PDA

View Full Version : I think I might have a rootkit



Jamesbxv
2013-01-23, 04:35
DDS reports

---------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by XV at 21:29:42 on 2013-01-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3620 [GMT -5:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uProxyServer = 192.168.0.1:80
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.12.1127.2\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.2.0.19\coieplg.dll
uRun: [AdobeBridge] <no file>
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A2A7078A-3E70-4F3A-8568-E2660A16B280} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D94664A2-BD89-4561-ABB2-AD3A27606EEB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FE90F1DF-ABC8-46F7-A7A1-B8B9136790FD} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1386.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [VX1000] C:\Windows\vVX1000.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XV\AppData\Roaming\Mozilla\Firefox\Profiles\s4vh6cs4.default\
FF - prefs.js: network.proxy.socks - 202.119.199.147
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\XV\AppData\Local\Roblox\Versions\version-6e655c3defe448aa\NPRobloxProxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-03 07:09; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-01-03 07:09; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-01-03 07:25; idvaultaddin@whitesky; C:\Users\XV\AppData\Roaming\Mozilla\Firefox\Profiles\s4vh6cs4.default\extensions\idvaultaddin@whitesky
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys [2013-1-3 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys [2013-1-3 1133216]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-1-3 45880]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys [2013-1-3 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130121.001\IDSviA64.sys [2013-1-21 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys [2013-1-3 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys [2013-1-3 432800]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-11-29 66160]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-21 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-21 682344]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [2013-1-3 143928]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-21 168384]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-22 945328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-17 138912]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2013-1-9 66728]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-1-3 25336]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-21 24176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-20 712704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-11 346144]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-3-27 27160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-1-17 45056]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-10 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-10 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-10 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
.
=============== Created Last 30 ================
.
2013-01-23 01:26:06 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-01-23 01:26:05 -------- d-----w- C:\Users\XV\AppData\Local\Origin
2013-01-23 01:25:09 -------- d-----w- C:\Program Files (x86)\Origin
2013-01-22 01:49:00 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-22 01:48:45 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-22 01:48:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-22 00:28:54 -------- d-----w- C:\Windows\softwaredistribution.bak2
2013-01-22 00:23:05 -------- d-----w- C:\Windows\softwaredistribution.bak1
2013-01-21 23:26:16 -------- d-----w- C:\Program Files\CCleaner
2013-01-21 21:44:31 -------- d-----w- C:\Users\XV\AppData\Roaming\Malwarebytes
2013-01-21 21:44:18 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-21 21:44:17 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-21 21:44:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-21 20:56:37 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2013-01-20 14:06:47 -------- d-----w- C:\Users\XV\AppData\Local\{3989F6BB-1745-45E8-8C3D-00CD27065CB6}
2013-01-19 14:23:55 -------- d-----w- C:\Users\XV\AppData\Local\{FC9A20E2-297A-4104-88C0-35AB64CDA2B1}
2013-01-19 14:23:11 -------- d-----w- C:\Users\XV\AppData\Local\{8EEA38F6-AFB9-4BDD-ACD9-84F441E96B78}
2013-01-19 03:58:02 -------- d-----w- C:\Users\XV\AppData\Roaming\DAEMON Tools Pro
2013-01-19 03:57:36 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-01-19 01:43:52 -------- d-----w- C:\Users\XV\AppData\Roaming\TS3Client
2013-01-18 22:05:47 -------- d-----w- C:\Users\XV\AppData\Local\{D8217ABD-FB24-4CB3-8B5B-3A5AF2BAAE01}
2013-01-17 21:50:27 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2013-01-17 00:42:08 -------- d-----w- C:\Users\XV\AppData\Local\{33E384DC-2ECE-4884-B027-E40C79B3D621}
2013-01-16 20:31:39 -------- d-----w- C:\Users\XV\AppData\Local\{7DECA72F-5DC8-422C-8877-47CE18E12DFE}
2013-01-16 01:47:09 -------- d-----w- C:\Users\XV\AppData\Local\{E32F7C2E-9FB6-4C83-9619-455CE3CEC92C}
2013-01-15 23:13:26 -------- d-----w- C:\Users\XV\AppData\Local\LogMeIn Hamachi
2013-01-14 02:20:11 -------- d-----w- C:\Users\XV\AppData\Local\{95585B62-D778-4603-BDB7-B8B029348435}
2013-01-14 00:16:57 -------- d-----w- C:\Users\XV\AppData\Local\{52CF09D4-E942-49CF-A334-CC175ADFF7D7}
2013-01-13 22:15:16 -------- d-----w- C:\Users\XV\AppData\Local\{0167F4B5-AB7A-4FA8-B023-9FF58A9A9A11}
2013-01-13 15:46:01 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-01-13 00:20:39 -------- d-----w- C:\Users\XV\AppData\Local\{6C0ACAFA-C8A4-4582-BB00-CF675BC828B8}
2013-01-10 02:50:39 -------- d-----w- C:\Users\XV\AppData\Local\{3F65B7E3-5494-4706-8F1A-14E29F851214}
2013-01-10 01:08:06 -------- d-----w- C:\Users\XV\AppData\Local\{239972E1-C2B5-4A60-AFC8-D3EB506160B1}
2013-01-10 00:36:48 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2013-01-10 00:36:48 -------- d-----w- C:\Program Files\Virtual Audio Cable
2013-01-10 00:15:31 -------- d-----w- C:\Users\XV\AppData\Roaming\SynthMaker
2013-01-10 00:15:27 -------- d-----w- C:\Users\XV\AppData\Roaming\Acoustica
2013-01-10 00:02:54 -------- d-----w- C:\Program Files (x86)\VST
2013-01-10 00:02:45 -------- d-----w- C:\ProgramData\Acoustica
2013-01-10 00:02:45 -------- d-----w- C:\Program Files (x86)\Acoustica Mixcraft 6
2013-01-09 23:02:28 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-08 11:44:21 -------- d-----w- C:\Users\XV\AppData\Local\{526165E7-81D7-48D5-AC86-7BADF8D45A63}
2013-01-07 00:52:25 -------- d-----w- C:\Users\XV\AppData\Local\{7EF07957-BEF1-4938-A0DB-88837219A22C}
2013-01-06 22:01:08 -------- d-----w- C:\Users\XV\AppData\Roaming\logs
2013-01-06 22:01:08 -------- d-----w- C:\Users\XV\AppData\Roaming\.techniclauncher
2013-01-06 19:54:01 -------- d-----w- C:\Users\XV\AppData\Local\{E5BC5120-E982-40CD-866B-DF748A6B4DED}
2013-01-05 21:45:57 -------- d-----w- C:\Users\XV\AppData\Local\Ubisoft Game Launcher
2013-01-05 18:05:09 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2013-01-03 14:37:14 776864 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\srtsp64.sys
2013-01-03 14:37:14 493216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys
2013-01-03 14:37:14 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys
2013-01-03 14:37:14 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\srtspx64.sys
2013-01-03 14:37:14 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symelam.sys
2013-01-03 14:37:14 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys
2013-01-03 14:37:14 1133216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys
2013-01-03 14:37:13 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys
2013-01-03 14:36:55 -------- d-----w- C:\Windows\System32\drivers\N360x64\1402000.013
2013-01-03 12:34:37 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-01-03 12:34:37 -------- d-----w- C:\Program Files\Symantec
2013-01-03 12:34:37 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-01-03 12:33:41 -------- d-----w- C:\Windows\System32\drivers\N360x64
2013-01-03 12:25:10 8013680 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Microsoft.mshtml.dll
2013-01-03 12:25:10 1767536 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IdVaultCore.dll
2013-01-03 12:25:10 141424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\CommonDotNET.dll
2013-01-03 12:25:10 104048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2013-01-03 12:24:54 6137080 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll
2013-01-03 12:24:54 25336 ----a-w- C:\Windows\System32\drivers\KeyCrypt64.sys
2013-01-03 12:24:54 -------- d-----w- C:\Program Files (x86)\KeyCryptSDK
2013-01-03 12:24:53 -------- d-----w- C:\Windows\SysWow64\ZALSDK_uninst
2013-01-03 12:24:51 45880 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys
2013-01-03 12:24:50 -------- d-----w- C:\Users\XV\AppData\Local\Zemana
2013-01-02 01:14:59 -------- d-----w- C:\Users\XV\AppData\Roaming\DAEMON Tools Lite
2013-01-02 01:14:13 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-01-01 18:33:02 -------- d-----w- C:\Users\XV\AppData\Local\{43601EA0-6788-47B0-9658-5FB4DE946B56}
2012-12-31 01:10:00 -------- d-----w- C:\Users\XV\AppData\Roaming\CodeBlocks
2012-12-31 01:09:02 -------- d-----w- C:\Program Files (x86)\CodeBlocks
2012-12-30 00:16:52 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2012-12-29 23:33:29 -------- d-----w- C:\ProgramData\Nexon
2012-12-29 23:25:10 -------- d-----w- C:\Nexon
2012-12-29 23:25:07 -------- d-----w- C:\ProgramData\NexonUS
2012-12-29 20:20:45 -------- d-----w- C:\Users\XV\AppData\Roaming\Mount&Blade
2012-12-29 18:42:10 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2012-12-29 18:40:44 -------- d-----w- C:\Program Files (x86)\NuGet
2012-12-29 18:37:22 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-12-29 18:34:37 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2012-12-29 18:34:33 -------- d-----w- C:\Program Files (x86)\Windows Kits
2012-12-29 18:33:26 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2012-12-29 18:32:53 -------- d-----w- C:\Windows\SysWow64\1033
2012-12-29 18:32:53 -------- d-----w- C:\Windows\System32\1033
2012-12-29 18:32:45 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-12-29 18:32:44 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-12-29 18:32:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-12-29 18:31:46 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2012-12-29 18:21:30 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2012-12-29 18:21:30 -------- d-----w- C:\ProgramData\Package Cache
2012-12-28 17:25:56 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2012-12-27 00:48:00 -------- d-----w- C:\Users\XV\AppData\Local\LogiShrd
2012-12-27 00:45:56 -------- d-----w- C:\Users\XV\AppData\Local\Downloaded Installations
2012-12-26 18:16:39 -------- d-----w- C:\Users\XV\AppData\Roaming\Mount&Blade Warband
2012-12-26 13:32:33 -------- d-----w- C:\Users\XV\AppData\Local\{E9DF5645-61FF-487F-B48B-20F8E0C21B9B}
2012-12-24 17:27:11 -------- d-----w- C:\Users\XV\AppData\Roaming\Kongregate
2012-12-24 16:07:41 1687625 ----a-w- C:\Windows\SysWow64\InetClnt.dll
2012-12-24 16:07:31 225280 ----a-w- C:\Windows\SysWow64\AWRTL30.DLL
2012-12-24 16:07:31 111616 ----a-w- C:\Windows\SysWow64\LTIH30TB.DLL
2012-12-24 16:07:31 -------- d-----w- C:\Program Files (x86)\Common Files\WexTech Shared
2012-12-24 16:07:31 -------- d-----w- C:\Program Files (x86)\Common Files\LHSPF
2012-12-24 16:07:26 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-12-24 16:07:07 339968 ----a-w- C:\Windows\SysWow64\cdintf.dll
2012-12-24 16:07:03 -------- d-----w- C:\Program Files (x86)\Intuit
2012-12-24 16:06:39 609584 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2012-12-24 16:06:39 209608 ----a-w- C:\Windows\SysWow64\TABCTL32.OCX
2012-12-24 16:06:39 203976 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
2012-12-24 16:06:39 200704 ----a-w- C:\Windows\SysWow64\THREED32.OCX
2012-12-24 16:06:38 502544 ----a-w- C:\Windows\SysWow64\MSXML.DLL
2012-12-24 16:06:38 244232 ----a-w- C:\Windows\SysWow64\Msflxgrd.ocx
2012-12-24 16:06:38 140288 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2012-12-24 16:06:37 25088 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-12-24 16:06:37 1062704 ----a-w- C:\Windows\SysWow64\mscomctl.ocx
2012-12-24 16:06:37 1009136 ----a-w- C:\Windows\SysWow64\Mschrt20.ocx
2012-12-24 16:06:35 94208 ----a-w- C:\Windows\SysWow64\msstkprp.dll
2012-12-24 16:06:35 1694992 ----a-w- C:\Windows\SysWow64\vba6.dll
2012-12-24 16:05:13 -------- d-----w- C:\Windows\Intuit
2012-12-24 16:05:09 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-12-24 16:05:09 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-12-24 16:05:09 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-12-24 16:05:08 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-12-24 16:05:08 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
.
==================== Find3M ====================
.
2013-01-22 19:00:24 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-01-09 22:07:15 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 22:07:15 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-07 20:32:36 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-07 20:32:26 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-09 09:51:20 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-12-01 18:43:08 840264 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-29 03:20:47 666720 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-11 17:15:56 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-11-11 17:15:56 346144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-11-11 17:15:56 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-11-11 17:12:15 712704 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2012-11-11 03:53:03 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-11 03:53:03 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-11 03:53:03 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-11 02:09:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 02:09:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-11 02:09:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-10-27 00:01:18 237400 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-10-27 00:00:50 131416 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-10-26 23:59:44 203608 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-10-26 23:59:44 146264 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-10-26 23:59:44 119640 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-10-25 14:33:19 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-10-25 14:33:18 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-10-25 14:32:51 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-10-25 14:28:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-10-25 14:27:22 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2012-10-25 14:27:09 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-10-25 14:27:09 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-10-25 14:27:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-10-25 14:27:08 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2012-10-25 13:59:05 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-10-25 13:59:05 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-10-25 13:58:54 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2012-10-25 13:55:47 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-10-25 13:55:27 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2012-10-25 13:55:20 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-10-25 13:55:19 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2012-10-25 13:55:19 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2012-10-25 13:55:19 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-10-25 13:45:48 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 21:30:19.74 ===============


~ ASWMBR logs ~

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 21:33:20
-----------------------------
21:33:20.950 OS Version: Windows x64 6.1.7601 Service Pack 1
21:33:20.950 Number of processors: 4 586 0x2502
21:33:20.951 ComputerName: XV-PC UserName: XV
21:33:24.128 Initialize success
21:33:26.964 AVAST engine download error: 400
21:33:30.232 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:33:30.236 Disk 0 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 8
21:33:30.246 Disk 0 MBR read successfully
21:33:30.251 Disk 0 MBR scan
21:33:30.254 Disk 0 Windows 7 default MBR code
21:33:30.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 947798 MB offset 2048
21:33:30.261 Disk 0 Partition - 00 05 Extended 6069 MB offset 1941094398
21:33:30.281 Disk 0 Partition 2 00 82 Linux swap 6069 MB offset 1941094400
21:33:30.303 Disk 0 scanning C:\Windows\system32\drivers
21:33:36.295 Service scanning
21:33:48.063 Modules scanning
21:33:48.073 Disk 0 trace - called modules:
21:33:48.089 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
21:33:48.096 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ba060]
21:33:48.101 3 CLASSPNP.SYS[fffff88001db743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062a7050]
21:33:48.106 Scan finished successfully
21:34:06.910 Disk 0 MBR has been saved successfully to "C:\Users\XV\Desktop\MBR.dat"
21:34:06.915 The log file has been saved successfully to "C:\Users\XV\Desktop\scanlog1.txt"

shelf life
2013-02-05, 00:04
hi Jamesbxv,

Your post is a few days old. If you still need help simply reply back.