Recently pop-ups appear on bottom left corner of browser windows for both Chrome and IE. Sometimes I am also prompted to install the Adobe flash player, which I think is a malware. The operating system on my desktop is Windows 7 64-bit professional. When I ran the full scan using an updated version of the Microsoft Security Essentials, a few issues were identified and deleted. The pop-ups and the installation messages, however, still appear. I had previously posted here (http://forums.spybot.info/showthread...browser-window) and based on the response to the previous post, I am starting a new topic. I have attached the DDS log file (attach.txt) and pasted the content from DDS.txt. I have also pasted contents from Avast scan. Please advise me on how to resolve the issue. Thank you!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Owner at 12:09:37 on 2014-04-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3045.1527 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files (x86)\Flash Update\winclient32.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Windows Client Manager] C:\Program Files (x86)\Flash Update\winclient32.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1 208.67.222.222 75.75.75.75
TCP: Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{6A80823C-CDBC-431D-9574-9787184DD00D} : DHCPNameServer = 4.2.2.4 8.8.4.4
TCP: Interfaces\{D453D13D-D682-4B52-AAB3-AF4FE063C2FC} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{F3DF0595-1BC2-40BC-A99D-7822F950A555} : DHCPNameServer = 192.168.1.1 208.67.222.222 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 146.0.75.221 www.google-analytics.com.
Hosts: 146.0.75.221 google-analytics.com.
Hosts: 146.0.75.221 connect.facebook.net.
Hosts: 146.0.75.221 bing.com.
Hosts: 146.0.75.221 www.bing.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8192cu;300Mbps Wireless USB Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2014-4-7 926824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-17 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-25 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-25 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-19 1255736]
.
=============== Created Last 30 ================
.
2014-04-26 07:52:45 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{644B7C60-F30A-4E7E-9CE6-770C0A31612F}\mpengine.dll
2014-04-24 22:38:59 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-22 02:10:06 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-04-22 02:10:06 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-04-22 01:57:01 -------- d-----w- C:\Program Files (x86)\Flash Update
2014-04-22 01:57:00 -------- d-----w- C:\Users\Owner\AppData\Local\Programs
2014-04-20 17:23:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\SketchUp
2014-04-20 17:19:33 -------- d-----w- C:\ProgramData\ckfapk
2014-04-19 08:29:42 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-19 08:29:41 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2711EFF2-F867-43FC-96C3-AFA83F41FC22}\gapaengine.dll
2014-04-17 08:00:59 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-04-17 08:00:55 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-04-17 08:00:54 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-04-16 03:45:37 -------- d-----w- C:\ProgramData\SketchUp
2014-04-16 03:45:36 -------- d-----w- C:\Program Files (x86)\SketchUp
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-04-13 21:32:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-04-13 21:19:57 -------- d-----w- C:\Program Files (x86)\Vim
2014-04-13 18:05:09 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2014-04-13 18:04:56 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-04-13 18:04:17 -------- d-----w- C:\Program Files\iPod
2014-04-13 18:04:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-13 18:04:16 -------- d-----w- C:\Program Files\iTunes
2014-04-13 18:04:16 -------- d-----w- C:\Program Files (x86)\iTunes
2014-04-13 18:03:38 -------- d-----w- C:\Users\Owner\AppData\Local\Apple
2014-04-13 18:03:07 -------- d-----w- C:\Program Files\Bonjour
2014-04-13 18:03:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-04-09 16:05:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\EndNote
2014-04-09 16:01:31 -------- d-----w- C:\Program Files (x86)\Common Files\Risxtd
2014-04-09 16:01:26 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft
2014-04-09 16:00:52 -------- d-----w- C:\Program Files (x86)\EndNote X4
2014-04-09 16:00:15 -------- d-----w- C:\ProgramData\Thomson.ResearchSoft.Installers
2014-04-09 15:59:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-04-09 15:49:07 -------- d-----w- C:\Users\Owner\AppData\Roaming\MathWorks
2014-04-09 00:10:06 407104 ----a-w- C:\Windows\System32\MSHFLXGD.OCX
2014-04-09 00:10:06 203976 ----a-w- C:\Windows\System32\RICHTX32.OCX
2014-04-09 00:10:06 1077344 ----a-w- C:\Windows\System32\MSCOMCTL.OCX
2014-04-08 23:53:10 -------- d-----w- C:\Program Files\MATLAB
2014-04-08 20:04:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-04-08 17:01:52 -------- d-----w- C:\Users\Owner\AppData\Local\OriginLab
2014-04-08 17:01:45 -------- d-----w- C:\ProgramData\OriginLab
2014-04-08 17:01:44 -------- d-----w- C:\Users\Owner\AppData\Local\CrashRpt
2014-04-08 16:58:36 -------- d-----w- C:\ProgramData\Package Cache
2014-04-08 16:56:06 -------- d-----w- C:\Program Files\OriginLab
2014-04-08 07:41:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\IrfanView
2014-04-08 07:41:34 -------- d-----w- C:\Program Files (x86)\IrfanView
2014-04-08 04:55:12 -------- d-----w- C:\Windows\PCHEALTH
2014-04-08 04:53:41 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-04-08 04:53:07 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help
2014-04-08 04:46:34 -------- d-----w- C:\Users\Owner\AppData\Local\Spotify
2014-04-08 04:46:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\Spotify
2014-04-08 02:20:31 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe
2014-04-08 02:11:39 -------- d-----w- C:\Users\Owner\AppData\Roaming\FreeFileSync
2014-04-08 02:06:59 -------- d-----w- C:\Program Files\FreeFileSync
2014-04-07 23:40:19 -------- d-----w- C:\Users\Owner\AppData\Roaming\DropboxMaster
2014-04-07 23:39:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\Dropbox
2014-04-07 23:27:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-04-07 23:27:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-04-07 23:15:50 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2014-04-07 23:15:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2014-04-07 23:15:31 -------- d-----w- C:\Users\Owner\AppData\Local\Deployment
2014-04-07 23:14:08 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{551FA001-1B7C-4F89-A084-22C426FD85D9}\mpengine.dll
2014-04-07 23:12:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\TP-LINK
2014-04-07 23:12:07 -------- d-----w- C:\Program Files (x86)\TP-LINK
2014-04-07 23:11:09 926824 ----a-w- C:\Windows\System32\rtl8192cu.sys
2014-04-07 23:11:09 926824 ----a-w- C:\Windows\System32\drivers\RTL8192cu.sys
2014-04-07 23:10:15 -------- d-----w- C:\ProgramData\TP-LINK
2014-03-28 20:29:15 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-28 20:29:15 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-28 20:18:58 -------- d-----w- C:\Users\Owner\Tracing
2014-03-28 20:18:58 -------- d-----w- C:\Users\Owner\Lync Recordings
2014-03-28 20:18:58 -------- d-----w- C:\Users\Owner\.imagej
.
==================== Find3M ====================
.
2014-03-23 08:29:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-22 08:08:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-03-22 08:08:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-03-11 14:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 20:19:39 76 ----atw- C:\WIM10E5.tmp
2014-03-04 20:19:39 192 ----atw- C:\WIM1118.tmp
2014-03-04 20:19:39 188 ----atw- C:\WIM1128.tmp
2014-03-04 20:19:39 120 ----atw- C:\WIM10E8.tmp
2014-03-04 20:19:39 120 ----atw- C:\WIM10E7.tmp
2014-03-04 20:19:39 112 ----atw- C:\WIM10E6.tmp
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-03-01 07:08:13 76 ----atw- C:\WIM8F28.tmp
2014-03-01 07:08:13 192 ----atw- C:\WIM8F4B.tmp
2014-03-01 07:08:13 188 ----atw- C:\WIM8F5C.tmp
2014-03-01 07:08:13 120 ----atw- C:\WIM8F2B.tmp
2014-03-01 07:08:13 120 ----atw- C:\WIM8F2A.tmp
2014-03-01 07:08:13 112 ----atw- C:\WIM8F29.tmp
2014-02-19 13:28:06 644400 ----a-w- C:\Windows\SysWow64\mscomct2.ocx
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
.
============= FINISH: 12:10:34.76 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-26 12:13:02
-----------------------------
12:13:02.491 OS Version: Windows x64 6.1.7601 Service Pack 1
12:13:02.491 Number of processors: 2 586 0xF0B
12:13:02.492 ComputerName: OWNER-PC UserName: Owner
12:13:03.752 Initialize success
12:18:58.298 AVAST engine defs: 14042601
12:20:27.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:20:27.785 Disk 0 Vendor: ST3750640AS 3.CHN Size: 715404MB BusType: 11
12:20:27.913 Disk 0 MBR read successfully
12:20:27.916 Disk 0 MBR scan
12:20:27.986 Disk 0 Windows 7 default MBR code
12:20:27.988 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 361888 MB offset 63
12:20:28.030 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 353514 MB offset 741148672
12:20:28.136 Disk 0 scanning C:\Windows\system32\drivers
12:20:39.604 Service scanning
12:21:03.449 Modules scanning
12:21:03.456 Disk 0 trace - called modules:
12:21:03.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:21:03.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800341d530]
12:21:03.478 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8002e801e0]
12:21:03.483 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002e66680]
12:21:04.459 AVAST engine scan C:\Windows
12:21:06.678 AVAST engine scan C:\Windows\system32
12:24:53.448 AVAST engine scan C:\Windows\system32\drivers
12:25:07.814 AVAST engine scan C:\Users\Owner
12:29:26.699 AVAST engine scan C:\ProgramData
12:29:55.533 Scan finished successfully
12:32:57.805 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\securitycheck\MBR.dat"
12:32:57.841 The log file has been saved successfully to "C:\Users\Owner\Desktop\securitycheck\aswMBR.txt"