PortalGuy
2013-01-23, 19:54
Folks,
Please advise. Just found Alexa on many high ports. Spybot doesn't detect it: is Alexa now whitelisted?
Cannot find any running process, service, BHO or startup that seems to be associated with Alexa. Using netstat to discover the PID, and then TASKKILL /F to kill the PID, I get 'access denied' from Vista even though I'm running the command session in admin mode. What starts Alexa and how can I stop and get rid of it? Why is some thing hogging high ports and communicating without my consent, not classified as a threat?
Per the instructions I include the DDS and aswMBR logs. Below please find the output of netstat -a | grep alexa.
Thanks!
Robert
netstat -a | grep alexa
TCP 127.0.0.1:12080 alexa:63716 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63719 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63720 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63722 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63724 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63725 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63737 ESTABLISHED
TCP 127.0.0.1:27275 alexa:63764 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63765 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63766 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63767 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63768 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63769 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63770 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63771 FIN_WAIT_2
TCP 127.0.0.1:49155 alexa:3979 ESTABLISHED
TCP 127.0.0.1:57765 alexa:57766 ESTABLISHED
TCP 127.0.0.1:57766 alexa:57765 ESTABLISHED
TCP 127.0.0.1:57772 alexa:57773 ESTABLISHED
TCP 127.0.0.1:57773 alexa:57772 ESTABLISHED
TCP 127.0.0.1:60627 alexa:60630 ESTABLISHED
TCP 127.0.0.1:60630 alexa:60627 ESTABLISHED
TCP 127.0.0.1:63710 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63712 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63713 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63715 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63716 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63718 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63719 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63720 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63722 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63724 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63725 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63731 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63732 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63734 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63735 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63736 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63737 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63739 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63740 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63741 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63742 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63744 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63746 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63749 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63751 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63754 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63759 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63762 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63771 alexa:27275 CLOSE_WAIT
TCP 127.0.0.1:63773 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63778 alexa:21322 TIME_WAIT
=======================================================
DDS.TXT:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by robert.wagner at 9:22:30 on 2013-01-23
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.8143.3181 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe
C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\development\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\System32\msdtc.exe
C:\PROGRA~2\NITROP~1\READER~1\NITROP~2.EXE
C:\Windows\SysWOW64\msinfo32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\robert.wagner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://adc-twvpn-2.oraclevpn.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://ouvpn.us.oracle.com/prx/000/http/localhost/arr_x.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oracleuniversity.webex.com/client/WBXclient-T27L10NSP32EP5-14362/training/ieatgpc1.cab
TCP: NameServer = 192.168.88.1
TCP: Interfaces\{013FB573-D233-4B68-B4B1-60DC973EAD98} : DHCPNameServer = 192.168.88.1
TCP: Interfaces\{7197A0F0-3E16-469D-A5A5-4AC02ED76FCF} : NameServer = 130.35.249.41,138.2.202.15,144.20.190.70
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
LSA: Authentication Packages = msv1_0 wvauth
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
Hosts: 10.196.129.20 vcpdb vcpdb.cloud.osc.oracle.com vcpdb.mvd.com #00:16:3E:16:05:5B
Hosts: 10.196.129.21 vcpapps vcpapps.cloud.osc.oracle.com vcpapps.mvd.com #00:16:3E:31:1F:58
Hosts: 10.196.129.22 vcpobiee vcpobiee.cloud.osc.oracle.com vcpobiee.mvd.com #00:16:3E:71:9D:A8
Hosts: 10.196.129.23 vcpwin08 vcpwin08.cloud.osc.oracle.com vcpwin08.mvd.com #00:16:3E:7C:A4:8F
Hosts: 10.196.129.24 vcpwin03a vcpwin03a.cloud.osc.oracle.com vcpwin03a.mvd.com #00:16:3E:01:DD:4C
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert.wagner\AppData\Roaming\Mozilla\Firefox\Profiles\g5n82lbr.default\
FF - prefs.js: network.proxy.http - 140.83.186.195
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Users\robert.wagner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;C:\Windows\System32\drivers\vmci.sys [2011-8-8 116336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-15 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-15 370288]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-6-4 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-6-4 130904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe [2011-11-30 89600]
R2 alssvc64;Ambient Light Sensor;C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe [2008-6-3 569112]
R2 Array_Utility_Service8.4.0.264;Array Utility Service 8,4,0,264;C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [2012-5-29 398768]
R2 ArraySSL_VPN_Service8.4.0.264;Array SSL VPN Service 8,4,0,264;C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [2012-5-29 239024]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-4-19 184656]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-15 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-15 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-15 44808]
R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-8-6 372512]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-24 1039776]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-24 31136]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-7 13336]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-9 230408]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]
R2 OracleServiceXE;OracleServiceXE;c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;C:\development\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-2-1 204800]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-5 168384]
R2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-6-19 645088]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-11-30 292864]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;C:\Windows\System32\drivers\ccidflt.sys [2009-11-3 13864]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-11-30 38440]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2011-11-30 305152]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2011-11-30 144896]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2012-5-22 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2012-5-22 166232]
R4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-9 69640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATP;Array Networks SSL VPN Driver;C:\Windows\System32\drivers\atpdrvr.sys [2012-5-29 19968]
S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Tomcat6;Apache Tomcat 6.0 Tomcat6;C:\development\tomcat6\bin\Tomcat6.exe [2011-11-28 96256]
S3 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
S4 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-11-30 56344]
S4 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\development\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\development\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]
S4 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-11-30 57344]
S4 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-11-30 80384]
S4 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-11-30 55296]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-23 21:50:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-12-23 21:50:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-23 21:50:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-12-23 21:50:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-05 10:45:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-05 10:45:28 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-12-05 10:45:28 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-12-05 10:45:28 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-12-05 10:45:27 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-05 10:45:27 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-30 23:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2012-10-30 23:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2012-10-30 23:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-30 23:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-10-30 23:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe
.
============= FINISH: 9:22:55.05 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-23 09:24:33
-----------------------------
09:24:33.422 OS Version: Windows x64 6.0.6002 Service Pack 2
09:24:33.422 Number of processors: 2 586 0x170A
09:24:33.422 ComputerName: PLUMTREE UserName:
09:24:35.000 Initialize success
09:24:35.151 AVAST engine defs: 13012300
09:25:07.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:25:07.150 Disk 0 Vendor: TOSHIBA_ MD00 Size: 238475MB BusType: 8
09:25:07.176 Disk 0 MBR read successfully
09:25:07.183 Disk 0 MBR scan
09:25:07.191 Disk 0 Windows VISTA default MBR code
09:25:07.198 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:25:07.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 81920
09:25:07.244 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236386 MB offset 4276224
09:25:08.137 Disk 0 scanning C:\Windows\system32\drivers
09:25:15.768 Service scanning
09:25:38.712 Modules scanning
09:25:38.720 Disk 0 trace - called modules:
09:25:38.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:25:39.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078cc790]
09:25:39.096 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ab050]
09:25:41.114 AVAST engine scan C:\Windows
09:25:43.883 AVAST engine scan C:\Windows\system32
09:28:59.207 AVAST engine scan C:\Windows\system32\drivers
09:29:10.285 AVAST engine scan C:\Users\robert.wagner
09:34:42.146 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
09:34:42.153 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-23 09:24:33
-----------------------------
09:24:33.422 OS Version: Windows x64 6.0.6002 Service Pack 2
09:24:33.422 Number of processors: 2 586 0x170A
09:24:33.422 ComputerName: PLUMTREE UserName:
09:24:35.000 Initialize success
09:24:35.151 AVAST engine defs: 13012300
09:25:07.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:25:07.150 Disk 0 Vendor: TOSHIBA_ MD00 Size: 238475MB BusType: 8
09:25:07.176 Disk 0 MBR read successfully
09:25:07.183 Disk 0 MBR scan
09:25:07.191 Disk 0 Windows VISTA default MBR code
09:25:07.198 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:25:07.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 81920
09:25:07.244 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236386 MB offset 4276224
09:25:08.137 Disk 0 scanning C:\Windows\system32\drivers
09:25:15.768 Service scanning
09:25:38.712 Modules scanning
09:25:38.720 Disk 0 trace - called modules:
09:25:38.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:25:39.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078cc790]
09:25:39.096 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ab050]
09:25:41.114 AVAST engine scan C:\Windows
09:25:43.883 AVAST engine scan C:\Windows\system32
09:28:59.207 AVAST engine scan C:\Windows\system32\drivers
09:29:10.285 AVAST engine scan C:\Users\robert.wagner
09:34:42.146 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
09:34:42.153 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
09:35:43.654 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
09:35:43.660 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
Please advise. Just found Alexa on many high ports. Spybot doesn't detect it: is Alexa now whitelisted?
Cannot find any running process, service, BHO or startup that seems to be associated with Alexa. Using netstat to discover the PID, and then TASKKILL /F to kill the PID, I get 'access denied' from Vista even though I'm running the command session in admin mode. What starts Alexa and how can I stop and get rid of it? Why is some thing hogging high ports and communicating without my consent, not classified as a threat?
Per the instructions I include the DDS and aswMBR logs. Below please find the output of netstat -a | grep alexa.
Thanks!
Robert
netstat -a | grep alexa
TCP 127.0.0.1:12080 alexa:63716 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63719 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63720 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63722 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63724 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63725 ESTABLISHED
TCP 127.0.0.1:12080 alexa:63737 ESTABLISHED
TCP 127.0.0.1:27275 alexa:63764 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63765 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63766 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63767 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63768 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63769 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63770 TIME_WAIT
TCP 127.0.0.1:27275 alexa:63771 FIN_WAIT_2
TCP 127.0.0.1:49155 alexa:3979 ESTABLISHED
TCP 127.0.0.1:57765 alexa:57766 ESTABLISHED
TCP 127.0.0.1:57766 alexa:57765 ESTABLISHED
TCP 127.0.0.1:57772 alexa:57773 ESTABLISHED
TCP 127.0.0.1:57773 alexa:57772 ESTABLISHED
TCP 127.0.0.1:60627 alexa:60630 ESTABLISHED
TCP 127.0.0.1:60630 alexa:60627 ESTABLISHED
TCP 127.0.0.1:63710 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63712 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63713 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63715 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63716 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63718 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63719 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63720 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63722 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63724 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63725 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63731 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63732 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63734 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63735 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63736 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63737 alexa:12080 ESTABLISHED
TCP 127.0.0.1:63739 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63740 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63741 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63742 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63744 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63746 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63749 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63751 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63754 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63759 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63762 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63771 alexa:27275 CLOSE_WAIT
TCP 127.0.0.1:63773 alexa:21322 TIME_WAIT
TCP 127.0.0.1:63778 alexa:21322 TIME_WAIT
=======================================================
DDS.TXT:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by robert.wagner at 9:22:30 on 2013-01-23
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.8143.3181 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe
C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
C:\development\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\System32\msdtc.exe
C:\PROGRA~2\NITROP~1\READER~1\NITROP~2.EXE
C:\Windows\SysWOW64\msinfo32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\robert.wagner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\calc.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://adc-twvpn-2.oraclevpn.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://ouvpn.us.oracle.com/prx/000/http/localhost/arr_x.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oracleuniversity.webex.com/client/WBXclient-T27L10NSP32EP5-14362/training/ieatgpc1.cab
TCP: NameServer = 192.168.88.1
TCP: Interfaces\{013FB573-D233-4B68-B4B1-60DC973EAD98} : DHCPNameServer = 192.168.88.1
TCP: Interfaces\{7197A0F0-3E16-469D-A5A5-4AC02ED76FCF} : NameServer = 130.35.249.41,138.2.202.15,144.20.190.70
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
LSA: Authentication Packages = msv1_0 wvauth
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
Hosts: 10.196.129.20 vcpdb vcpdb.cloud.osc.oracle.com vcpdb.mvd.com #00:16:3E:16:05:5B
Hosts: 10.196.129.21 vcpapps vcpapps.cloud.osc.oracle.com vcpapps.mvd.com #00:16:3E:31:1F:58
Hosts: 10.196.129.22 vcpobiee vcpobiee.cloud.osc.oracle.com vcpobiee.mvd.com #00:16:3E:71:9D:A8
Hosts: 10.196.129.23 vcpwin08 vcpwin08.cloud.osc.oracle.com vcpwin08.mvd.com #00:16:3E:7C:A4:8F
Hosts: 10.196.129.24 vcpwin03a vcpwin03a.cloud.osc.oracle.com vcpwin03a.mvd.com #00:16:3E:01:DD:4C
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\robert.wagner\AppData\Roaming\Mozilla\Firefox\Profiles\g5n82lbr.default\
FF - prefs.js: network.proxy.http - 140.83.186.195
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Users\robert.wagner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;C:\Windows\System32\drivers\vmci.sys [2011-8-8 116336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-15 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-15 370288]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-6-4 224088]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-6-4 130904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe [2011-11-30 89600]
R2 alssvc64;Ambient Light Sensor;C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe [2008-6-3 569112]
R2 Array_Utility_Service8.4.0.264;Array Utility Service 8,4,0,264;C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [2012-5-29 398768]
R2 ArraySSL_VPN_Service8.4.0.264;Array SSL VPN Service 8,4,0,264;C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [2012-5-29 239024]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-4-19 184656]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-15 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-15 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-15 44808]
R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-8-6 372512]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-24 1039776]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-24 31136]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-7 13336]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-9 230408]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]
R2 OracleServiceXE;OracleServiceXE;c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;C:\development\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-2-1 204800]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-5 168384]
R2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-6-19 645088]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-11-30 292864]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;C:\Windows\System32\drivers\ccidflt.sys [2009-11-3 13864]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-11-30 38440]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2011-11-30 305152]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2011-11-30 144896]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2012-5-22 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2012-5-22 166232]
R4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-9 69640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATP;Array Networks SSL VPN Driver;C:\Windows\System32\drivers\atpdrvr.sys [2012-5-29 19968]
S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Tomcat6;Apache Tomcat 6.0 Tomcat6;C:\development\tomcat6\bin\Tomcat6.exe [2011-11-28 96256]
S3 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
S4 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-11-30 56344]
S4 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\development\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\development\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]
S4 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-11-30 57344]
S4 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-11-30 80384]
S4 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-11-30 55296]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-23 21:50:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-12-23 21:50:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-23 21:50:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-12-23 21:50:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-05 10:45:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-05 10:45:28 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-12-05 10:45:28 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-12-05 10:45:28 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-12-05 10:45:27 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-05 10:45:27 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-30 23:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-10-30 23:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2012-10-30 23:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2012-10-30 23:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
2012-10-30 23:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-10-30 23:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe
.
============= FINISH: 9:22:55.05 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-23 09:24:33
-----------------------------
09:24:33.422 OS Version: Windows x64 6.0.6002 Service Pack 2
09:24:33.422 Number of processors: 2 586 0x170A
09:24:33.422 ComputerName: PLUMTREE UserName:
09:24:35.000 Initialize success
09:24:35.151 AVAST engine defs: 13012300
09:25:07.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:25:07.150 Disk 0 Vendor: TOSHIBA_ MD00 Size: 238475MB BusType: 8
09:25:07.176 Disk 0 MBR read successfully
09:25:07.183 Disk 0 MBR scan
09:25:07.191 Disk 0 Windows VISTA default MBR code
09:25:07.198 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:25:07.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 81920
09:25:07.244 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236386 MB offset 4276224
09:25:08.137 Disk 0 scanning C:\Windows\system32\drivers
09:25:15.768 Service scanning
09:25:38.712 Modules scanning
09:25:38.720 Disk 0 trace - called modules:
09:25:38.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:25:39.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078cc790]
09:25:39.096 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ab050]
09:25:41.114 AVAST engine scan C:\Windows
09:25:43.883 AVAST engine scan C:\Windows\system32
09:28:59.207 AVAST engine scan C:\Windows\system32\drivers
09:29:10.285 AVAST engine scan C:\Users\robert.wagner
09:34:42.146 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
09:34:42.153 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-23 09:24:33
-----------------------------
09:24:33.422 OS Version: Windows x64 6.0.6002 Service Pack 2
09:24:33.422 Number of processors: 2 586 0x170A
09:24:33.422 ComputerName: PLUMTREE UserName:
09:24:35.000 Initialize success
09:24:35.151 AVAST engine defs: 13012300
09:25:07.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:25:07.150 Disk 0 Vendor: TOSHIBA_ MD00 Size: 238475MB BusType: 8
09:25:07.176 Disk 0 MBR read successfully
09:25:07.183 Disk 0 MBR scan
09:25:07.191 Disk 0 Windows VISTA default MBR code
09:25:07.198 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
09:25:07.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 81920
09:25:07.244 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236386 MB offset 4276224
09:25:08.137 Disk 0 scanning C:\Windows\system32\drivers
09:25:15.768 Service scanning
09:25:38.712 Modules scanning
09:25:38.720 Disk 0 trace - called modules:
09:25:38.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:25:39.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078cc790]
09:25:39.096 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ab050]
09:25:41.114 AVAST engine scan C:\Windows
09:25:43.883 AVAST engine scan C:\Windows\system32
09:28:59.207 AVAST engine scan C:\Windows\system32\drivers
09:29:10.285 AVAST engine scan C:\Users\robert.wagner
09:34:42.146 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
09:34:42.153 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
09:35:43.654 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
09:35:43.660 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"