Jump to content

MBAM Rootkit Problem?


Recommended Posts

I frequently get the MBAM was unable to load the Anti-Rootkit DDA Driver message. I reboot but eventually it comes back. I am wondering if I have a virus or something. Please help.

 

MBAM Premium comes back with clean Scan.

AVAST Internet Security 2015 come back with a clean scan

 

Windows 7 Professional SP!, 64bit

 

FRST.txt output

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Alan (administrator) on HOME on 30-12-2014 10:55:12
Running from C:\Users\Alan\Desktop\Virus Utilities
Loaded Profiles: Alan & Jennifer (Available profiles: Alan & Jennifer & Joshua & Sally & Music & HomeGroupUser$ & Mom)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CANON INC) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(CANON INC.) C:\Windows\System32\cnwiols6.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(CANON INC.) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Dropbox, Inc.) C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2014-05-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2014-05-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2014-05-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [CnwiDeviceAgent] => C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe [72024 2012-03-08] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309224 2012-09-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3755047688-3355164527-1304831305-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-3755047688-3355164527-1304831305-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3755047688-3355164527-1304831305-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-09-15] (Siber Systems)
HKU\S-1-5-21-3755047688-3355164527-1304831305-1003\...\MountPoints2: {badc6ebb-e9a9-11e3-9030-543530a4aa8c} - F:\LaunchU3.exe -a
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Music\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3755047688-3355164527-1304831305-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3755047688-3355164527-1304831305-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3755047688-3355164527-1304831305-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
HKU\S-1-5-21-3755047688-3355164527-1304831305-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3755047688-3355164527-1304831305-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3755047688-3355164527-1304831305-1001 -> {A12E9F5D-DCEE-44D9-B871-71053AF11F57} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3755047688-3355164527-1304831305-1001 -> {EE8BEB65-FFF5-4615-8590-1910323DD768} URL =
SearchScopes: HKU\S-1-5-21-3755047688-3355164527-1304831305-1003 -> DefaultScope {EE8BEB65-FFF5-4615-8590-1910323DD768} URL =
SearchScopes: HKU\S-1-5-21-3755047688-3355164527-1304831305-1003 -> {323F8398-E43E-4FCA-9833-89842930A548} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3755047688-3355164527-1304831305-1003 -> {EE8BEB65-FFF5-4615-8590-1910323DD768} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\SongbaseXP\Myocx\Msdxm.ocx (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3755047688-3355164527-1304831305-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3755047688-3355164527-1304831305-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://stjhs.webex.com/client/WBXclient-T28L10NSP12EP20-10001/webex/ieatgpc1.cab
Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\SongbaseXP\Myocx\Msdxm.ocx (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-24]

Chrome:
=======
CHR Profile: C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-28]
CHR Extension: (Google Drive) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-28]
CHR Extension: (Google Search) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-28]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-01]
CHR Extension: (Avast Online Security) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-28]
CHR Extension: (Gmail) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-28]
CHR Extension: (RoboForm) - C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-24] (Avast Software)
R2 Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [752472 2012-03-08] (CANON INC)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
S4 GSService; C:\Windows\SysWOW64\GSService.exe [443080 2013-12-16] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 iPFDeviceAgentService; C:\Windows\system32\cnwiols6.exe [206848 2012-01-17] (CANON INC.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2014-05-04] (Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2013-11-21] (SoftThinks SAS)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [288256 2009-06-29] (Conexant Systems, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-04] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-31] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-03-31] (Acronis International GmbH)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-24] (Avast Software)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-31] (Acronis International GmbH)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 14:55 - 2014-12-29 14:55 - 00000020 ___SH () C:\Users\HomeGroupUser$\ntuser.ini
2014-12-29 14:55 - 2014-12-29 14:55 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-12-29 14:55 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 14:55 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 10:04 - 2014-12-29 10:04 - 00000197 _____ () C:\Windows\system32\2014-12-29-18-04-23.051-AvastVBoxSVC.exe-1516.log
2014-12-29 00:50 - 2014-12-29 00:50 - 00000197 _____ () C:\Windows\system32\2014-12-29-08-50-08.023-AvastVBoxSVC.exe-5020.log
2014-12-28 18:30 - 2014-12-28 18:30 - 00000000 ____D () C:\Users\Joshua\Downloads\Lost_On_The_River_(Deluxe)
2014-12-28 18:29 - 2014-12-28 18:29 - 00000000 ____D () C:\Users\Joshua\Downloads\live_at_the_royal_albert_hall_digital_album
2014-12-28 18:25 - 2014-12-28 18:26 - 176117076 _____ () C:\Users\Joshua\Downloads\Lost_On_The_River_(Deluxe).zip
2014-12-28 18:19 - 2014-12-28 18:20 - 114568956 _____ () C:\Users\Joshua\Downloads\live_at_the_royal_albert_hall_digital_album.zip
2014-12-27 22:09 - 2014-12-27 22:09 - 00000197 _____ () C:\Windows\system32\2014-12-28-06-09-19.003-AvastVBoxSVC.exe-4148.log
2014-12-27 09:39 - 2014-12-27 09:39 - 00000197 _____ () C:\Windows\system32\2014-12-27-17-39-09.088-AvastVBoxSVC.exe-6212.log
2014-12-24 11:38 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-24 11:38 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-12-24 11:26 - 2014-12-24 11:26 - 00000197 _____ () C:\Windows\system32\2014-12-24-19-26-40.085-AvastVBoxSVC.exe-5972.log
2014-12-24 01:13 - 2014-12-24 01:13 - 00000247 _____ () C:\Windows\system32\2014-12-24-09-13-49.099-aswFe.exe-4968.log
2014-12-24 01:09 - 2014-12-24 01:13 - 00000247 _____ () C:\Windows\system32\2014-12-24-09-09-30.031-aswFe.exe-7700.log
2014-12-24 01:09 - 2014-12-24 01:09 - 00000197 _____ () C:\Windows\system32\2014-12-24-09-09-20.055-AvastVBoxSVC.exe-1272.log
2014-12-24 00:51 - 2014-12-24 00:51 - 00000197 _____ () C:\Windows\system32\2014-12-24-08-51-36.006-AvastVBoxSVC.exe-4260.log
2014-12-22 19:48 - 2014-12-22 19:48 - 00000000 ____D () C:\Program Files (x86)\FFmpeg for Audacity
2014-12-22 13:27 - 2014-12-22 13:27 - 00481083 _____ () C:\Users\Jennifer\Downloads\vintage_christmas (1).zip
2014-12-22 13:27 - 2014-12-22 13:27 - 00056538 _____ () C:\Users\Jennifer\Downloads\christmas_flakes.zip
2014-12-22 13:27 - 2014-12-22 13:27 - 00051100 _____ () C:\Users\Jennifer\Downloads\christmas_lights.zip
2014-12-22 13:26 - 2014-12-22 13:26 - 00481083 _____ () C:\Users\Jennifer\Downloads\vintage_christmas.zip
2014-12-22 13:26 - 2014-12-22 13:26 - 00083026 _____ () C:\Users\Jennifer\Downloads\candy_cane.zip
2014-12-22 13:26 - 2014-12-22 13:26 - 00063561 _____ () C:\Users\Jennifer\Downloads\christmaseve.zip
2014-12-22 13:26 - 2014-12-22 13:26 - 00013126 _____ () C:\Users\Jennifer\Downloads\pwchristmastinsel.zip
2014-12-22 11:18 - 2014-12-22 11:18 - 00008192 ___SH () C:\Users\Alan\Documents\Thumbs.db
2014-12-22 11:14 - 2014-12-22 11:17 - 01362476 _____ () C:\Users\Alan\Documents\Christmas2014_Most Wonderful.m2t.xmpses
2014-12-22 11:11 - 2014-12-22 11:11 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Mozilla
2014-12-21 11:40 - 2014-12-21 11:40 - 00000000 __SHD () C:\Users\Music\AppData\Local\EmieBrowserModeList
2014-12-21 11:27 - 2014-12-27 14:19 - 00000000 ____D () C:\Users\Music\AppData\Roaming\iolo
2014-12-21 09:34 - 2014-12-21 09:34 - 00000226 _____ () C:\Users\Alan\Desktop\Discover Card Shop Discover.url
2014-12-20 15:10 - 2014-12-29 19:06 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\iolo
2014-12-20 12:36 - 2014-12-20 12:38 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Stamps.com Internet Postage
2014-12-20 12:36 - 2014-12-20 12:36 - 00001084 _____ () C:\Users\Alan\Desktop\Stamps.com.lnk
2014-12-20 12:35 - 2014-12-20 12:36 - 00000036 ____H () C:\Windows\SysWOW64\f9t.dat
2014-12-20 12:35 - 2014-12-20 12:36 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stamps.com
2014-12-20 12:35 - 2014-12-20 12:36 - 00000000 ____D () C:\Program Files (x86)\Stamps.com Internet Postage
2014-12-20 12:35 - 2014-12-20 12:35 - 00000000 ____D () C:\Users\Alan\AppData\Local\{C6A6CCB8-6EAF-4F5C-98EC-350B88B73F34}
2014-12-20 12:35 - 2014-12-20 12:35 - 00000000 ____D () C:\ProgramData\{F3F3634B-3007-4C12-9A5E-96613A28F63B}
2014-12-20 12:35 - 2014-12-20 12:35 - 00000000 ____D () C:\ProgramData\{8C1C591D-720A-4A62-A419-9F74C2ECCCA8}
2014-12-20 12:33 - 2014-12-20 12:33 - 00000000 ____D () C:\Users\Alan\AppData\Local\Seven Zip
2014-12-18 20:18 - 2014-12-19 13:45 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\iolo
2014-12-18 20:18 - 2014-12-18 20:18 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieUserList
2014-12-18 20:18 - 2014-12-18 20:18 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieSiteList
2014-12-18 20:18 - 2014-12-18 20:18 - 00000000 __SHD () C:\Users\Mom\AppData\Local\EmieBrowserModeList
2014-12-18 19:39 - 2014-12-22 23:58 - 00129544 _____ () C:\Users\Mom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 19:39 - 2014-12-18 19:39 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Intel Corporation
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 __SHD () C:\Users\Mom\Documents\cache
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 ____D () C:\Users\Mom\Documents\Some Pictures of Alan_files
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 ____D () C:\Users\Mom\Documents\My RoboForm Data
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 ____D () C:\Users\Mom\Documents\Fax
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 ____D () C:\Users\Mom\Documents\CSU-Pomona Fees
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 ____D () C:\Users\Mom\Documents\Bluetooth Folder
2014-12-18 09:01 - 2014-12-18 09:01 - 00000000 ____D () C:\Users\Mom\Documents\Audible
2014-12-18 09:01 - 2014-08-05 17:08 - 00028453 _____ () C:\Users\Mom\Documents\Some Pictures of Alan.htm
2014-12-18 09:01 - 2013-06-04 23:13 - 00011776 ___SH () C:\Users\Mom\Documents\Thumbs.db
2014-12-18 09:01 - 2009-09-12 14:25 - 00002456 _____ () C:\Users\Mom\Documents\Sally's passwords 2008.pwt
2014-12-18 09:01 - 2008-02-02 19:12 - 00022337 _____ () C:\Users\Mom\Documents\Sally's passwords.pwt
2014-12-18 09:01 - 2006-08-17 09:28 - 00497664 _____ () C:\Users\Mom\Documents\TDS Dance Certificate - Girl 06.pub
2014-12-18 09:01 - 2006-08-17 09:13 - 00505344 _____ () C:\Users\Mom\Documents\TDS Dance Certificate - Boy 06.pub
2014-12-18 09:01 - 2005-07-24 15:45 - 00431616 _____ () C:\Users\Mom\Documents\TDS Attendance Certificate.pub
2014-12-18 09:01 - 2005-07-24 15:25 - 01162240 _____ () C:\Users\Mom\Documents\TDS Dance Certificate.pub
2014-12-18 09:00 - 2014-11-20 21:38 - 00659968 _____ () C:\Users\Mom\Downloads\MicrosoftFixit50195.msi
2014-12-18 09:00 - 2013-06-04 23:11 - 428345887 _____ () C:\Users\Mom\Documents\Porter Robinson - The Language Tour 2012 Mini Documentary.mp4
2014-12-18 09:00 - 2013-01-28 23:10 - 106494779 _____ () C:\Users\Mom\Downloads\Hummingbird Digital Album.zip
2014-12-18 09:00 - 2012-11-28 23:02 - 00003298 _____ () C:\Users\Mom\Documents\College Essay 1.txt
2014-12-18 09:00 - 2012-11-28 22:59 - 00001270 _____ () C:\Users\Mom\Documents\College Essay 2.txt
2014-12-18 09:00 - 2012-04-05 22:38 - 00001210 _____ () C:\Users\Mom\Desktop\Windows Fax and Scan.lnk
2014-12-18 09:00 - 2011-12-03 20:27 - 08145050 _____ () C:\Users\Mom\Downloads\SnowflakesAndFrost (1).themepack
2014-12-18 09:00 - 2011-12-03 20:26 - 09205655 _____ () C:\Users\Mom\Downloads\HolidayLights.themepack
2014-12-18 09:00 - 2011-12-03 20:25 - 08145050 _____ () C:\Users\Mom\Downloads\SnowflakesAndFrost.themepack
2014-12-18 09:00 - 2011-09-22 20:35 - 02852907 _____ () C:\Users\Mom\Documents\Josh Historu Powerpoint.pptx
2014-12-18 09:00 - 2011-09-15 16:39 - 38958968 _____ (Apple Inc.) C:\Users\Mom\Downloads\QuickTimeInstaller.exe
2014-12-18 09:00 - 2011-06-29 13:28 - 03696770 _____ () C:\Users\Mom\Downloads\gwave558.exe
2014-12-18 09:00 - 2011-06-29 13:18 - 03154009 _____ () C:\Users\Mom\Downloads\audacity-win-1.2.6.zip
2014-12-18 09:00 - 2011-06-29 13:18 - 02228534 _____ ( ) C:\Users\Mom\Downloads\audacity-win-1.2.6.exe
2014-12-18 09:00 - 2011-05-11 17:38 - 00009488 _____ () C:\Users\Mom\Documents\Copy of LS 301 Gender Study Data Sheet.xlsx
2014-12-18 09:00 - 2009-01-20 18:12 - 00028672 _____ () C:\Users\Mom\Documents\life without principle.ppt
2014-12-18 09:00 - 2005-07-23 21:15 - 01540608 _____ () C:\Users\Mom\Documents\CYAA BB Certificate.pub
2014-12-18 08:58 - 2014-12-18 19:51 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Apple Computer
2014-12-18 08:58 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\PFU
2014-12-18 08:58 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Logitech
2014-12-18 08:58 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\AVAST Software
2014-12-18 08:58 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\PowerDVD DX
2014-12-18 08:58 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\PFU
2014-12-18 08:58 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\Citrix
2014-12-18 08:57 - 2014-12-29 00:52 - 00000000 ____D () C:\Users\Mom\AppData\Local\Box Sync
2014-12-18 08:57 - 2014-12-19 19:03 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Adobe
2014-12-18 08:57 - 2014-12-19 19:03 - 00000000 ____D () C:\Users\Mom\AppData\Local\Adobe
2014-12-18 08:57 - 2014-12-18 08:58 - 00000000 ____D () C:\Users\Mom\AppData\Local\NVIDIA Corporation
2014-12-18 08:57 - 2014-12-18 08:57 - 00001419 _____ () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-18 08:57 - 2014-12-18 08:57 - 00000020 ___SH () C:\Users\Mom\ntuser.ini
2014-12-18 08:57 - 2014-12-18 08:57 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\ioloGovernor
2014-12-18 08:57 - 2014-12-18 08:57 - 00000000 ____D () C:\Users\Mom\AppData\Local\VirtualStore
2014-12-18 08:57 - 2014-12-18 08:57 - 00000000 ____D () C:\Users\Mom\AppData\Local\NVIDIA
2014-12-18 08:57 - 2014-12-18 08:57 - 00000000 ____D () C:\Users\Mom\AppData\Local\Google
2014-12-18 08:57 - 2014-12-18 08:57 - 00000000 ____D () C:\Users\Mom
2014-12-18 08:57 - 2014-04-02 16:26 - 00002261 _____ () C:\Users\Mom\Desktop\Google Chrome.lnk
2014-12-18 08:57 - 2014-03-29 23:43 - 00000000 ____D () C:\Users\Mom\AppData\Local\Microsoft Help
2014-12-18 08:57 - 2014-03-28 20:20 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Macromedia
2014-12-18 08:57 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-18 08:57 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-18 08:24 - 2014-12-18 08:25 - 00000247 _____ () C:\Windows\system32\2014-12-18-16-24-54.020-aswFe.exe-6176.log
2014-12-18 08:18 - 2014-12-18 08:24 - 00000247 _____ () C:\Windows\system32\2014-12-18-16-18-52.027-aswFe.exe-6440.log
2014-12-18 08:18 - 2014-12-18 08:18 - 00000197 _____ () C:\Windows\system32\2014-12-18-16-18-30.034-AvastVBoxSVC.exe-5408.log
2014-12-17 13:52 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 13:52 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 13:39 - 2014-12-17 13:39 - 00000197 _____ () C:\Windows\system32\2014-12-17-21-39-00.001-AvastVBoxSVC.exe-5976.log
2014-12-16 08:44 - 2014-12-16 08:44 - 00000197 _____ () C:\Windows\system32\2014-12-16-16-44-24.025-AvastVBoxSVC.exe-8464.log
2014-12-15 19:30 - 2014-12-15 19:31 - 127267957 _____ () C:\Users\Alan\Desktop\St. Joseph Hoag Health-HD.mp4
2014-12-14 13:50 - 2014-12-20 16:26 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-12-14 11:19 - 2014-12-14 11:19 - 00008785 _____ () C:\Users\Alan\Documents\Christmas 2014.xlsx
2014-12-14 11:04 - 2014-12-14 11:04 - 00000197 _____ () C:\Windows\system32\2014-12-14-19-04-21.000-AvastVBoxSVC.exe-7240.log
2014-12-13 03:19 - 2014-12-13 03:19 - 00000197 _____ () C:\Windows\system32\2014-12-13-11-19-19.078-AvastVBoxSVC.exe-4756.log
2014-12-13 01:23 - 2014-12-30 10:55 - 00000000 ____D () C:\FRST
2014-12-12 13:07 - 2014-12-12 13:07 - 00000197 _____ () C:\Windows\system32\2014-12-12-21-07-35.017-AvastVBoxSVC.exe-2392.log
2014-12-11 21:11 - 2014-12-11 21:11 - 00000175 _____ () C:\Users\Alan\Desktop\Presidential Memorial Certificates - National Cemetery Administration.url
2014-12-11 20:21 - 2014-12-12 13:47 - 00000000 ____D () C:\Users\Sally\AppData\Roaming\iolo
2014-12-11 20:03 - 2014-12-11 20:03 - 00000197 _____ () C:\Windows\system32\2014-12-12-04-03-38.069-AvastVBoxSVC.exe-5032.log
2014-12-11 15:02 - 2014-12-11 15:02 - 00000000 ____D () C:\Users\Music\AppData\Roaming\ioloGovernor
2014-12-11 14:59 - 2014-12-11 14:59 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\ioloGovernor
2014-12-11 09:26 - 2014-12-11 09:26 - 00000197 _____ () C:\Windows\system32\2014-12-11-17-26-10.094-AvastVBoxSVC.exe-4992.log
2014-12-11 09:22 - 2014-12-11 09:22 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 01:17 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 01:17 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 01:17 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 01:17 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 01:17 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 01:17 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 01:17 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 01:17 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 01:17 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 01:17 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 08:13 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 08:13 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 08:13 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 08:13 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 08:13 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 08:13 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 08:13 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 08:13 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 08:13 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 08:13 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 08:12 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 08:12 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 08:12 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 08:12 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 08:12 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 08:12 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 08:12 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 08:12 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 08:12 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 08:12 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 08:12 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 08:12 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 08:12 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 08:12 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 08:12 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 08:12 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 08:12 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 08:12 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 08:12 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 08:12 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 08:12 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 08:12 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 08:12 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 08:12 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 08:12 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 08:12 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 08:12 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 08:12 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 08:12 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 08:12 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 08:12 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 08:12 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 08:12 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 08:12 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 08:12 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 08:12 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 08:12 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 08:12 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 08:12 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 08:12 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 08:12 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 08:12 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 08:12 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 08:12 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 08:12 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 08:12 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 08:12 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 08:12 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 08:12 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 08:12 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 08:12 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 08:12 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 08:12 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 08:12 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 08:12 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 08:12 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 08:12 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 08:12 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 08:12 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 08:12 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 08:12 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 08:12 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 08:12 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 08:12 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 08:12 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 08:12 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 08:12 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 08:12 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 08:12 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 08:01 - 2014-12-10 08:01 - 00000197 _____ () C:\Windows\system32\2014-12-10-16-01-46.058-AvastVBoxSVC.exe-3232.log
2014-12-10 00:00 - 2014-12-17 19:25 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\iolo
2014-12-10 00:00 - 2014-12-10 00:00 - 00000197 _____ () C:\Windows\system32\2014-12-10-08-00-02.019-AvastVBoxSVC.exe-2996.log
2014-12-09 22:52 - 2014-12-09 22:52 - 00000197 _____ () C:\Windows\system32\2014-12-10-06-52-39.084-AvastVBoxSVC.exe-7412.log
2014-12-09 20:06 - 2014-12-30 10:55 - 00000000 ____D () C:\Users\Alan\Desktop\Virus Utilities
2014-12-09 10:18 - 2014-12-09 10:18 - 00000247 _____ () C:\Windows\system32\2014-12-09-18-18-51.040-aswFe.exe-9600.log
2014-12-09 10:11 - 2014-12-09 10:18 - 00000247 _____ () C:\Windows\system32\2014-12-09-18-11-39.037-aswFe.exe-6936.log
2014-12-09 10:11 - 2014-12-09 10:11 - 00000197 _____ () C:\Windows\system32\2014-12-09-18-11-28.028-AvastVBoxSVC.exe-9944.log
2014-12-09 08:37 - 2014-12-09 08:37 - 00000197 _____ () C:\Windows\system32\2014-12-09-16-37-09.031-AvastVBoxSVC.exe-5692.log
2014-12-08 23:27 - 2014-12-08 23:27 - 00000197 _____ () C:\Windows\system32\2014-12-09-07-27-36.019-AvastVBoxSVC.exe-7284.log
2014-12-08 23:22 - 2014-12-29 09:59 - 00041766 _____ () C:\Windows\PFRO.log
2014-12-08 22:40 - 2014-12-08 23:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-08 22:00 - 2014-12-08 22:00 - 00046928 _____ () C:\ComboFix.txt
2014-12-08 21:52 - 2014-12-08 21:52 - 00000197 _____ () C:\Windows\system32\2014-12-09-05-52-05.096-AvastVBoxSVC.exe-5708.log
2014-12-08 20:37 - 2014-12-08 22:00 - 00000000 ____D () C:\Qoobox
2014-12-08 20:37 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-08 20:37 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-08 20:37 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-08 20:37 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-08 20:37 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-08 20:37 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-08 20:37 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-08 20:37 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-08 20:23 - 2014-12-08 20:23 - 00000000 ___RD () C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-08 18:59 - 2014-12-08 18:59 - 00000000 ___RD () C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-08 18:45 - 2014-12-08 18:45 - 00000000 ____D () C:\Users\Joshua\Desktop\Ocean
2014-12-08 15:40 - 2014-12-08 15:40 - 00000197 _____ () C:\Windows\system32\2014-12-08-23-40-43.082-AvastVBoxSVC.exe-3864.log
2014-12-08 14:11 - 2014-12-08 14:11 - 00000406 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-12-08 14:06 - 2014-12-08 14:06 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-12-08 14:06 - 2014-12-08 14:06 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-12-08 14:06 - 2014-12-08 14:06 - 00001435 _____ () C:\Users\Alan\Desktop\LiveBoost.lnk
2014-12-08 14:06 - 2014-12-08 14:06 - 00001431 _____ () C:\Users\Alan\Desktop\System Mechanic.lnk
2014-12-08 14:06 - 2014-12-08 14:06 - 00000000 ____D () C:\Users\Sally\AppData\Roaming\ioloGovernor
2014-12-08 14:06 - 2014-12-08 14:06 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\ioloGovernor
2014-12-08 14:06 - 2014-12-08 14:06 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\ioloGovernor
2014-12-08 14:06 - 2014-12-08 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-12-08 14:06 - 2014-12-08 14:06 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-12-08 14:06 - 2014-12-08 14:06 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-12-08 14:06 - 2014-08-12 23:57 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2014-12-08 14:06 - 2014-08-12 23:57 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2014-12-08 14:06 - 2014-08-12 23:41 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2014-12-08 14:06 - 2014-08-12 23:41 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-12-08 14:06 - 2014-08-12 23:35 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-12-08 14:06 - 2014-08-12 23:35 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2014-12-08 14:06 - 2014-08-12 23:35 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2014-12-08 14:05 - 2014-12-08 14:05 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-12-08 14:05 - 2014-08-12 23:38 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-12-08 14:02 - 2014-12-08 16:01 - 00000000 ____D () C:\ProgramData\iolo
2014-12-08 14:02 - 2014-12-08 15:06 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\iolo
2014-12-08 11:43 - 2014-12-08 11:43 - 00000062 _____ () C:\Users\Public\Downloads\SYSTEM MECHANIC 14.txt
2014-12-07 16:32 - 2014-12-07 16:32 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2014-12-07 16:32 - 2014-12-07 16:32 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DMX Utilities
2014-12-07 16:32 - 2014-12-07 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMX Utilities
2014-12-07 16:32 - 2014-12-07 16:32 - 00000000 ____D () C:\Program Files (x86)\DMX Utilities
2014-12-07 16:31 - 2014-12-07 16:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-12-07 00:07 - 2014-12-07 00:07 - 00000000 ____D () C:\Users\Public\Downloads\TinyPix
2014-12-06 08:21 - 2014-12-06 08:21 - 00000197 _____ () C:\Windows\system32\2014-12-06-16-21-00.046-AvastVBoxSVC.exe-5956.log
2014-12-05 20:17 - 2014-12-05 20:17 - 00000197 _____ () C:\Windows\system32\2014-12-06-04-17-22.095-AvastVBoxSVC.exe-4932.log
2014-12-05 17:39 - 2014-12-05 17:39 - 00000000 ____D () C:\Users\Alan\Downloads\Grab Bag
2014-12-05 17:33 - 2014-12-05 17:37 - 217766292 _____ () C:\Users\Alan\Downloads\Grab Bag.zip
2014-12-05 16:37 - 2014-12-05 16:37 - 00000000 ___RD () C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-05 08:05 - 2014-12-05 08:05 - 00000247 _____ () C:\Windows\system32\2014-12-05-16-05-33.037-aswFe.exe-8240.log
2014-12-05 07:58 - 2014-12-05 08:05 - 00000247 _____ () C:\Windows\system32\2014-12-05-15-58-17.096-aswFe.exe-8452.log
2014-12-05 07:58 - 2014-12-05 07:58 - 00000197 _____ () C:\Windows\system32\2014-12-05-15-58-10.058-AvastVBoxSVC.exe-1048.log
2014-12-05 07:40 - 2014-12-05 07:41 - 00000197 _____ () C:\Windows\system32\2014-12-05-15-40-35.030-AvastVBoxSVC.exe-4848.log
2014-12-04 10:06 - 2014-12-04 10:06 - 00000247 _____ () C:\Windows\system32\2014-12-04-18-06-04.069-aswFe.exe-9204.log
2014-12-04 10:02 - 2014-12-04 10:05 - 00000247 _____ () C:\Windows\system32\2014-12-04-18-02-59.052-aswFe.exe-7624.log
2014-12-04 10:02 - 2014-12-04 10:02 - 00000197 _____ () C:\Windows\system32\2014-12-04-18-02-52.053-AvastVBoxSVC.exe-6888.log
2014-12-04 09:48 - 2014-12-04 09:48 - 00000000 ___RD () C:\Users\Music\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-12-04 09:42 - 2014-12-04 09:42 - 00000247 _____ () C:\Windows\system32\2014-12-04-17-42-04.064-aswFe.exe-11720.log
2014-12-04 09:41 - 2014-12-04 09:42 - 00000197 _____ () C:\Windows\system32\2014-12-04-17-41-59.072-AvastVBoxSVC.exe-1324.log
2014-12-04 09:25 - 2014-12-04 09:25 - 00000197 _____ () C:\Windows\system32\2014-12-04-17-25-10.031-AvastVBoxSVC.exe-6184.log
2014-12-03 18:36 - 2014-09-09 11:42 - 00307544 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll
2014-12-03 18:36 - 2014-09-09 11:42 - 00266064 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll
2014-12-03 18:36 - 2014-09-09 11:42 - 00265040 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll
2014-12-03 18:36 - 2014-09-09 11:42 - 00159568 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll
2014-12-03 18:36 - 2014-09-09 11:42 - 00098160 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys
2014-12-03 18:36 - 2014-09-09 11:42 - 00079872 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftser2k.sys
2014-12-03 18:36 - 2014-09-09 11:42 - 00066416 _____ (FTDI Ltd.) C:\Windows\system32\ftcserco.dll
2014-12-03 18:36 - 2014-09-09 11:42 - 00056688 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll
2014-12-03 10:45 - 2014-12-03 10:45 - 10281671 _____ () C:\Users\Alan\Downloads\Winter.themepack
2014-12-03 10:44 - 2014-12-03 10:44 - 09848819 _____ () C:\Users\Alan\Downloads\DeckingTheHalls.themepack
2014-12-03 10:44 - 2014-12-03 10:44 - 09205655 _____ () C:\Users\Alan\Downloads\HolidayLights.themepack
2014-12-03 10:44 - 2014-12-03 10:44 - 08965956 _____ () C:\Users\Alan\Downloads\DecoratingTheTrees.themepack
2014-12-03 10:43 - 2014-12-03 10:43 - 14979831 _____ () C:\Users\Alan\Downloads\PanoramicSnow.deskthemepack
2014-12-03 10:43 - 2014-12-03 10:43 - 13321769 _____ () C:\Users\Alan\Downloads\PanoramicMountains.deskthemepack
2014-12-03 10:43 - 2014-12-03 10:43 - 12757300 _____ () C:\Users\Alan\Downloads\PanoramicForests.deskthemepack
2014-12-03 10:43 - 2014-12-03 10:43 - 07528138 _____ () C:\Users\Alan\Downloads\PanoramicHorizons.deskthemepack
2014-12-03 08:52 - 2014-12-03 08:52 - 00000000 ____D () C:\Windows\pss
2014-12-01 23:20 - 2014-12-01 23:20 - 00000247 _____ () C:\Windows\system32\2014-12-02-07-20-05.069-aswFe.exe-6456.log
2014-12-01 23:15 - 2014-12-01 23:20 - 00000247 _____ () C:\Windows\system32\2014-12-02-07-15-31.038-aswFe.exe-8120.log
2014-12-01 23:15 - 2014-12-01 23:15 - 00000197 _____ () C:\Windows\system32\2014-12-02-07-15-05.089-AvastVBoxSVC.exe-6992.log
2014-12-01 22:19 - 2014-12-01 22:19 - 00000197 _____ () C:\Windows\system32\2014-12-02-06-19-16.060-AvastVBoxSVC.exe-3680.log
2014-12-01 08:07 - 2014-12-01 15:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\548650AB.sys
2014-12-01 08:07 - 2014-12-01 08:07 - 00000197 _____ () C:\Windows\system32\2014-12-01-16-07-57.050-AvastVBoxSVC.exe-6476.log
2014-11-30 10:40 - 2014-11-30 10:40 - 00000247 _____ () C:\Windows\system32\2014-11-30-18-40-30.060-aswFe.exe-10444.log
2014-11-30 10:36 - 2014-11-30 10:40 - 00000247 _____ () C:\Windows\system32\2014-11-30-18-36-07.017-aswFe.exe-13700.log
2014-11-30 10:36 - 2014-11-30 10:36 - 00000197 _____ () C:\Windows\system32\2014-11-30-18-36-00.001-AvastVBoxSVC.exe-3228.log
2014-11-30 10:02 - 2014-12-05 09:52 - 00002016 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-11-30 10:01 - 2014-11-30 10:01 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-30 10:01 - 2014-11-30 10:01 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-30 10:01 - 2014-11-24 09:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 10:38 - 2014-02-13 09:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 10:23 - 2014-03-28 20:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 07:44 - 2014-02-13 09:33 - 01199202 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 02:20 - 2014-03-29 15:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 22:23 - 2014-03-28 20:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 18:43 - 2014-05-04 07:57 - 00000350 _____ () C:\Windows\Tasks\powersuite_monitor.job
2014-12-29 16:05 - 2014-03-28 18:46 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-12-29 12:43 - 2014-03-29 14:04 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Audacity
2014-12-29 12:28 - 2014-03-28 20:02 - 00000000 ____D () C:\Users\Alan\AppData\Local\Microsoft Help
2014-12-29 10:32 - 2014-03-30 00:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-29 10:11 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 10:11 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 10:09 - 2014-02-13 09:51 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-12-29 10:05 - 2014-04-02 07:34 - 00000000 ___RD () C:\Users\Alan\Sync
2014-12-29 10:02 - 2014-03-29 14:11 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Dropbox
2014-12-29 10:02 - 2014-03-29 09:55 - 00000000 ___RD () C:\Users\Alan\Dropbox
2014-12-29 10:01 - 2014-11-24 09:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-29 10:00 - 2009-07-13 20:51 - 00109775 _____ () C:\Windows\setupact.log
2014-12-29 09:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 00:23 - 2014-04-01 07:28 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-12-29 00:23 - 2014-04-01 07:28 - 00003060 _____ () C:\Windows\LkmdfCoInst.log
2014-12-28 18:34 - 2009-07-13 21:13 - 00787758 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 18:12 - 2014-03-29 21:29 - 00129544 _____ () C:\Users\Joshua\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-27 22:46 - 2014-03-29 17:39 - 00000000 ____D () C:\Users\Alan\Documents\_PHOTO
2014-12-27 22:42 - 2014-11-05 21:19 - 00000000 ____D () C:\Users\Alan\AppData\Local\Box Sync
2014-12-27 14:19 - 2014-03-30 20:12 - 00129544 _____ () C:\Users\Music\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 11:36 - 2014-03-29 17:55 - 00000000 ____D () C:\Users\Alan\Documents\Receipts
2014-12-24 11:45 - 2014-03-29 14:32 - 00000000 ____D () C:\Program Files (x86)\Light-O-Rama
2014-12-24 11:37 - 2014-03-29 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Light-O-Rama
2014-12-23 15:21 - 2014-03-29 21:26 - 00129544 _____ () C:\Users\Jennifer\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-23 13:25 - 2014-03-29 14:06 - 00000000 ____D () C:\Users\Alan\AppData\Local\CrashDumps
2014-12-23 10:40 - 2009-07-13 20:45 - 05004040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-23 10:39 - 2014-02-13 09:38 - 00000000 ____D () C:\Windows\Options
2014-12-22 20:01 - 2014-03-29 14:04 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-12-22 20:01 - 2014-03-29 14:04 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-12-22 19:28 - 2014-03-29 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xLights
2014-12-22 19:28 - 2014-03-29 15:34 - 00000000 ____D () C:\Program Files (x86)\xLights
2014-12-22 19:22 - 2014-03-28 18:39 - 00129544 _____ () C:\Users\Alan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-22 10:43 - 2014-03-28 18:41 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Adobe
2014-12-21 23:48 - 2014-03-29 17:36 - 00000000 ____D () C:\Users\Alan\Documents\_COMPUTER
2014-12-21 23:19 - 2014-03-29 17:39 - 00000000 ____D () C:\Users\Alan\Documents\_Mom and Dad
2014-12-21 11:38 - 2014-08-12 20:27 - 00000000 ____D () C:\Program Files (x86)\TuneUpMedia
2014-12-21 11:37 - 2014-08-14 21:54 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\TuneUpMedia
2014-12-21 11:37 - 2014-08-13 21:50 - 00000000 ____D () C:\Users\Music\AppData\Roaming\TuneUpMedia
2014-12-21 11:37 - 2014-08-12 20:48 - 00000000 ____D () C:\Users\Joshua\AppData\Roaming\TuneUpMedia
2014-12-21 11:37 - 2014-08-12 20:27 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\TuneUpMedia
2014-12-21 11:32 - 2014-08-12 20:26 - 00000000 ____D () C:\ProgramData\TuneUpMedia
2014-12-20 22:05 - 2014-04-22 07:25 - 00000000 ____D () C:\Users\Public\_Costco Share
2014-12-20 18:42 - 2014-03-29 16:04 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Apple Computer
2014-12-20 16:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-20 12:27 - 2014-03-29 17:38 - 00000000 ____D () C:\Users\Alan\Documents\_Mammoth
2014-12-20 10:24 - 2014-03-29 08:50 - 00000000 ____D () C:\Users\Alan\Documents\Downloaded Programs and Updates
2014-12-18 08:57 - 2009-07-13 20:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-17 17:03 - 2014-11-05 23:14 - 00000000 ____D () C:\Users\Sally\AppData\Local\Box Sync
2014-12-16 21:47 - 2014-03-29 17:41 - 00000000 ____D () C:\Users\Alan\Documents\_WORK
2014-12-16 10:10 - 2014-11-02 19:01 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-12-16 09:23 - 2014-03-29 09:01 - 00000000 ____D () C:\VueScan
2014-12-13 20:30 - 2014-04-10 16:17 - 00000000 ____D () C:\Users\Sally\AppData\Local\CrashDumps
2014-12-13 08:47 - 2014-11-23 10:52 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-13 08:32 - 2014-03-28 20:42 - 00000000 ____D () C:\Users\Alan\AppData\Local\Apps\2.0
2014-12-13 04:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 01:03 - 2014-03-29 17:41 - 00000000 ____D () C:\Users\Alan\Documents\_SAFEKEEPING
2014-12-11 09:36 - 2014-03-29 14:17 - 00001014 _____ () C:\Users\Alan\Desktop\Dropbox.lnk
2014-12-11 09:36 - 2014-03-29 14:14 - 00000000 ____D () C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 09:22 - 2014-05-05 23:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 09:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 09:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 01:23 - 2014-03-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 01:23 - 2014-03-28 18:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 01:19 - 2014-03-28 18:59 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:44 - 2014-03-29 15:56 - 00000000 ____D () C:\Users\Alan\Documents\Quicken
2014-12-10 09:12 - 2014-02-13 09:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 00:01 - 2014-11-18 13:39 - 00000000 ____D () C:\Users\Joshua\AppData\Local\Box Sync
2014-12-09 20:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 20:13 - 2014-03-29 17:22 - 00000000 ____D () C:\Users\Alan\Documents\__TEMP HOLD
2014-12-09 11:38 - 2014-02-13 09:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 11:38 - 2014-02-13 09:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 11:38 - 2014-02-13 09:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 00:48 - 2014-03-29 17:50 - 00000000 ____D () C:\Users\Alan\Documents\My eBooks
2014-12-09 00:48 - 2014-03-29 08:21 - 00000000 ____D () C:\TValue5
2014-12-09 00:47 - 2014-05-31 19:01 - 00000000 ____D () C:\Users\Music\AppData\Local\CrashDumps
2014-12-09 00:47 - 2014-03-29 09:44 - 00000000 ____D () C:\Windows\Minidump
2014-12-08 22:00 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-12-08 21:57 - 2014-11-23 08:47 - 00000000 ____D () C:\Windows\ERDNT
2014-12-08 21:50 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-08 20:23 - 2014-03-28 18:42 - 00000000 ____D () C:\Users\Alan\Documents\Bluetooth Folder
2014-12-08 18:59 - 2014-03-29 21:11 - 00000000 ____D () C:\Users\Sally\Documents\Bluetooth Folder
2014-12-08 18:58 - 2014-03-29 09:31 - 00000000 ____D () C:\Users\Joshua\Documents\Bluetooth Folder
2014-12-08 15:06 - 2014-04-01 18:39 - 00000000 ___RD () C:\Users\Alan\Desktop\Christmas
2014-12-08 15:06 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-08 12:39 - 2014-03-29 17:37 - 00000000 ___RD () C:\Users\Alan\Documents\_HOME
2014-12-06 17:10 - 2014-03-29 13:49 - 00027270 _____ () C:\Windows\DPINST.LOG
2014-12-04 10:24 - 2014-03-29 17:37 - 00000000 ___RD () C:\Users\Alan\Documents\_FINANCE
2014-12-04 09:38 - 2014-03-29 09:31 - 00000000 ____D () C:\Users\Music\Documents\Bluetooth Folder
2014-12-04 09:25 - 2014-11-06 06:44 - 00000000 ____D () C:\Users\Music\AppData\Local\Box Sync
2014-12-03 18:44 - 2014-06-02 18:37 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-03 18:44 - 2014-03-29 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-03 18:44 - 2014-03-29 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-03 10:48 - 2014-09-14 18:33 - 00000000 ____D () C:\Users\Alan\Downloads\Themes
2014-11-30 18:57 - 2014-03-29 09:33 - 00000000 ____D () C:\Users\Jennifer\Documents\Bluetooth Folder
2014-11-30 15:37 - 2014-03-28 22:26 - 00000000 ____D () C:\Program Files\DIFX

Some content of TEMP:
====================
C:\Users\Alan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcbmrlw.dll
C:\Users\Music\AppData\Local\Temp\RegAsm.exe
C:\Users\Music\AppData\Local\Temp\UpdaterCopy.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 01:23

==================== End Of Log ============================

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites

I keep getting a message about the anti-rootkit driver not installing. Upon reboot it goes away but comes back. I downloaded the anti-rootkit tool from the site. Upon scan I get the message "DDA driver was not installed". I chose the option to load it on boot. Then a message follows that says "Could not install driver on boot. Scan can't continue". Any ideas? My fear is that I have some sort of rootkit malware.

 

Windows 7 64 bit

Malwarebytes Premium

Avast anti-virus

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Malwarebytes Anti Rootkit could not run. Message indicated DDA driver was not installed which can be caused by rootkit activity. When it attempted to load on boot I got could not install on boot. Scan can't continue. FRST logs attached.

system-log.txt

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED, Y:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9185390592

Downloaded database version: v2014.12.31.04

Downloaded database version: v2014.12.30.01

Downloaded database version: v2014.12.06.01

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED, Y:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9787027456

Downloaded database version: v2015.01.03.04

=======================================

Initializing...

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED, Y:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9961873408

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Addition.txt

FRST.txt

Link to post
Share on other sites

MBAM clean worked. Results below:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

Database version: v2015.01.03.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17501

Alan :: HOME [administrator]

1/3/2015 10:56:22 AM

mbar-log-2015-01-03 (10-56-22).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 603609

Time elapsed: 34 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKU\S-1-5-21-3755047688-3355164527-1304831305-1005_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [8a7b0ee58603d462b5b682809070c63a]

HKU\S-1-5-21-3755047688-3355164527-1304831305-1005_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ (Trojan.Poweliks) -> Delete on reboot. [877e20d391f8bd7993db936fca36dd23]

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED, Y:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9185390592

Downloaded database version: v2014.12.31.04

Downloaded database version: v2014.12.30.01

Downloaded database version: v2014.12.06.01

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED, Y:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9787027456

Downloaded database version: v2015.01.03.04

=======================================

Initializing...

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED, Y:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9961873408

=======================================

Initializing...

DDA Driver installation error.

Could not install driver on boot. Scan can't continue

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, U:\ DRIVE_FIXED

CPU speed: 3.092000 GHz

Memory total: 12833472512, free: 9925980160

Downloaded database version: v2015.01.03.05

Downloaded database version: v2015.01.03.06

Downloaded database version: v2015.01.03.07

Downloaded database version: v2015.01.03.08

Downloaded database version: v2015.01.03.09

=======================================

Initializing...

------------ Kernel report ------------

01/03/2015 10:55:42

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\iusb3hcs.sys

\SystemRoot\system32\DRIVERS\vidsflt.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStorA.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\aswNdisFlt.sys

\SystemRoot\system32\DRIVERS\vididr.sys

\SystemRoot\system32\DRIVERS\tib_mounter.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\tib.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\DRIVERS\snapman.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\drivers\iaStorF.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\DRIVERS\fltsrv.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\aswSnx.sys

\SystemRoot\system32\drivers\aswSP.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\drivers\aswKbd.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\aswRdr2.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\??\C:\Windows\system32\drivers\rawdsk3.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\iusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\TeeDriverx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\CAXHWBS3.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\drivers\SndTAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\btath_bus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\drivers\nvvad64v.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\DRIVERS\iusb3hub.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_iaStorA.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\RtsUStor.sys

\SystemRoot\system32\DRIVERS\btfilter.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\LMouFilt.Sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\DRIVERS\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btath_rcp.sys

\SystemRoot\system32\drivers\btath_avdt.sys

\SystemRoot\system32\drivers\btath_a2dp.sys

\SystemRoot\system32\DRIVERS\btath_hcrp.sys

\SystemRoot\system32\DRIVERS\btath_flt.sys

\SystemRoot\system32\DRIVERS\btath_lwflt.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\DRIVERS\PDFsFilter.sys

\SystemRoot\system32\drivers\aswStm.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\aswHwid.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys

\SystemRoot\system32\DRIVERS\XAudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\afcdp.sys

\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\rpcrt4.dll

\Windows\System32\user32.dll

\Windows\System32\advapi32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\shell32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\ws2_32.dll

\Windows\System32\iertutil.dll

\Windows\System32\clbcatq.dll

\Windows\System32\kernel32.dll

\Windows\System32\sechost.dll

\Windows\System32\nsi.dll

\Windows\System32\lpk.dll

\Windows\System32\difxapi.dll

\Windows\System32\imm32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\usp10.dll

\Windows\System32\imagehlp.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\urlmon.dll

\Windows\System32\psapi.dll

\Windows\System32\msctf.dll

\Windows\System32\ole32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\wininet.dll

\Windows\System32\normaliz.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\userenv.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\msasn1.dll

\Windows\System32\profapi.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800e8a9790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000aa\

Lower Device Object: 0xfffffa800e70fb60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800cb23790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000072\

Lower Device Object: 0xfffffa800a2079c0

Lower Device Driver Name: \Driver\iaStorA\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800ca19790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000006f\

Lower Device Object: 0xfffffa800a1df2a0

Lower Device Driver Name: \Driver\iaStorA\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800ca19790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800a45eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800ca19790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800a45bae0, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa800a45a8d0, DeviceName: Unknown, DriverName: \Driver\iaStorF\

DevicePointer: 0xfffffa800a1df2a0, DeviceName: \Device\0000006f\, DriverName: \Driver\iaStorA\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 691D303E

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 81920 Numsec = 45436928

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 45518848 Numsec = 1908002816

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800cb23790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800a464b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800cb23790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800a45e950, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa800a45fc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\

DevicePointer: 0xfffffa800a2079c0, DeviceName: \Device\00000072\, DriverName: \Driver\iaStorA\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 3649D48A

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 3907024896

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa800e8a9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800e71bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800e8a9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800e6fbe00, DeviceName: Unknown, DriverName: \Driver\vidsflt\

DevicePointer: 0xfffffa800e714c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\

DevicePointer: 0xfffffa800e70fb60, DeviceName: \Device\000000aa\, DriverName: \Driver\USBSTOR\

------------ End ----------

Infected: HKU\S-1-5-21-3755047688-3355164527-1304831305-1005_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]

Infected: HKU\S-1-5-21-3755047688-3355164527-1304831305-1005_Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\LOCALSERVER32\^ --> [Trojan.Poweliks]

Scan finished

Creating System Restore point...

Cleaning up...

Executing an action cmd.exe...

Success!

Executing an action cmd.exe...

Success!

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

mbar-log-2015-01-03 (10-56-22).txt

system-log.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.