TechSpot

Won't boot after Avast update

By bennythefish
Mar 31, 2015
  1. Machine with Windows 7 will not boot after Avast update. Can not boot into safe mode, crashes after loading aswrvrt.sys. Tried Windows startup repair, sfc and bootrec commands.

    Below is a log from Farbar Tool.


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by SYSTEM on MININT-9TRQMVA on 31-03-2015 07:45:23
    Running from I:\
    Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-08] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
    HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2011-04-01] ()
    HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-23] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-23] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKU\Donna\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
    HKU\Donna\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKU\Greg\...\Run: [AdobeBridge] => [X]
    HKU\Greg\...\Run: [Driver Restore] => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters)
    HKU\Greg\...\Run: [Second Copy] => C:\Program Files (x86)\Second Copy 8\SecCopy.exe [3128616 2013-01-27] (Centered Systems)
    HKU\Greg\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-02] (Adobe Systems Incorporated)
    HKU\Greg\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-02-05] (Adobe Systems Incorporated)
    HKU\Greg\...\Policies\Explorer: [NoChangeStartMenu] 0
    HKU\Greg\...\Policies\Explorer: [NoLogOff] 0
    HKU\Greg\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
    AppInit_DLLs-x32: c:\progra~3\smartweb\smartweb.dll => "c:\progra~3\smartweb\smartweb.dll" File Not Found
    Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    BootExecute: autocheck autochk /p \??\J:autocheck autochk *
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [128752 2010-06-29] (SUPERAntiSpyware.com)
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-16] (AVAST Software)
    S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-16] (AVAST Software)
    S2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.)
    S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S2 ScVssService64; C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [75048 2013-01-27] (Centered Systems)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-25] ()
    S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-03-25] (Avast Software s.r.o.)
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-25] (Avast Software s.r.o.)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-25] (Avast Software s.r.o.)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-25] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-25] (Avast Software s.r.o.)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-25] (Avast Software s.r.o.)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-25] (Avast Software s.r.o.)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-25] ()
    S3 ExterminateIt; C:\Windows\SysWOW64\drivers\extit.sys [39936 2014-03-12] (CurioLab S.M.B.A.)
    S1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
    S3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-12] (Windows (R) Codename Longhorn DDK provider)
    S3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows (R) Win 7 DDK provider)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S0 aswNdisFlt; system32\DRIVERS\aswNdisFlt.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-31 07:45 - 2015-03-31 07:45 - 00000000 ____D () C:\FRST
    2015-03-31 02:57 - 2015-03-30 19:05 - 00000000 ____D () C:\Windows\System32\config\Backup
    2015-03-30 18:17 - 2015-03-30 18:17 - 00000000 ____D () C:\boot-sav
    2015-03-25 10:36 - 2015-03-25 10:36 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\System32\aswBoot.exe
    2015-03-25 10:36 - 2015-03-25 10:36 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-03-25 10:36 - 2014-12-16 14:36 - 01050432 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5A42.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00436624 _____ (AVAST Software) C:\Windows\System32\Drivers\asw73CF.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00267632 _____ () C:\Windows\System32\Drivers\asw765F.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00116728 _____ (AVAST Software) C:\Windows\System32\Drivers\asw78B1.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5FFD.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00083280 _____ (AVAST Software) C:\Windows\System32\Drivers\asw67AD.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00065776 _____ () C:\Windows\System32\Drivers\asw6EBF.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00029208 _____ () C:\Windows\System32\Drivers\asw6432.tmp
    2015-03-25 10:36 - 2014-12-16 14:36 - 00028184 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5773.tmp
    2015-03-25 10:34 - 2015-03-25 10:34 - 05453024 _____ (Avast Software s.r.o.) C:\Users\Greg\Downloads\avast_internet_security_setup_online.exe
    2015-03-23 13:02 - 2015-03-23 13:02 - 00130048 _____ () C:\Users\Greg\Documents\ATM-terminal list 3-23-15.xls
    2015-03-23 09:25 - 2015-03-23 09:33 - 00021564 _____ () C:\Users\Greg\Documents\ATM-EMV to be done.csv
    2015-03-22 09:18 - 2015-03-22 09:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-19 13:55 - 2015-03-19 14:04 - 00010124 _____ () C:\Users\Greg\Documents\ATM-Briggs Exhibit A.xlsx
    2015-03-16 05:18 - 2015-03-16 05:18 - 00001713 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-03-16 05:17 - 2015-03-16 05:18 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-16 05:17 - 2015-03-16 05:18 - 00000000 ____D () C:\Program Files\iTunes
    2015-03-11 04:35 - 2015-02-23 19:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2015-03-11 04:35 - 2015-02-23 18:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-11 04:35 - 2015-02-20 17:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2015-03-11 04:35 - 2015-02-20 16:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-11 04:35 - 2015-02-20 16:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-11 04:35 - 2015-02-20 16:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-11 04:35 - 2015-02-20 16:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-11 04:35 - 2015-02-20 15:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2015-03-11 04:35 - 2015-02-20 15:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-11 04:35 - 2015-02-19 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2015-03-11 04:35 - 2015-02-19 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
    2015-03-11 04:35 - 2015-02-19 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2015-03-11 04:35 - 2015-02-19 18:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2015-03-11 04:35 - 2015-02-19 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
    2015-03-11 04:35 - 2015-02-19 18:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2015-03-11 04:35 - 2015-02-19 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
    2015-03-11 04:35 - 2015-02-19 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2015-03-11 04:35 - 2015-02-19 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2015-03-11 04:35 - 2015-02-19 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2015-03-11 04:35 - 2015-02-19 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2015-03-11 04:35 - 2015-02-19 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
    2015-03-11 04:35 - 2015-02-19 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
    2015-03-11 04:35 - 2015-02-19 18:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2015-03-11 04:35 - 2015-02-19 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-03-11 04:35 - 2015-02-19 18:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-11 04:35 - 2015-02-19 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2015-03-11 04:35 - 2015-02-19 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-03-11 04:35 - 2015-02-19 18:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-11 04:35 - 2015-02-19 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2015-03-11 04:35 - 2015-02-19 18:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-11 04:35 - 2015-02-19 18:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-11 04:35 - 2015-02-19 18:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-11 04:35 - 2015-02-19 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2015-03-11 04:35 - 2015-02-19 18:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-11 04:35 - 2015-02-19 18:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-11 04:35 - 2015-02-19 18:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-11 04:35 - 2015-02-19 17:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-11 04:35 - 2015-02-19 17:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-11 04:35 - 2015-02-19 17:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-11 04:35 - 2015-02-19 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2015-03-11 04:35 - 2015-02-19 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2015-03-11 04:35 - 2015-02-19 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
    2015-03-11 04:35 - 2015-02-19 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2015-03-11 04:35 - 2015-02-19 17:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2015-03-11 04:35 - 2015-02-19 17:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-11 04:35 - 2015-02-19 17:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-11 04:35 - 2015-02-19 17:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-11 04:35 - 2015-02-19 17:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2015-03-11 04:35 - 2015-02-19 17:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-11 04:35 - 2015-02-19 17:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-11 04:35 - 2015-02-19 17:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-11 04:35 - 2015-02-19 17:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2015-03-11 04:35 - 2015-02-19 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2015-03-11 04:35 - 2015-02-19 17:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-11 04:35 - 2015-02-19 16:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-11 04:35 - 2015-02-19 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-11 04:32 - 2015-02-02 19:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2015-03-11 04:32 - 2015-02-02 19:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2015-03-11 04:32 - 2015-02-02 19:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2015-03-11 04:32 - 2015-02-02 19:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2015-03-11 04:32 - 2015-02-02 19:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\System32\wmdrmsdk.dll
    2015-03-11 04:32 - 2015-02-02 19:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
    2015-03-11 04:32 - 2015-02-02 19:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2015-03-11 04:32 - 2015-02-02 19:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\System32\drmv2clt.dll
    2015-03-11 04:32 - 2015-02-02 19:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
    2015-03-11 04:32 - 2015-02-02 19:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\System32\blackbox.dll
    2015-03-11 04:32 - 2015-02-02 19:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
    2015-03-11 04:32 - 2015-02-02 19:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\System32\drmmgrtn.dll
    2015-03-11 04:32 - 2015-02-02 19:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2015-03-11 04:32 - 2015-02-02 19:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-11 04:32 - 2015-02-02 19:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-11 04:32 - 2015-02-02 19:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-11 04:32 - 2015-02-02 19:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-11 04:32 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2015-03-11 04:31 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
    2015-03-11 04:31 - 2015-02-02 19:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
    2015-03-11 04:31 - 2015-02-02 19:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\System32\msscp.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\System32\msnetobj.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\spwmp.dll
    2015-03-11 04:31 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\msdxm.ocx
    2015-03-11 04:31 - 2015-02-02 19:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\dxmasf.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
    2015-03-11 04:31 - 2015-02-02 19:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\cryptsp.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
    2015-03-11 04:31 - 2015-02-02 19:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\pcawrk.exe
    2015-03-11 04:31 - 2015-02-02 19:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
    2015-03-11 04:31 - 2015-02-02 19:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
    2015-03-11 04:31 - 2015-02-02 19:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
    2015-03-11 04:31 - 2015-02-02 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-11 04:31 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-11 04:31 - 2015-02-02 19:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-11 04:31 - 2015-02-02 19:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-11 04:31 - 2015-02-02 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-11 04:31 - 2015-02-02 19:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-11 04:31 - 2015-02-02 19:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-11 04:31 - 2015-02-02 19:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-11 04:31 - 2015-02-02 18:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
    2015-03-11 04:31 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
    2015-03-11 04:31 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
    2015-03-11 03:58 - 2015-03-05 21:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2015-03-11 03:58 - 2015-03-05 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2015-03-11 03:58 - 2015-03-05 21:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2015-03-11 03:58 - 2015-03-05 21:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
    2015-03-11 03:58 - 2015-03-05 21:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
    2015-03-11 03:58 - 2015-03-05 21:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2015-03-11 03:58 - 2015-03-05 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
    2015-03-11 03:58 - 2015-03-05 21:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
    2015-03-11 03:58 - 2015-03-05 21:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-11 03:58 - 2015-03-05 21:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-11 03:58 - 2015-03-05 21:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-11 03:58 - 2015-03-05 21:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-11 03:58 - 2015-03-05 21:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-11 03:58 - 2015-03-05 21:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-11 03:58 - 2015-03-05 21:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-11 03:58 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-11 03:58 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2015-03-11 03:58 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2015-03-11 03:47 - 2015-02-02 19:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2015-03-11 03:47 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-11 03:38 - 2015-02-19 20:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
    2015-03-11 03:38 - 2015-02-19 20:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
    2015-03-11 03:38 - 2015-02-19 20:40 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
    2015-03-11 03:38 - 2015-02-19 20:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
    2015-03-11 03:38 - 2015-02-19 20:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-11 03:38 - 2015-02-19 20:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-11 03:38 - 2015-02-19 20:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-11 03:38 - 2015-02-19 20:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-11 03:38 - 2015-02-19 19:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2015-03-11 03:38 - 2015-02-19 19:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-11 03:12 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
    2015-03-11 03:12 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-11 02:47 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
    2015-03-11 02:47 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-11 02:19 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2015-03-11 02:12 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
    2015-03-11 02:12 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-09 16:18 - 2015-03-09 16:18 - 17080320 _____ () C:\Users\Greg\Desktop\Quicken 2014-08-05-2015-03-09.QDF-backup
    2015-03-05 15:05 - 2015-03-20 12:18 - 00032768 _____ () C:\Users\Greg\Documents\ATM-Commissions 2015-Lucky Coin.xls
    2015-03-03 11:50 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
    2015-03-03 11:50 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
    2015-03-03 11:50 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
    2015-03-03 11:50 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-30 18:09 - 2014-07-02 15:38 - 00000000 ____D () C:\ProgramData\Iseaveir
    2015-03-25 10:42 - 2010-10-29 17:29 - 00000236 _____ () C:\service.log
    2015-03-25 10:42 - 2010-10-29 17:22 - 01738838 _____ () C:\Windows\WindowsUpdate.log
    2015-03-25 10:41 - 2010-11-05 05:38 - 1762444288 _____ () C:\Users\Greg\Documents\Outlook.pst
    2015-03-25 10:38 - 2014-06-04 06:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-25 10:37 - 2014-03-18 16:53 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-03-25 10:36 - 2014-05-05 11:46 - 00029168 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSnx.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswSP.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00271200 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswStm.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswRdr2.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswMonFlt.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00065736 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2015-03-25 10:36 - 2014-03-18 16:53 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\System32\Drivers\aswKbd.sys
    2015-03-25 10:27 - 2010-11-08 08:59 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-25 10:06 - 2010-11-15 07:29 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{79B5A0D9-82AC-45A2-AB5E-75D8F1F44498}
    2015-03-25 08:20 - 2009-07-13 20:45 - 00022576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-25 08:20 - 2009-07-13 20:45 - 00022576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-24 23:00 - 2014-08-13 23:00 - 00000000 ____D () C:\Users\Greg\AppData\Local\Adobe
    2015-03-24 12:27 - 2010-11-08 08:59 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-24 12:06 - 2010-11-05 05:41 - 00051330 _____ () C:\Users\Greg\Documents\ATM-Contract Renewals.xlsx
    2015-03-24 12:04 - 2010-11-16 09:39 - 00014441 _____ () C:\Users\Greg\Documents\ATM-pulls.xlsx
    2015-03-24 11:39 - 2012-02-24 11:02 - 00035840 _____ () C:\Users\Greg\Documents\ATM-Commissions-Mobile Trailer 2012.xls
    2015-03-24 07:39 - 2010-11-05 05:41 - 00063318 _____ () C:\Users\Greg\Documents\ATM-Sales Report.xlsx
    2015-03-24 07:38 - 2010-11-05 05:41 - 00073216 _____ () C:\Users\Greg\Documents\ATM-Lucky Coin Referrals.xls
    2015-03-24 04:45 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
    2015-03-23 05:25 - 2009-07-13 21:13 - 00786578 _____ () C:\Windows\System32\PerfStringBackup.INI
    2015-03-23 05:23 - 2014-03-25 15:24 - 00008693 _____ () C:\Windows\setupact.log
    2015-03-22 11:40 - 2012-05-10 07:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-03-20 13:23 - 2014-08-05 14:30 - 00000000 ____D () C:\Users\Greg\Documents\BACKUP
    2015-03-20 13:23 - 2014-08-05 14:28 - 17105540 _____ () C:\Users\Greg\Documents\Quicken 2014-08-05.QDF
    2015-03-20 05:06 - 2013-03-05 13:30 - 00012601 _____ () C:\Users\Greg\Documents\Warranties.xlsx
    2015-03-20 04:23 - 2012-12-21 06:51 - 00016515 _____ () C:\Users\Greg\Documents\Passwords.xlsx
    2015-03-18 13:41 - 2012-05-29 12:30 - 00773632 ___SH () C:\Users\Greg\Documents\Thumbs.db
    2015-03-16 05:17 - 2011-04-09 07:46 - 00000000 ____D () C:\Program Files\iPod
    2015-03-16 05:17 - 2011-04-09 07:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-03-16 05:17 - 2011-04-09 07:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-03-13 11:44 - 2014-01-24 07:40 - 00000000 ___RD () C:\Users\Greg\Dropbox
    2015-03-13 11:44 - 2014-01-24 07:37 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Dropbox
    2015-03-13 11:43 - 2014-01-24 07:40 - 00001045 _____ () C:\Users\Greg\Desktop\Dropbox.lnk
    2015-03-12 11:59 - 2014-03-26 10:09 - 00000000 ____D () C:\Users\Greg\Documents\Jokes
    2015-03-12 04:00 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-12 00:48 - 2013-04-24 07:43 - 00018104 _____ () C:\Windows\error.log
    2015-03-12 00:48 - 2010-10-29 17:36 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2015-03-12 00:48 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-12 00:47 - 2013-04-24 07:43 - 00005461 _____ () C:\Windows\errord.log
    2015-03-12 00:47 - 2010-10-29 18:13 - 00398822 _____ () C:\Windows\PFRO.log
    2015-03-12 00:47 - 2009-07-13 20:45 - 05033560 _____ () C:\Windows\System32\FNTCACHE.DAT
    2015-03-12 00:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-12 00:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
    2015-03-12 00:27 - 2010-10-29 17:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-12 00:26 - 2009-07-13 18:34 - 00000513 _____ () C:\Windows\win.ini
    2015-03-12 00:16 - 2013-08-15 00:01 - 00000000 ____D () C:\Windows\System32\MRT
    2015-03-12 00:08 - 2011-09-20 12:31 - 122905848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2015-03-12 00:07 - 2010-10-29 17:54 - 00000039 _____ () C:\Windows\vbaddin.ini
    2015-03-10 16:53 - 2010-11-05 05:44 - 00000000 ____D () C:\Users\Greg\Documents\recipes
    2015-03-10 14:38 - 2010-11-05 08:16 - 00000000 ____D () C:\Users\Greg\Documents\TAXES
    2015-03-10 14:00 - 2010-11-05 05:41 - 00051200 _____ () C:\Users\Greg\Documents\ATM monthly totals.xls
    2015-03-10 11:27 - 2015-02-04 12:29 - 00013458 _____ () C:\Users\Greg\Documents\ATM-Commissions 2015-Merchant Solutions.xlsx
    2015-03-09 11:44 - 2010-11-05 05:44 - 00000000 ____D () C:\Users\Greg\Documents\Bank Statements-personal checking
    2015-03-09 00:08 - 2011-09-03 10:47 - 00778700 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-03-06 14:39 - 2015-02-04 11:06 - 00012974 _____ () C:\Users\Greg\Documents\ATM-Interchange 2015 Deductions for ABSI.xlsx
    2015-03-06 14:23 - 2013-02-07 07:07 - 00011622 _____ () C:\Users\Greg\Documents\ATM-Interest, Vault Cash and owed ATMs.xlsx
    2015-03-06 06:51 - 2010-11-05 05:41 - 00032768 _____ () C:\Users\Greg\Documents\ATM-Background check list of completed forms.xls
    2015-03-04 01:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
    2015-03-03 15:00 - 2010-11-05 05:45 - 00000000 ____D () C:\Users\Greg\Documents\Bank Statements-Chiasson Ent checking

    Some content of TEMP:
    ====================
    C:\Users\Greg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvvywkr.dll
    C:\Users\Greg\AppData\Local\Temp\ose00000.exe
    C:\Users\Greg\AppData\Local\Temp\Setup.exe
    C:\Users\Greg\AppData\Local\Temp\Tsu0E41B567.dll
    C:\Users\Greg\AppData\Local\Temp\_is23E8.exe
    C:\Users\Greg\AppData\Local\Temp\_is36AD.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================

    Restore point made on: 2015-03-09 00:00:35
    Restore point made on: 2015-03-12 00:01:46
    Restore point made on: 2015-03-12 20:01:49
    Restore point made on: 2015-03-17 14:46:50
    Restore point made on: 2015-03-18 20:01:18
    Restore point made on: 2015-03-19 20:01:24
    Restore point made on: 2015-03-24 08:55:13
    Restore point made on: 2015-03-25 10:35:50
    Restore point made on: 2015-03-25 10:38:38

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=C:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {default}
    resumeobject {c6ca3305-e3db-11df-9e20-f88d257ae546}
    displayorder {default}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {default}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {c6ca3307-e3db-11df-9e20-f88d257ae546}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {c6ca3305-e3db-11df-9e20-f88d257ae546}
    nx OptIn

    Windows Boot Loader
    -------------------
    identifier {c6ca3307-e3db-11df-9e20-f88d257ae546}
    device ramdisk=[C:]\Recovery\c6ca3307-e3db-11df-9e20-f88d257ae546\Winre.wim,{c6ca3308-e3db-11df-9e20-f88d257ae546}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\c6ca3307-e3db-11df-9e20-f88d257ae546\Winre.wim,{c6ca3308-e3db-11df-9e20-f88d257ae546}
    systemroot \windows
    nx OptIn
    winpe Yes

    Resume from Hibernate
    ---------------------
    identifier {c6ca3305-e3db-11df-9e20-f88d257ae546}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=C:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    Windows Legacy OS Loader
    ------------------------
    identifier {ntldr}
    device partition=C:
    path \ntldr
    description Earlier Version of Windows

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {c6ca3308-e3db-11df-9e20-f88d257ae546}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\c6ca3307-e3db-11df-9e20-f88d257ae546\boot.sdi


    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 3580.16 MB
    Available physical RAM: 2940.89 MB
    Total Pagefile: 3578.3 MB
    Available Pagefile: 2929.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.76 GB) (Free:227.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (sardu) (CDROM) (Total:1.81 GB) (Free:0 GB) CDFS
    Drive I: (Repair disc Windows 7 64-bit) (Removable) (Total:29.82 GB) (Free:29.56 GB) NTFS
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6E4B6E4B)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 29.8 GB) (Disk ID: 56A020EF)
    Partition 1: (Active) - (Size=29.8 GB) - (Type=07 NTFS)


    LastRegBack: 2015-03-05 09:33

    ==================== End Of Log ============================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Let's try simple fix first...

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  3. bennythefish

    bennythefish TS Rookie Topic Starter

    Here is log from using the fixlist file. Stills won't boot, crashes in same place.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by SYSTEM at 2015-03-31 17:05:38 Run:2
    Running from I:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    LastRegBack: 2015-03-05 09:33
    *****************

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog 17:05:47 ====
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Tried safe mode?
    If same problem give me fresh FRST log and we'll try to remove Avast stuff manually.
     
  5. bennythefish

    bennythefish TS Rookie Topic Starter

    Attempting to start in safe mode still crashed after loading aswrvrt.sys. Computer owner decided to forego any further attempts to fix issue and did a clean install of Windows 7.

    Also decided not to reinstall Avast. Thanks for your help
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Thanks for letting me know :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...