canstopfishing
2013-06-10, 20:41
Hello All.
I am running Windows 7. Spybot will not remove this montera.toolbar malware. I tried to use the manual instructions to remove this, but do not see the items listed in regedit.
I ran ERUNT and here is the dds.txt report. I cannot figure out how to zip the attach.txt file but it is very short and I am attaching as is. Please help if you can.
Thanks.
TR10744
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Tim at 7:57:40 on 2013-06-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4417 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\lxcgcoms.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PhatNoise Music Manager\PNAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun: [PNAgent] "C:\Program Files (x86)\PhatNoise Music Manager\PNAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{74B7EBE9-2404-48FE-A3C0-7C4072C195D5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{74B7EBE9-2404-48FE-A3C0-7C4072C195D5}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [LXCGCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCGtime.dll,RunDLLEntry
x64-Run: [lxcgmon.exe] "C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-15 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-15 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-26 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-29 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-15 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-15 1488448]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-29 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-09 17:55:36 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D606C199-2534-4ADE-91F1-16A93A353CD6}\mpengine.dll
2013-06-08 15:00:20 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-21 13:06:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72AA89A5-825F-4B64-A896-DA1A8DAB9C90}\gapaengine.dll
2013-05-16 12:34:00 -------- d-----w- C:\Users\Tim\AppData\Local\APN
2013-05-16 12:23:33 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-15 14:40:04 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:40:04 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:40:04 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 14:40:02 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 14:40:01 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:40:01 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 14:39:55 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 14:39:54 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 14:39:54 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 14:39:54 111448 ----a-w- C:\Windows\System32\consent.exe
.
==================== Find3M ====================
.
2013-05-15 15:02:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:02:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-03 15:49:42 724992 ----a-w- C:\Windows\iun6002.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 22:21:34 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-04-12 22:21:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-23 08:02:43 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 7:57:57.81 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 12:50:34
-----------------------------
12:50:34.921 OS Version: Windows x64 6.1.7601 Service Pack 1
12:50:34.921 Number of processors: 4 586 0x2A07
12:50:34.921 ComputerName: TIM-PC UserName: Tim
12:50:37.214 Initialize success
12:52:37.986 AVAST engine defs: 13061001
12:54:19.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:54:19.729 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
12:54:19.838 Disk 0 MBR read successfully
12:54:19.838 Disk 0 MBR scan
12:54:19.901 Disk 0 Windows 7 default MBR code
12:54:19.901 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
12:54:19.916 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
12:54:19.948 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976
12:54:19.979 Disk 0 scanning C:\Windows\system32\drivers
12:54:29.588 Service scanning
12:54:48.808 Modules scanning
12:54:48.808 Disk 0 trace - called modules:
12:54:48.823 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:54:49.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e4d060]
12:54:49.338 3 CLASSPNP.SYS[fffff88001b2743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800629e050]
12:54:52.162 AVAST engine scan C:\Windows
12:54:56.576 AVAST engine scan C:\Windows\system32
12:57:39.597 AVAST engine scan C:\Windows\system32\drivers
12:57:52.779 AVAST engine scan C:\Users\Tim
12:59:22.978 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
12:59:23.009 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"
I am running Windows 7. Spybot will not remove this montera.toolbar malware. I tried to use the manual instructions to remove this, but do not see the items listed in regedit.
I ran ERUNT and here is the dds.txt report. I cannot figure out how to zip the attach.txt file but it is very short and I am attaching as is. Please help if you can.
Thanks.
TR10744
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Tim at 7:57:40 on 2013-06-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.4417 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\lxcgcoms.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PhatNoise Music Manager\PNAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
mRun: [PNAgent] "C:\Program Files (x86)\PhatNoise Music Manager\PNAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Tim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{74B7EBE9-2404-48FE-A3C0-7C4072C195D5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{74B7EBE9-2404-48FE-A3C0-7C4072C195D5}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [LXCGCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCGtime.dll,RunDLLEntry
x64-Run: [lxcgmon.exe] "C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-15 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-15 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-9-25 231752]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-26 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-29 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-15 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-15 1488448]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-29 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-09 17:55:36 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D606C199-2534-4ADE-91F1-16A93A353CD6}\mpengine.dll
2013-06-08 15:00:20 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-21 13:06:49 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72AA89A5-825F-4B64-A896-DA1A8DAB9C90}\gapaengine.dll
2013-05-16 12:34:00 -------- d-----w- C:\Users\Tim\AppData\Local\APN
2013-05-16 12:23:33 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-15 14:40:04 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 14:40:04 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 14:40:04 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 14:40:02 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-15 14:40:01 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 14:40:01 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 14:39:55 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 14:39:54 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 14:39:54 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 14:39:54 111448 ----a-w- C:\Windows\System32\consent.exe
.
==================== Find3M ====================
.
2013-05-15 15:02:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:02:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-03 15:49:42 724992 ----a-w- C:\Windows\iun6002.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 22:21:34 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-04-12 22:21:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-23 08:02:43 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 7:57:57.81 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 12:50:34
-----------------------------
12:50:34.921 OS Version: Windows x64 6.1.7601 Service Pack 1
12:50:34.921 Number of processors: 4 586 0x2A07
12:50:34.921 ComputerName: TIM-PC UserName: Tim
12:50:37.214 Initialize success
12:52:37.986 AVAST engine defs: 13061001
12:54:19.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:54:19.729 Disk 0 Vendor: WDC_WD10 77.0 Size: 953869MB BusType: 3
12:54:19.838 Disk 0 MBR read successfully
12:54:19.838 Disk 0 MBR scan
12:54:19.901 Disk 0 Windows 7 default MBR code
12:54:19.901 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
12:54:19.916 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
12:54:19.948 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976
12:54:19.979 Disk 0 scanning C:\Windows\system32\drivers
12:54:29.588 Service scanning
12:54:48.808 Modules scanning
12:54:48.808 Disk 0 trace - called modules:
12:54:48.823 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:54:49.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e4d060]
12:54:49.338 3 CLASSPNP.SYS[fffff88001b2743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800629e050]
12:54:52.162 AVAST engine scan C:\Windows
12:54:56.576 AVAST engine scan C:\Windows\system32
12:57:39.597 AVAST engine scan C:\Windows\system32\drivers
12:57:52.779 AVAST engine scan C:\Users\Tim
12:59:22.978 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
12:59:23.009 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"