Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 64-bit Sony Vaio stalls on boot after aswrvrt.sys


  • This topic is locked This topic is locked
140 replies to this topic

#1 WheresMyOS

WheresMyOS

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 30 July 2013 - 01:59 AM

I first posted this provlem in the Win 7 forum, but I am moving to this forum because the problem may be malware-related. I had suspected that the problem was related to a Windows update because the computer stopped working in the process of installing a Windows update.

 

The computer is a Sony VAIO E series, model VPCEB33FM. It's running Windows 7 64-bit. It has Avast free, Threatfire, and a firewall. It's been running smoothly til now.

 

The computer started installing the Windows updates the 2nd Tues in July, shut down to finish the updates, and wouldn't boot to windows when I turned it back on. The VAIO screen appeared, it looked like the computer was starting to boot, and then it went to black screen, no cursor. The computer wouldn't boot to safe mode, last known good configuration didn't help, startup repair wasn't able to fix the computer, restoring to a previous point isn't offered except through Startup Repair, and it can't find a restore point. Hard drive tests showed no errors. Booting with command prompt showed aswrvrt.sys and then stalled and went to black screen.

I tried rebooting with a recovery disk (first disk of 3 created through a wizard when I first got the computer) and was not able to boot to Windows. Someone gave me Hiren's boot disk14-something and I've been able to boot to mini WinXP with that and open RegEdit; it offers to merge my registry backup but I didn't know if that was a good idea. Using Avast's uninstall utility deleted the program folder but didn't change the boot problem. I tried using Farbar and created a fix file to take out aswrvrt.sys. Now my computer boots to VAIO rescue, which I guess is an improvement, but it tries startup repair and then wants to do a system recovery. Booting on command prompt goes shows that it now stalls at aaswVmm.sys.

 

Everything is backed up, and I've been vacillating between trying to fix the system or just start over, but it took me a lot of work to get my work environment set up on this computer and I'd like to restore the system if possible. I have recent registry backup files, if that helps. I figured I better stop tinkering with it and consult the experts, so here I am. I really appreciate your help!

 

I'm attaching a Farbar log; this scan was done after booting into mini WinXP from Hiren's boot disk.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 02 (ATTENTION: FRST version is 9 days old)
Ran by SYSTEM on 21-07-2013 19:15:54
Running from F:\
Windows 7 Home Premium (X86) OS Language:
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWirelessWiMAX] - "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-20] (Intel® Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-04] (Logitech, Inc.)
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [162584 2012-05-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386840 2012-05-01] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [417560 2012-05-01] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Runonce: [LogiSPSetupNeedReboot] - rundll32.exe [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\Aiden Admen\...\Run: [Best Buy pc app] - C:\Users\Aiden Admen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\HW\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\HW\...\Run: [KGShareApp] - C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [ 2012-10-11] (Eastman Kodak Company)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\HW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\HW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\HW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [256904 2013-06-12] (Adobe Systems Incorporated)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-22] (Apple Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-19] (Microsoft Corporation)
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2010-05-01] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2010-05-01] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-23] (Google)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-30] (Hewlett-Packard Co.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2010-03-04] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-05] (Microsoft Corporation)
S2 IDVaultSvc; C:\Program Files (x86)\ID Vault\IDVaultSvc.exe [42312 2010-12-04] (White Sky, Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.)
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [268824 2010-05-28] (Intel Corporation)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-27] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-02] (Mozilla Foundation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [47104 2011-02-15] ()
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [369352 2011-03-03] (Privacyware/PWI, Inc.)
S2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [367456 2010-06-01] (Sony Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-18] (Puran Software)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-03-01] (Skype Technologies)
S3 SOHCImp; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [108400 2010-06-21] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [423280 2010-06-18] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [67952 2010-06-21] (Sony Corporation)
S3 SpfService; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [304496 2010-06-07] (Sony Corporation)
S2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2320920 2010-05-28] (Intel Corporation)
S2 VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [217968 2010-06-01] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [537456 2010-06-09] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [384880 2010-06-09] (Sony Corporation)
S3 VcmXmlIfHelper; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [101232 2010-06-09] (Sony Corporation)
S3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [54760 2012-10-12] (Sony Corporation)
S2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-09] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation)
S2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-10-30] (Tablet Driver)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [x]
S2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1573888 2010-05-31] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [71168 2010-05-17] (Intel Corporation)
S3 bpmp; C:\Windows\System32\DRIVERS\bpmp.sys [175104 2010-05-17] (Intel Corporation)
S3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81920 2010-05-17] (Intel Corporation)
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-10] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-05-28] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10629184 2012-05-01] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2357024 2010-05-31] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 LEqdUsb; C:\Windows\System32\DRIVERS\LEqdUsb.Sys [79240 2013-01-03] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\DRIVERS\LHidEqd.Sys [15752 2013-01-03] (Logitech, Inc.)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [72216 2013-04-30] (LogMeIn, Inc.)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [61832 2013-01-03] (Logitech, Inc.)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [7821312 2010-07-14] (Intel Corporation)
S3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [27304 2012-12-31] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [17064 2012-12-31] (PenTablet Driver)
S1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [106280 2011-01-31] (Privacyware/PWI, Inc.)
S2 rimspci; C:\Windows\system32\drivers\rimssne64.sys [94208 2010-06-23] (REDC)
S2 risdsnpe; C:\Windows\system32\drivers\risdsne64.sys [78848 2010-06-23] (REDC)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [27304 2012-12-31] (Tablet Driver)
S0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
S3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
S0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [22696 2012-12-31] (Tablet Driver)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.)
S3 wdkmd; C:\Windows\System32\DRIVERS\WDKMD.sys [39832 2010-04-16] (Intel Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [402720 2010-05-31] (Marvell)
S4 LMIRfsClientNP; No ImagePath
S2 MSSQL$DDNI;
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys
C:\Windows\System32\drivers\ACPI.sys
C:\Windows\system32\drivers\acpipmi.sys
C:\Windows\system32\DRIVERS\adp94xx.sys
C:\Windows\system32\DRIVERS\adpahci.sys
C:\Windows\system32\DRIVERS\adpu320.sys
C:\Windows\system32\drivers\afd.sys
C:\Windows\system32\drivers\agp440.sys
C:\Windows\system32\drivers\aliide.sys
C:\Windows\system32\drivers\amdide.sys
C:\Windows\system32\drivers\amdk8.sys
C:\Windows\system32\drivers\amdppm.sys
C:\Windows\system32\drivers\amdsata.sys
C:\Windows\system32\DRIVERS\amdsbs.sys
C:\Windows\System32\drivers\amdxata.sys
C:\Windows\System32\DRIVERS\Apfiltr.sys
C:\Windows\system32\drivers\appid.sys
C:\Windows\system32\DRIVERS\arc.sys
C:\Windows\system32\DRIVERS\arcsas.sys
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
C:\Windows\System32\DRIVERS\asyncmac.sys
C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\DRIVERS\athrx.sys
C:\Windows\System32\DRIVERS\atikmdag.sys
C:\Windows\system32\drivers\bxvbda.sys
C:\Windows\System32\DRIVERS\b57nd60a.sys
C:\Windows\System32\Drivers\Beep.sys
C:\Windows\system32\drivers\blbdrive.sys
C:\Windows\System32\DRIVERS\bowser.sys
C:\Windows\System32\DRIVERS\bpenum.sys
C:\Windows\System32\DRIVERS\bpmp.sys
C:\Windows\System32\Drivers\bpusb.sys
C:\Windows\system32\drivers\BrFiltLo.sys
C:\Windows\system32\drivers\BrFiltUp.sys
C:\Windows\System32\Drivers\Brserid.sys
C:\Windows\System32\Drivers\BrSerWdm.sys
C:\Windows\System32\Drivers\BrUsbMdm.sys
C:\Windows\System32\Drivers\BrUsbSer.sys
C:\Windows\system32\drivers\BthEnum.sys
C:\Windows\system32\drivers\bthmodem.sys
C:\Windows\System32\DRIVERS\bthpan.sys
C:\Windows\System32\Drivers\BTHport.sys
C:\Windows\System32\Drivers\BTHUSB.sys
C:\Windows\System32\drivers\btusbflt.sys
C:\Windows\System32\drivers\btwaudio.sys
C:\Windows\System32\DRIVERS\btwavdt.sys
C:\Windows\System32\DRIVERS\btwl2cap.sys
C:\Windows\System32\DRIVERS\btwrchid.sys
C:\Windows\System32\DRIVERS\cbfs3.sys
C:\Windows\System32\DRIVERS\cdfs.sys
C:\Windows\system32\drivers\cdrom.sys
C:\Windows\system32\drivers\circlass.sys
C:\Windows\System32\CLFS.sys
C:\Windows\system32\drivers\CmBatt.sys
C:\Windows\system32\drivers\cmdide.sys
C:\Windows\System32\Drivers\cng.sys
C:\Windows\System32\drivers\compbatt.sys
C:\Windows\system32\drivers\CompositeBus.sys
C:\Windows\system32\drivers\crcdisk.sys
C:\Windows\System32\Drivers\dfsc.sys
C:\Windows\System32\drivers\discache.sys
C:\Windows\System32\drivers\disk.sys
C:\Windows\System32\DRIVERS\Dot4.sys
C:\Windows\System32\DRIVERS\Dot4Prt.sys
C:\Windows\System32\DRIVERS\dot4usb.sys
C:\Windows\System32\drivers\drmkaud.sys
C:\Windows\System32\drivers\dxgkrnl.sys
C:\Windows\system32\drivers\evbda.sys
C:\Windows\system32\DRIVERS\elxstor.sys
C:\Windows\system32\drivers\errdev.sys
C:\Windows\System32\Drivers\exfat.sys
C:\Windows\System32\Drivers\fastfat.sys
C:\Windows\system32\drivers\fdc.sys
C:\Windows\System32\drivers\fileinfo.sys
C:\Windows\System32\drivers\filetrace.sys
C:\Windows\system32\drivers\flpydisk.sys
C:\Windows\System32\drivers\fltmgr.sys
C:\Windows\System32\drivers\FsDepends.sys
C:\Windows\System32\Drivers\Fs_Rec.sys
C:\Windows\System32\DRIVERS\fvevol.sys
C:\Windows\system32\drivers\gagp30kx.sys
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys
C:\Windows\system32\drivers\hcw85cir.sys
C:\Windows\system32\drivers\HdAudio.sys
C:\Windows\system32\drivers\HDAudBus.sys
C:\Windows\System32\DRIVERS\HECIx64.sys
C:\Windows\system32\drivers\HidBatt.sys
C:\Windows\system32\drivers\hidbth.sys
C:\Windows\system32\drivers\hidir.sys
C:\Windows\System32\DRIVERS\hidusb.sys
C:\Windows\system32\drivers\HpSAMD.sys
C:\Windows\System32\drivers\HTTP.sys
C:\Windows\System32\drivers\hwpolicy.sys
C:\Windows\system32\drivers\i8042prt.sys
C:\Windows\System32\drivers\iaStor.sys
C:\Windows\system32\drivers\iaStorV.sys
C:\Windows\System32\DRIVERS\igdkmd64.sys
C:\Windows\system32\DRIVERS\iirsp.sys
C:\Windows\System32\DRIVERS\Impcd.sys
C:\Windows\System32\drivers\RTKVHD64.sys
C:\Windows\System32\DRIVERS\IntcDAud.sys
C:\Windows\system32\drivers\intelide.sys
C:\Windows\System32\DRIVERS\intelppm.sys
C:\Windows\System32\DRIVERS\ipfltdrv.sys
C:\Windows\system32\drivers\IPMIDrv.sys
C:\Windows\System32\drivers\ipnat.sys
C:\Windows\System32\drivers\irenum.sys
C:\Windows\system32\drivers\isapnp.sys
C:\Windows\system32\drivers\msiscsi.sys
C:\Windows\System32\DRIVERS\kbdclass.sys
C:\Windows\System32\DRIVERS\kbdhid.sys
C:\Windows\System32\Drivers\ksecdd.sys
C:\Windows\System32\Drivers\ksecpkg.sys
C:\Windows\system32\drivers\ksthunk.sys
C:\Windows\System32\DRIVERS\LEqdUsb.Sys
C:\Windows\System32\DRIVERS\LHidEqd.Sys
C:\Windows\System32\DRIVERS\LHidFilt.Sys
C:\Windows\System32\DRIVERS\lltdio.sys
C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
C:\Windows\System32\DRIVERS\lmimirr.sys
C:\Windows\system32\drivers\LMIRfsDriver.sys
C:\Windows\System32\DRIVERS\LMouFilt.Sys
C:\Windows\system32\DRIVERS\lsi_fc.sys
C:\Windows\system32\DRIVERS\lsi_sas.sys
C:\Windows\system32\DRIVERS\lsi_sas2.sys
C:\Windows\system32\DRIVERS\lsi_scsi.sys
C:\Windows\system32\drivers\luafv.sys
C:\Windows\system32\DRIVERS\megasas.sys
C:\Windows\system32\DRIVERS\MegaSR.sys
C:\Windows\System32\drivers\modem.sys
C:\Windows\System32\DRIVERS\monitor.sys
C:\Windows\System32\DRIVERS\mouclass.sys
C:\Windows\System32\DRIVERS\mouhid.sys
C:\Windows\System32\drivers\mountmgr.sys
C:\Windows\system32\drivers\mpio.sys
C:\Windows\System32\drivers\mpsdrv.sys
C:\Windows\system32\drivers\mrxdav.sys
C:\Windows\System32\DRIVERS\mrxsmb.sys
C:\Windows\System32\DRIVERS\mrxsmb10.sys
C:\Windows\System32\DRIVERS\mrxsmb20.sys
C:\Windows\system32\drivers\msahci.sys
C:\Windows\system32\drivers\msdsm.sys
C:\Windows\System32\Drivers\Msfs.sys
C:\Windows\System32\drivers\mshidkmdf.sys
C:\Windows\System32\drivers\msisadrv.sys
C:\Windows\System32\drivers\MSKSSRV.sys
C:\Windows\System32\drivers\MSPCLOCK.sys
C:\Windows\System32\drivers\MSPQM.sys
C:\Windows\System32\Drivers\MsRPC.sys
C:\Windows\system32\drivers\mssmbios.sys
C:\Windows\System32\drivers\MSTEE.sys
C:\Windows\system32\drivers\MTConfig.sys
C:\Windows\System32\Drivers\mup.sys
C:\Windows\System32\DRIVERS\nwifi.sys
C:\Windows\System32\drivers\ndis.sys
C:\Windows\System32\DRIVERS\ndiscap.sys
C:\Windows\System32\DRIVERS\ndistapi.sys
C:\Windows\System32\DRIVERS\ndisuio.sys
C:\Windows\System32\DRIVERS\ndiswan.sys
C:\Windows\System32\Drivers\NDProxy.sys
C:\Windows\System32\DRIVERS\netbios.sys
C:\Windows\System32\DRIVERS\netbt.sys
C:\Windows\System32\DRIVERS\NETw5s64.sys
C:\Windows\System32\DRIVERS\NETwNs64.sys
C:\Windows\system32\DRIVERS\nfrd960.sys
C:\Windows\System32\Drivers\Npfs.sys
C:\Windows\System32\drivers\nsiproxy.sys
C:\Windows\System32\Drivers\Ntfs.sys
C:\Windows\System32\Drivers\Null.sys
C:\Windows\system32\drivers\nvraid.sys
C:\Windows\system32\drivers\nvstor.sys
C:\Windows\system32\drivers\nv_agp.sys
C:\Windows\system32\drivers\ohci1394.sys
C:\Windows\system32\drivers\parport.sys
C:\Windows\System32\drivers\partmgr.sys
C:\Windows\System32\drivers\pci.sys
C:\Windows\system32\drivers\pciide.sys
C:\Windows\system32\drivers\pcmcia.sys
C:\Windows\System32\drivers\pcw.sys
C:\Windows\System32\drivers\peauth.sys
C:\Windows\System32\DRIVERS\raspptp.sys
C:\Windows\system32\drivers\processr.sys
C:\Windows\System32\DRIVERS\pacer.sys
C:\Windows\System32\DRIVERS\PTSimBus.sys
C:\Windows\System32\DRIVERS\PTSimHid.sys
C:\Windows\System32\DRIVERS\pwipf6.sys
C:\Windows\system32\DRIVERS\ql2300.sys
C:\Windows\system32\DRIVERS\ql40xx.sys
C:\Windows\system32\drivers\qwavedrv.sys
C:\Windows\System32\DRIVERS\rasacd.sys
C:\Windows\System32\DRIVERS\AgileVpn.sys
C:\Windows\System32\DRIVERS\rasl2tp.sys
C:\Windows\System32\DRIVERS\raspppoe.sys
C:\Windows\System32\DRIVERS\rassstp.sys
C:\Windows\System32\DRIVERS\rdbss.sys
C:\Windows\system32\drivers\rdpbus.sys
C:\Windows\System32\DRIVERS\RDPCDD.sys
C:\Windows\System32\drivers\rdpencdd.sys
C:\Windows\System32\drivers\rdprefmp.sys
C:\Windows\System32\Drivers\RDPWD.sys
C:\Windows\System32\drivers\rdyboost.sys
C:\Windows\System32\DRIVERS\rfcomm.sys
C:\Windows\system32\drivers\rimssne64.sys
C:\Windows\system32\drivers\risdsne64.sys
C:\Windows\System32\DRIVERS\rspndr.sys
C:\Windows\system32\drivers\sbp2port.sys
C:\Windows\System32\DRIVERS\scfilter.sys
C:\Windows\system32\drivers\sdbus.sys
C:\Windows\System32\Drivers\secdrv.sys
C:\Windows\system32\drivers\serenum.sys
C:\Windows\system32\DRIVERS\serial.sys
C:\Windows\system32\drivers\sermouse.sys
C:\Windows\System32\DRIVERS\SFEP.sys
C:\Windows\system32\drivers\sffdisk.sys
C:\Windows\system32\drivers\sffp_mmc.sys
C:\Windows\system32\drivers\sffp_sd.sys
C:\Windows\system32\drivers\sfloppy.sys
C:\Windows\system32\DRIVERS\SiSRaid2.sys
C:\Windows\system32\DRIVERS\sisraid4.sys
C:\Windows\System32\DRIVERS\smb.sys
C:\Windows\System32\Drivers\spldr.sys
C:\Windows\System32\DRIVERS\dccmtr.sys
C:\Windows\System32\DRIVERS\srv.sys
C:\Windows\System32\DRIVERS\srv2.sys
C:\Windows\System32\DRIVERS\srvnet.sys
C:\Windows\system32\DRIVERS\stexstor.sys
C:\Windows\System32\DRIVERS\serscan.sys
C:\Windows\system32\drivers\swenum.sys
C:\Windows\System32\DRIVERS\TClass2k.sys
C:\Windows\System32\drivers\tcpip.sys
C:\Windows\System32\DRIVERS\tcpip.sys
C:\Windows\System32\drivers\tcpipreg.sys
C:\Windows\System32\drivers\tdpipe.sys
C:\Windows\System32\drivers\tdtcp.sys
C:\Windows\System32\DRIVERS\tdx.sys
C:\Windows\system32\drivers\termdd.sys
C:\Windows\System32\drivers\TfFsMon.sys
C:\Windows\system32\drivers\TfNetMon.sys
C:\Windows\System32\drivers\TfSysMon.sys
C:\Windows\System32\DRIVERS\tssecsrv.sys
C:\Windows\System32\drivers\tsusbflt.sys
C:\Windows\System32\DRIVERS\tunnel.sys
C:\Windows\system32\drivers\uagp35.sys
C:\Windows\System32\DRIVERS\UCTblHid.sys
C:\Windows\System32\DRIVERS\udfs.sys
C:\Windows\system32\drivers\uliagpkx.sys
C:\Windows\System32\DRIVERS\umbus.sys
C:\Windows\system32\drivers\umpass.sys
C:\Windows\System32\Drivers\usbaapl64.sys
C:\Windows\System32\DRIVERS\usbccgp.sys
C:\Windows\system32\drivers\usbcir.sys
C:\Windows\system32\drivers\usbehci.sys
C:\Windows\System32\DRIVERS\usbhub.sys
C:\Windows\system32\drivers\usbohci.sys
C:\Windows\System32\DRIVERS\usbprint.sys
C:\Windows\System32\DRIVERS\usbscan.sys
C:\Windows\System32\DRIVERS\USBSTOR.SYS
C:\Windows\system32\drivers\usbuhci.sys
C:\Windows\System32\Drivers\usbvideo.sys
C:\Windows\System32\drivers\vdrvroot.sys
C:\Windows\System32\DRIVERS\vgapnp.sys
C:\Windows\System32\drivers\vga.sys
C:\Windows\system32\drivers\vhdmp.sys
C:\Windows\system32\drivers\viaide.sys
C:\Windows\System32\drivers\volmgr.sys
C:\Windows\System32\drivers\volmgrx.sys
C:\Windows\System32\drivers\volsnap.sys
C:\Windows\system32\DRIVERS\vsmraid.sys
C:\Windows\System32\DRIVERS\vwifibus.sys
C:\Windows\System32\DRIVERS\vwififlt.sys
C:\Windows\System32\DRIVERS\vwifimp.sys
C:\Windows\system32\drivers\wacompen.sys
C:\Windows\System32\DRIVERS\wanarp.sys
C:\Windows\System32\DRIVERS\wanarp.sys
C:\Windows\system32\DRIVERS\wd.sys
C:\Windows\System32\drivers\Wdf01000.sys
C:\Windows\System32\DRIVERS\WDKMD.sys
C:\Windows\System32\DRIVERS\wfplwf.sys
C:\Windows\System32\drivers\wimmount.sys
C:\Windows\System32\DRIVERS\WinUsb.sys
C:\Windows\system32\drivers\wmiacpi.sys
C:\Windows\system32\drivers\ws2ifsl.sys
C:\Windows\System32\DRIVERS\WSDPrint.sys
C:\Windows\System32\drivers\WudfPf.sys
C:\Windows\System32\DRIVERS\WUDFRd.sys
C:\Windows\System32\DRIVERS\yk62x64.sys

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 01:31 - 2013-07-13 01:31 - 00003352 ____N C:\bootsqm.dat
2013-07-12 21:50 - 2013-07-12 21:48 - 00377920 _____ (AVAST Software) C:\Users\HW\Desktop\aswclear.exe
2013-07-12 19:30 - 2013-07-12 19:30 - 00000000 ____D C:\FRST
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-07-11 07:02 - 2013-01-03 08:17 - 00077192 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LHidFilt.Sys
2013-07-11 07:02 - 2013-01-03 08:17 - 00061832 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LMouFilt.Sys
2013-07-11 07:00 - 2013-07-11 07:00 - 00001840 _____ C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
2013-07-11 07:00 - 2009-07-20 19:35 - 00096272 _____ (Logitech, Inc.) C:\Windows\System32\KemXML.dll
2013-07-11 07:00 - 2009-07-20 19:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\System32\KemUtil.dll
2013-07-11 07:00 - 2009-07-20 19:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\System32\kemutb.dll
2013-07-11 07:00 - 2009-07-20 19:34 - 00159248 _____ (Logitech, Inc.) C:\Windows\System32\KemWnd.dll
2013-07-11 07:00 - 2009-07-20 19:33 - 00190992 _____ (Broadcom Corporation.) C:\Windows\System32\BtCoreIf.dll
2013-07-11 06:59 - 2013-07-11 07:03 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-07-11 06:58 - 2013-07-11 06:58 - 00000000 ____D C:\Program Files\Logitech
2013-07-10 09:46 - 2013-06-11 23:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:46 - 2013-06-11 23:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 09:46 - 2013-06-07 03:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 09:46 - 2013-06-07 02:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-11 23:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 09:45 - 2013-06-11 23:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 09:45 - 2013-06-11 23:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 09:45 - 2013-06-11 23:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 09:45 - 2013-06-11 23:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 09:45 - 2013-06-11 22:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 09:45 - 2013-06-11 22:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 09:44 - 2013-06-11 23:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 06:10 - 2013-07-10 06:14 - 00000000 ____D C:\Users\HW\Downloads\Long-sleeve traditional salwar kameez (L)  Little India Salwar Boutique
2013-07-10 05:47 - 2013-06-05 03:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 05:47 - 2013-06-04 06:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 05:47 - 2013-06-04 04:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 05:47 - 2013-05-06 06:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 05:47 - 2013-05-06 04:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 05:46 - 2013-04-09 23:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 05:46 - 2013-04-02 22:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 22:29 - 2013-07-09 22:29 - 04558326 _____ C:\Users\HW\Downloads\uberInstall_4.80.5(2).exe
2013-07-09 22:28 - 2013-07-09 22:30 - 71448960 _____ (Logitech Inc.                                               ) C:\Users\HW\Downloads\setpoint480_x64(1).exe
2013-07-06 12:45 - 2013-07-06 12:46 - 00062513 _____ C:\Users\HW\Documents\vf1800.jpg.html
2013-07-04 17:45 - 2013-07-04 17:45 - 00001024 _____ C:\.rnd
2013-07-04 17:45 - 2013-07-04 17:45 - 00000000 ____D C:\Users\HW\AppData\Local\LogMeIn
2013-07-04 17:45 - 2013-06-08 06:28 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2013-07-04 17:45 - 2013-06-08 06:28 - 00100680 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2013-07-04 17:45 - 2013-06-08 06:28 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2013-07-04 17:45 - 2013-04-30 17:57 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\System32\Drivers\LMIRfsDriver.sys
2013-07-04 17:28 - 2013-07-04 17:28 - 20402176 _____ C:\Users\HW\Downloads\LogMeIn.msi
2013-07-03 10:00 - 2013-07-03 10:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 10:00 - 2013-07-03 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 10:00 - 2013-07-03 10:00 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 10:00 - 2013-07-03 10:00 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 10:00 - 2013-07-03 10:00 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 10:00 - 2013-07-03 10:00 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 10:00 - 2013-07-03 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 10:00 - 2013-07-03 10:00 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 10:00 - 2013-07-03 10:00 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 09:57 - 2013-07-03 10:04 - 00008121 _____ C:\Windows\IE10_main.log
2013-06-29 18:47 - 2013-06-29 18:47 - 00001897 _____ C:\Users\HW\Desktop\IrfanView Thumbnails.lnk
2013-06-29 18:47 - 2013-06-29 18:47 - 00001005 _____ C:\Users\HW\Desktop\IrfanView.lnk
2013-06-29 18:44 - 2013-06-29 18:45 - 01855072 _____ (Irfan Skiljan) C:\Users\HW\Downloads\iview436_setup.exe
2013-06-29 18:36 - 2013-06-29 18:40 - 01074980 _____ C:\Users\HW\Downloads\TextImagesEn(1).zip
2013-06-27 22:41 - 2013-06-27 22:41 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-26 19:44 - 2013-06-26 19:43 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 19:44 - 2013-06-26 19:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 19:44 - 2013-06-26 19:43 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 19:43 - 2013-06-26 19:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 18:21 - 2013-06-27 22:41 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-26 18:20 - 2013-06-27 22:41 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum

==================== One Month Modified Files and Folders =======

2013-07-13 01:31 - 2013-07-13 01:31 - 00003352 ____N C:\bootsqm.dat
2013-07-12 23:28 - 2011-04-14 03:33 - 00251620 _____ C:\Windows\PFRO.log
2013-07-12 23:07 - 2010-05-01 21:50 - 01552273 _____ C:\Windows\WindowsUpdate.log
2013-07-12 22:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 22:51 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 22:51 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 22:48 - 2009-07-14 03:20 - 00000000 ___RD C:\Program Files (x86)
2013-07-12 22:45 - 2009-07-14 05:13 - 00780194 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-12 22:38 - 2011-04-13 22:59 - 00164179 _____ C:\Windows\setupact.log
2013-07-12 22:38 - 2010-05-01 22:05 - 00000050 _____ C:\Windows\System32\SupplicantTest.log
2013-07-12 21:48 - 2013-07-12 21:50 - 00377920 _____ (AVAST Software) C:\Users\HW\Desktop\aswclear.exe
2013-07-12 19:33 - 2011-04-13 19:32 - 00000000 ____D C:\users\HW
2013-07-12 19:30 - 2013-07-12 19:30 - 00000000 ____D C:\FRST
2013-07-11 09:08 - 2011-04-13 22:46 - 00000000 ____D C:\Users\HW\AppData\Roaming\Dropbox
2013-07-11 07:13 - 2011-06-23 17:37 - 00000000 ____D C:\Users\HW\Documents\IT
2013-07-11 07:03 - 2013-07-11 06:59 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-07-11 07:02 - 2011-04-15 15:53 - 00071079 _____ C:\Windows\LDPINST.LOG
2013-07-11 07:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\DriverStore
2013-07-11 07:00 - 2013-07-11 07:00 - 00001840 _____ C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
2013-07-11 06:58 - 2013-07-11 06:58 - 00000000 ____D C:\Program Files\Logitech
2013-07-11 02:39 - 2011-04-15 15:50 - 00000000 ____D C:\Users\HW\AppData\Roaming\Logitech
2013-07-10 22:24 - 2009-07-14 04:45 - 00641376 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 22:21 - 2010-07-13 18:20 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:21 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64
2013-07-10 22:20 - 2013-03-13 10:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 09:49 - 2011-04-20 19:56 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 22:30 - 2013-07-09 22:28 - 71448960 _____ (Logitech Inc.                                               ) C:\Users\HW\Downloads\setpoint480_x64(1).exe
2013-07-09 22:29 - 2013-07-09 22:29 - 04558326 _____ C:\Users\HW\Downloads\uberInstall_4.80.5(2).exe
2013-07-09 22:17 - 2011-04-15 15:54 - 00009154 _____ C:\Windows\LkmdfCoInst.log
2013-07-09 21:42 - 2011-04-15 15:54 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-07-09 20:56 - 2013-07-09 20:56 - 04116816 _____ (Logitech Inc.) C:\Users\HW\Downloads\unifying210.exe
2013-07-06 12:46 - 2013-07-06 12:45 - 00062513 _____ C:\Users\HW\Documents\vf1800.jpg.html
2013-07-06 12:32 - 2011-04-13 21:08 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-04 17:45 - 2013-07-04 17:45 - 00001024 _____ C:\.rnd
2013-07-04 17:45 - 2013-07-04 17:45 - 00000000 ____D C:\Users\HW\AppData\Local\LogMeIn
2013-07-04 17:32 - 2011-11-18 08:55 - 00000000 ____D C:\Users\HW\AppData\Roaming\SlimBrowser
2013-07-04 17:28 - 2013-07-04 17:28 - 20402176 _____ C:\Users\HW\Downloads\LogMeIn.msi
2013-07-04 03:40 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-07-03 10:04 - 2013-07-03 09:57 - 00008121 _____ C:\Windows\IE10_main.log
2013-07-03 10:00 - 2013-07-03 10:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-03 10:00 - 2013-07-03 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 10:00 - 2013-07-03 10:00 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 10:00 - 2013-07-03 10:00 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-07-03 10:00 - 2013-07-03 10:00 - 01054720 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00905728 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-07-03 10:00 - 2013-07-03 10:00 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 10:00 - 2013-07-03 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00270848 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00216064 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-07-03 10:00 - 2013-07-03 10:00 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 10:00 - 2013-07-03 10:00 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 10:00 - 2013-07-03 10:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-07-03 10:00 - 2013-07-03 10:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-27 22:45 - 2011-05-12 08:57 - 00000000 ____D C:\Users\HW\Documents\Lightroom
2013-06-27 22:41 - 2013-06-27 22:41 - 00000175 _____ C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 22:41 - 2013-06-26 18:21 - 00000175 _____ C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 22:41 - 2013-06-26 18:20 - 00000175 _____ C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 22:41 - 2013-03-18 04:18 - 00189936 _____ C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 22:41 - 2011-04-13 21:08 - 01030952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 22:41 - 2011-04-13 21:08 - 00378944 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-26 19:43 - 2013-06-26 19:44 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 19:43 - 2013-06-26 19:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 19:43 - 2013-06-26 19:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 19:43 - 2013-06-26 19:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 19:43 - 2012-08-15 08:24 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-26 19:43 - 2010-05-01 22:13 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-26 23:03] - [2011-02-25 06:19] - 2871808 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[2011-08-03 19:38] - [2010-11-20 13:25] - 0390656 ____A (Microsoft Corporation)

C:\Windows\System32\wininit.exe
[2009-07-13 23:52] - [2009-07-14 01:39] - 0129024 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[2009-07-13 23:31] - [2009-07-14 01:39] - 0027136 ____A (Microsoft Corporation)

C:\Windows\System32\services.exe
[2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation)

C:\Windows\System32\User32.dll
[2011-08-03 19:38] - [2010-11-20 13:27] - 1008128 ____A (Microsoft Corporation)

C:\Windows\System32\userinit.exe
[2011-08-03 19:37] - [2010-11-20 13:25] - 0030720 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\volsnap.sys
[2011-08-03 19:38] - [2010-11-20 13:34] - 0295808 ____A (Microsoft Corporation)


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-21 18:12:27
Restore point made on: 2013-06-25 07:37:08
Restore point made on: 2013-06-26 19:40:45
Restore point made on: 2013-06-28 21:11:03
Restore point made on: 2013-07-02 20:10:36
Restore point made on: 2013-07-03 09:56:45
Restore point made on: 2013-07-04 17:43:44
Restore point made on: 2013-07-09 08:27:09
Restore point made on: 2013-07-10 09:31:50

==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3374.03 MB
Available physical RAM: 2858.39 MB
Total Pagefile: 3144.42 MB
Available Pagefile: 2060.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.05 MB

==================== Drives ================================

Drive b: (RamDrive) (Fixed) (Total:0.92 GB) (Free:0.91 GB) NTFS
Drive c: (Windows) (Fixed) (Total:287.8 GB) (Free:55.46 GB) NTFS
Drive e: (HBCD 14.1) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS
Drive f: (RFILES) (Fixed) (Total:14.74 GB) (Free:14.65 GB) FAT32
Drive x: (Mini Xp) (Fixed) (Total:0.23 GB) (Free:0.23 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 36A6D613)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: EA2B2893)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-07-04 01:38

==================== End Of Log ============================
 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 04 August 2013 - 02:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/502710 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 AM

Posted 04 August 2013 - 03:02 PM

Greetings WheresMyOS and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the below to get a fresh Farbar report.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 04 August 2013 - 06:32 PM

Hello, Gary; I'm Holly. Thank you for volunteering to help me out!

 

There are no changes from my original post. I'm pasting a Farbar log from today below.

 

A few details I should tell you:

 

The FRST scan was done from a thumb drive after booting to a mini-XP environment using Hiren's boot disk. (The computer can't boot on its own; as mentioned, neither Windows Repair or Windows Restore was successful.) I've been using the thumb drive to transfer logs from the VAIO to the HP computer I'm writing this on. AVG says the thumb drive is clean, for what that's worth. I wasn't considering malware when I first started using the thumb drive, because it seemed like a Windows update / AVG conflict.

 

I should also tell you that the VAIO shared a network with 2 HP computers--(internet access only, no network file sharing.) Both of the HP computers stalled to a black screen during the last Windows-update reboot process. Windows repair worked for both. (The VAIO crashed the same way on an earlier update, but Windows repair didn't help.) All three computers have shared docx, pdf, and jpg files through Dropbox.

 

The VAIO came with a recovery partition. I have the registry backups and recovery disks mentioned in my original post, but there is no Windows disk. On the Windows key sticker on the bottom of the laptop only the words "Sony" and "Microsoft" and some scratchy-looking barcodes are still legible (only 2 years, old, and treated with great care.) Someone gave me an "Ultimate Windows 7 Recovery CD" purchased from Amazon for $25, but I won't be trying it unless you recommend it. Everything on the VAIO is backed up to an external hard drive, so if the problem turns out to be malware, that might be infected too.

 

I would like to fix the VAIO system rather than recovering and having to reinstall everything. If that's not possible, I would like to find out whether whatever is causing the problem is a malware problem that would survive system recovery or transfer back from the external drive.

 

The FRST log is below. I've deleted some lines that identified specific, recognized work file downloads (pdf or jpg) and gave my email address. I would be happy to attach the unedited file if you prefer.

 

I await your instructions.

 

Thank you!!

 

Holly

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 02 (ATTENTION: FRST version is 23 days old)
Ran by SYSTEM on 04-08-2013 13:51:16
Running from F:\
Windows 7 Home Premium (X86) OS Language:
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.


ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3  [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - %ProgramFiles%\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWirelessWiMAX] - "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1931024 2010-07-20] (Intel® Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-04] (Logitech, Inc.)
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [162584 2012-05-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386840 2012-05-01] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [417560 2012-05-01] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Runonce: [LogiSPSetupNeedReboot] - rundll32.exe [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKU\Aiden Admen\...\Run: [Best Buy pc app] - C:\Users\Aiden Admen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\HW\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\HW\...\Run: [KGShareApp] - C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [ 2012-10-11] (Eastman Kodak Company)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\HW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\HW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\HW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

========================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-11] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [256904 2013-06-12] (Adobe Systems Incorporated)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-22] (Apple Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-19] (Microsoft Corporation)
S2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
S3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-05] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2010-05-01] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2010-05-01] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-23] (Google)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1043584 2010-01-30] (Hewlett-Packard Co.)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336 2010-03-04] (Intel Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-05] (Microsoft Corporation)
S2 IDVaultSvc; C:\Program Files (x86)\ID Vault\IDVaultSvc.exe [42312 2010-12-04] (White Sky, Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-08] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-08] (LogMeIn, Inc.)
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [268824 2010-05-28] (Intel Corporation)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-27] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-02] (Mozilla Foundation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-20] ()
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [47104 2011-02-15] ()
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [369352 2011-03-03] (Privacyware/PWI, Inc.)
S2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [367456 2010-06-01] (Sony Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-18] (Puran Software)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] ()
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [161384 2013-03-01] (Skype Technologies)
S3 SOHCImp; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [108400 2010-06-21] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [423280 2010-06-18] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [67952 2010-06-21] (Sony Corporation)
S3 SpfService; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [304496 2010-06-07] (Sony Corporation)
S2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2320920 2010-05-28] (Intel Corporation)
S2 VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [217968 2010-06-01] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [851824 2010-06-17] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [537456 2010-06-09] (Sony Corporation)
S3 VcmINSMgr; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [384880 2010-06-09] (Sony Corporation)
S3 VcmXmlIfHelper; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [101232 2010-06-09] (Sony Corporation)
S3 VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [54760 2012-10-12] (Sony Corporation)
S2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-09] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation)
S2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2009-10-30] (Tablet Driver)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [x]
S2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [x]

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1573888 2010-05-31] (Atheros Communications, Inc.)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [71168 2010-05-17] (Intel Corporation)
S3 bpmp; C:\Windows\System32\DRIVERS\bpmp.sys [175104 2010-05-17] (Intel Corporation)
S3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81920 2010-05-17] (Intel Corporation)
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-10] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-05-28] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10629184 2012-05-01] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2357024 2010-05-31] (Realtek Semiconductor Corp.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 LEqdUsb; C:\Windows\System32\DRIVERS\LEqdUsb.Sys [79240 2013-01-03] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\DRIVERS\LHidEqd.Sys [15752 2013-01-03] (Logitech, Inc.)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S2 LMIRfsDriver; C:\Windows\system32\drivers\LMIRfsDriver.sys [72216 2013-04-30] (LogMeIn, Inc.)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [61832 2013-01-03] (Logitech, Inc.)
S3 NETw5s64; C:\Windows\System32\DRIVERS\NETw5s64.sys [7689216 2010-05-31] (Intel Corporation)
S3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [7821312 2010-07-14] (Intel Corporation)
S3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [27304 2012-12-31] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [17064 2012-12-31] (PenTablet Driver)
S1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [106280 2011-01-31] (Privacyware/PWI, Inc.)
S2 rimspci; C:\Windows\system32\drivers\rimssne64.sys [94208 2010-06-23] (REDC)
S2 risdsnpe; C:\Windows\system32\drivers\risdsne64.sys [78848 2010-06-23] (REDC)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [27304 2012-12-31] (Tablet Driver)
S0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
S3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
S0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [22696 2012-12-31] (Tablet Driver)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.)
S3 wdkmd; C:\Windows\System32\DRIVERS\WDKMD.sys [39832 2010-04-16] (Intel Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [402720 2010-05-31] (Marvell)
S4 LMIRfsClientNP; No ImagePath
S2 MSSQL$DDNI;
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 01:31 - 2013-07-13 01:31 - 00003352 ____N C:\bootsqm.dat
2013-07-12 21:50 - 2013-07-12 21:48 - 00377920 _____ (AVAST Software) C:\Users\HW\Desktop\aswclear.exe
2013-07-12 19:30 - 2013-07-12 19:30 - 00000000 ____D C:\FRST
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-07-11 07:02 - 2013-01-03 08:17 - 00077192 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LHidFilt.Sys
2013-07-11 07:02 - 2013-01-03 08:17 - 00061832 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LMouFilt.Sys
2013-07-11 07:00 - 2013-07-11 07:00 - 00001840 _____ C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
2013-07-11 07:00 - 2009-07-20 19:35 - 00096272 _____ (Logitech, Inc.) C:\Windows\System32\KemXML.dll
2013-07-11 07:00 - 2009-07-20 19:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\System32\KemUtil.dll
2013-07-11 07:00 - 2009-07-20 19:34 - 00235536 _____ (Logitech, Inc.) C:\Windows\System32\kemutb.dll
2013-07-11 07:00 - 2009-07-20 19:34 - 00159248 _____ (Logitech, Inc.) C:\Windows\System32\KemWnd.dll
2013-07-11 07:00 - 2009-07-20 19:33 - 00190992 _____ (Broadcom Corporation.) C:\Windows\System32\BtCoreIf.dll
2013-07-11 06:59 - 2013-07-11 07:03 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-07-11 06:58 - 2013-07-11 06:58 - 00000000 ____D C:\Program Files\Logitech
2013-07-10 09:46 - 2013-06-11 23:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 09:46 - 2013-06-11 23:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 09:46 - 2013-06-07 03:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 09:46 - 2013-06-07 02:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 09:45 - 2013-06-11 23:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 09:45 - 2013-06-11 23:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 09:45 - 2013-06-11 23:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 09:45 - 2013-06-11 23:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 09:45 - 2013-06-11 23:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 09:45 - 2013-06-11 23:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 09:45 - 2013-06-11 23:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 09:45 - 2013-06-11 23:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 09:45 - 2013-06-11 22:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 09:45 - 2013-06-11 22:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 09:44 - 2013-06-11 23:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 05:47 - 2013-06-05 03:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 05:47 - 2013-06-04 06:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 05:47 - 2013-06-04 04:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 05:47 - 2013-05-06 06:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-10 05:47 - 2013-05-06 04:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 05:46 - 2013-04-09 23:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 05:46 - 2013-04-02 22:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 22:29 - 2013-07-09 22:29 - 04558326 _____ C:\Users\HW\Downloads\uberInstall_4.80.5(2).exe
2013-07-09 22:28 - 2013-07-09 22:30 - 71448960 _____ (Logitech Inc.                                               ) C:\Users\HW\Downloads\setpoint480_x64(1).exe
2013-07-09 20:56 - 2013-07-09 20:56 - 04116816 _____ (Logitech Inc.) C:\Users\HW\Downloads\unifying210.exe
2013-07-08 05:35 - 2013-07-08 05:36 - 00259109 _____ C:\Users\HW\Downloads\lincomp(1).xpi
2013-07-06 12:45 - 2013-07-06 12:46 - 00062513 _____ C:\Users\HW\Documents\vf1800.jpg.html

==================== One Month Modified Files and Folders =======

2013-07-13 01:31 - 2013-07-13 01:31 - 00003352 ____N C:\bootsqm.dat
2013-07-12 23:28 - 2011-04-14 03:33 - 00251620 _____ C:\Windows\PFRO.log
2013-07-12 23:07 - 2010-05-01 21:50 - 01552273 _____ C:\Windows\WindowsUpdate.log
2013-07-12 22:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 22:51 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 22:51 - 2009-07-14 04:45 - 00022976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 22:48 - 2009-07-14 03:20 - 00000000 ___RD C:\Program Files (x86)
2013-07-12 22:45 - 2009-07-14 05:13 - 00780194 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-12 22:38 - 2011-04-13 22:59 - 00164179 _____ C:\Windows\setupact.log
2013-07-12 22:38 - 2010-05-01 22:05 - 00000050 _____ C:\Windows\System32\SupplicantTest.log
2013-07-12 21:48 - 2013-07-12 21:50 - 00377920 _____ (AVAST Software) C:\Users\HW\Desktop\aswclear.exe
2013-07-12 19:33 - 2011-04-13 19:32 - 00000000 ____D C:\users\HW
2013-07-12 19:30 - 2013-07-12 19:30 - 00000000 ____D C:\FRST
2013-07-11 09:08 - 2011-04-13 22:46 - 00000000 ____D C:\Users\HW\AppData\Roaming\Dropbox
2013-07-11 07:13 - 2011-06-23 17:37 - 00000000 ____D C:\Users\HW\Documents\IT
2013-07-11 07:03 - 2013-07-11 06:59 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LMouFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_LHidFilt_01005.Wdf
2013-07-11 07:02 - 2013-07-11 07:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-07-11 07:02 - 2011-04-15 15:53 - 00071079 _____ C:\Windows\LDPINST.LOG
2013-07-11 07:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\DriverStore
2013-07-11 07:00 - 2013-07-11 07:00 - 00001840 _____ C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk
2013-07-11 06:58 - 2013-07-11 06:58 - 00000000 ____D C:\Program Files\Logitech
2013-07-11 03:24 - 2011-04-13 22:56 - 00000000 ___RD C:\Users\HW\Dropbox
2013-07-11 02:39 - 2011-04-15 15:50 - 00000000 ____D C:\Users\HW\AppData\Roaming\Logitech
2013-07-10 22:24 - 2009-07-14 04:45 - 00641376 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 22:21 - 2010-07-13 18:20 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:21 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:21 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64
2013-07-10 22:20 - 2013-03-13 10:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 09:49 - 2011-04-20 19:56 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 22:30 - 2013-07-09 22:28 - 71448960 _____ (Logitech Inc.                                               ) C:\Users\HW\Downloads\setpoint480_x64(1).exe
2013-07-09 22:29 - 2013-07-09 22:29 - 04558326 _____ C:\Users\HW\Downloads\uberInstall_4.80.5(2).exe
2013-07-09 22:17 - 2011-04-15 15:54 - 00009154 _____ C:\Windows\LkmdfCoInst.log
2013-07-09 21:42 - 2011-04-15 15:54 - 00018960 _____ (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-07-09 20:56 - 2013-07-09 20:56 - 04116816 _____ (Logitech Inc.) C:\Users\HW\Downloads\unifying210.exe
2013-07-08 05:36 - 2013-07-08 05:35 - 00259109 _____ C:\Users\HW\Downloads\lincomp(1).xpi
2013-07-06 12:46 - 2013-07-06 12:45 - 00062513 _____ C:\Users\HW\Documents\vf1800.jpg.html
2013-07-06 12:32 - 2011-04-13 21:08 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-05 02:14 - 2011-04-13 19:32 - 00000000 ____D C:\Users\HW\AppData\Local\Deployment

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-04-26 23:03] - [2011-02-25 06:19] - 2871808 ____A (Microsoft Corporation)

C:\Windows\System32\winlogon.exe
[2011-08-03 19:38] - [2010-11-20 13:25] - 0390656 ____A (Microsoft Corporation)

C:\Windows\System32\wininit.exe
[2009-07-13 23:52] - [2009-07-14 01:39] - 0129024 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[2009-07-13 23:31] - [2009-07-14 01:39] - 0027136 ____A (Microsoft Corporation)

C:\Windows\System32\services.exe
[2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation)

C:\Windows\System32\User32.dll
[2011-08-03 19:38] - [2010-11-20 13:27] - 1008128 ____A (Microsoft Corporation)

C:\Windows\System32\userinit.exe
[2011-08-03 19:37] - [2010-11-20 13:25] - 0030720 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\volsnap.sys
[2011-08-03 19:38] - [2010-11-20 13:34] - 0295808 ____A (Microsoft Corporation)


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-21 18:12:27
Restore point made on: 2013-06-25 07:37:08
Restore point made on: 2013-06-26 19:40:45
Restore point made on: 2013-06-28 21:11:03
Restore point made on: 2013-07-02 20:10:36
Restore point made on: 2013-07-03 09:56:45
Restore point made on: 2013-07-04 17:43:44
Restore point made on: 2013-07-09 08:27:09
Restore point made on: 2013-07-10 09:31:50

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3374.03 MB
Available physical RAM: 2954.02 MB
Total Pagefile: 3144.42 MB
Available Pagefile: 2130.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.05 MB

==================== Drives ================================

Drive b: (RamDrive) (Fixed) (Total:0.92 GB) (Free:0.91 GB) NTFS
Drive c: (Windows) (Fixed) (Total:287.8 GB) (Free:54.39 GB) NTFS
Drive e: (HBCD 14.1) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS
Drive f: (RFILES) (Fixed) (Total:14.74 GB) (Free:14.34 GB) FAT32
Drive x: (Mini Xp) (Fixed) (Total:0.23 GB) (Free:0.23 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 36A6D613)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: EA2B2893)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


LastRegBack: 2013-07-04 01:38

==================== End Of Log ============================

 

 

 

 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 AM

Posted 04 August 2013 - 07:33 PM

Hi Holly,

Are you saying you are unable to get to the System Recovery Options which would then show the Command Prompt?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 05 August 2013 - 03:16 AM

Hello. Yes, that is accurate.Without the boot CD, there are only two options:

 

F8 takes me to a menu where I can choose repair, but the only option in repair is startup repair, which fails.

 

F10 takes me to VAIO care, which offers to test the disk and or to start restoring factory settings.

 

The FRST log was created by booting with Hiren's boot disk, navigating through mini-XP to the thumb drive, and clicking on Farbar to run. I can also access a command prompt in c, a run dialogue, regedit, and misc dos programs--but have no idea if any of that would help.

 

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 AM

Posted 05 August 2013 - 08:31 AM

Hi Holly,

Thank you for the clarification. Please do this.

===================================================

GET xPUD Restore Point Scan

--------------------

For this step you will need a USB device and a blank CD.
  • Download GETxPUD.exe to the desktop of your clean computer
  • Double click the GETxPUD icon
  • Click Run
  • Double click the GETxPUD folder which should now be on your desktop
  • Double click on get & burn
  • The program will download xpud_0.9.2.iso, and when it is finished it will open a BurnCDCC window

BurnCDCC.jpg

  • Click on Start, insert a blank CD when instructed, then click OK
  • When completed, the CD will eject for removal
  • Download http://noahdfear.net/downloads/rst.sh and save it to your USB device
  • Remove the CD and insert it and the USB device into the infected computer
  • Boot the infected computer with the CD you just burned
  • As the computer boots up gently tap F12 and choose to boot from the CD by using the keyboard arrow keys to highlight CD/DVD and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on the USB (typically sdb1, sdc1, etc.)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB device named enum.log
  • Plug that USB back into the clean computer and open it
  • Copy and paste the enum.log for my review
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • enum log

Edited by Oh My, 06 August 2013 - 04:55 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 05 August 2013 - 07:34 PM

Hi, Gary. The last step I followed was "choose English"; the computer went to a black screen at that point and stayed there.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 AM

Posted 05 August 2013 - 07:47 PM

Hi Holly,

I am assuming you tried that more than once with the same result. If so, please continue on.

I hate to put you through all of this but let's try another program.

===================================================


Ubuntu Restore Point Scan Using a CD and USB Device

--------------

For these steps you will need a blank CD and a USB device. Please start the steps from a clean computer. The following steps will remove all the information from of your USB device.
  • Insert your USB drive into your clean computer. Caution: The next step will remove all information from your USB device.
  • Right click on Start, then select Windows Explorer
  • Right click on your USB device, select Format, then check Quick format
  • Under File System select FAT32, and under Volume Label type USB
  • Click Start and allow the process to complete
  • Download urst.sh and save it on your USB device
  • Remove the USB device from your computer
  • Download Ubuntu Live for 32 bit or Ubuntu Live for 64 bit onto your desktop. This is a large file so allow it some time to download
  • Insert a CD into your CD player
  • Double click on the Ubuntu icon
  • Click Burn, then Close when completed
  • Remove the CD from the clean computer and insert it into the infected computer
  • Restart your infected computer. If your computer does not automatically boot from the CD please see here
  • Once the Ubuntu desktop is loaded please select English and then Try Ubuntu (be patient while the program loads)

Ubuntu.jpg

  • Insert the USB device into your computer and you should see a screen appear with the urst.sh icon in the right hand window
  • Close this window by clicking the X in the orange circle in the upper left hand corner of the screen
  • Click Dash Home which is the first icon in the top left hand corner
  • Type terminal in the search box and hit Enter
  • A command prompt window will open
  • Now please type the following, pressing Enter after each line: (note the spaces between the different colors)

sudo mkdir /media/windows
sudo mount -t ntfs /dev/sda2 /media/windows
cd /media/windows
sudo bash urst.sh

  • Allow the computer to search for Restore Points until completion
  • Click the Home Folder on the left hand side
  • Under Devices click on the first entry (might be a different one) until you see windows listed on the top bar
  • Find enum.log in the right hand window
  • Right click on enum.log and select Send To...
  • Click the Send As: dropdown list and select Removable disks and shares
  • Click the Send To: dropdown list and select USB
  • Click Send
  • Close all open windows
  • In the upper right hand corner of your screen select the icon just to the right of the time
  • Click Shut down... then click Shut down... again in the pop up window
  • Remove the USB device from your computer and insert it into your clean computer
  • Copy and paste the contents of enum.log in your reply
==================================================

Things I would like to see in your next reply. :thumbsup2:
  • enum.log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 06 August 2013 - 03:54 AM

Hello, Gary. I appreciate the help problem-solving, so don't worry about giving me too much to do.

 

I got an error message that there was not enough space on the CD to burn the ISO.

 

I don't have any larger CDs. I was able to use the ISO to create a bootable Ubuntu USB. Clicking on the thumb drive gives the following message: "device /dev/loop1 is already mounted at '/media/ubuntu/casper-rw.' Will this work? If not, I can get a larger CD or DVD later today, and try again to burn the ISO to a CD.

 

Thanks!

Holly



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 AM

Posted 06 August 2013 - 02:26 PM

Hi Holly,

 

Did you format the USB before downloading Ubuntu?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 06 August 2013 - 03:56 PM

Yes :)

#13 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 06 August 2013 - 04:54 PM

Afterthought.... if the USB drive isn't a good option, I can probably download and burn an older (smaller) version of Ubuntu before I can get to the store for a larger disk.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 AM

Posted 06 August 2013 - 04:56 PM

Hi Holly,

We are going to go back to xPUD and try it with just a USB device.

===================================================

xPUD Restore Point Scan using USB

--------------------
  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run then OK.
  • Note: If you receive the message "You must select a distribution to load" just follow the instructions/image below
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.

SelectDiskImage.gif

  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download http://noahdfear.net/downloads/rst.sh and save it to your USB device
  • Remove the USB device and insert it into the infected computer
  • Boot the infected computer with the USB you just created
  • As the computer boots up gently tap F12 and choose to boot from the USB (or Floppy) by using the keyboard arrow keys to highlight USB and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on the USB (typically sdb1, sdc1, etc.)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB device named enum.log
  • Plug that USB back into the clean computer and open it
  • Copy and paste the enum.log for my review
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • enum log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 06 August 2013 - 07:24 PM

Hi, Gary. The computer boots off the USB and shows the xPUD/language screen. After I choose English, a black screen appears and enough text rolls out to take up the top 1/3 of the screen. It says "ready." and then goes to a black screen that looks backlit. End of story.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users