a new install on a different partition soon, but if I can just boot into the old environment so that I can save whatever I can from the old one would be really helpful.  


  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP