Virus Hater
2013-07-12, 05:45
I recently was trying to remove an exploit in my website and somehow the exploit pushed malicious javascript to my computer. Malware Anti'Bytes found 3 trojans for Delete.something and removed them. However since then my computer has been running really slowly. Here are my logs, I would really appreciate some help.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.25.2
Run by Azarithe at 21:13:46 on 2013-07-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8086.4699 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Azarithe\Desktop\Downloads\erunt-setup.exe
C:\Users\Azarithe\AppData\Local\Temp\is-NTO1P.tmp\is-OFV3H.tmp
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [MusicManager] "C:\Users\Azarithe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Azarithe\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Spotify] "C:\Users\Azarithe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Azarithe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Azarithe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Azarithe\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{1FE6D5DF-D2F4-4869-943B-8B6F869C4FC2} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\351757164602341627 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\36F6C6C61676564616C656C61657E6462797 : DHCPNameServer = 66.18.32.2 66.18.32.3
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\452757D4F66756D656E647 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\540524 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\B6D6E6564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{61FF4AC0-6CF6-49DB-AEB8-AD1734AD3F6B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EBF05125-4512-4D04-983D-2D5486241DDA} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-14 56208]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-10-5 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-3 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-3 168384]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-5 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-5 250984]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-3 1103392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-6 3463080]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-30 103064]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [2012-12-13 16896]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-30 203672]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2012-11-22 1917576]
S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2013-3-31 31248]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2013-3-31 31296]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VIA_USB_ETS;VIA Telecom USB ETS Driver;C:\Windows\System32\drivers\VIA_USB_ETS.sys [2013-1-22 21760]
S3 ViaUsbModemDriver;VIA Telecom USB MODEM Driver;C:\Windows\System32\drivers\VIA_USB_MODEM.sys [2013-1-22 28160]
.
=============== Created Last 30 ================
.
2013-07-11 08:33:00 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA5D780A-73C7-46B2-B083-3A943FD8B44B}\mpengine.dll
2013-07-11 06:12:31 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 06:12:28 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:12:26 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:33:08 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-08 05:25:11 -------- d-----w- C:\Users\Azarithe\AppData\Local\acid
2013-07-08 05:23:04 -------- d-----w- C:\Program Files (x86)\vBProductMaker
2013-07-06 05:59:53 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\DVDFab9
2013-07-06 05:59:34 -------- d-----w- C:\Program Files (x86)\DVDFab 9
2013-07-03 06:08:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 21:04:47 -------- d-----w- C:\Program Files\WinHTTrack
2013-06-28 05:01:37 -------- d-----w- C:\ProgramData\RedGiant
2013-06-26 06:45:56 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\BitTorrent Sync
2013-06-24 03:31:49 -------- d-----w- C:\Users\Azarithe\AppData\Local\Spotify
2013-06-24 03:31:16 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\Spotify
2013-06-24 03:22:13 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\Foxit Software
2013-06-24 03:22:13 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-06-21 22:45:09 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{295B239A-BC9C-49E9-8DDF-25E521A874F8}\gapaengine.dll
2013-06-14 21:18:57 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-12 05:54:36 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 05:53:04 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 05:53:04 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 05:53:00 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 05:53:00 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 05:52:38 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 05:52:38 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 05:52:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 05:52:37 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 05:52:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 05:52:37 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 05:52:37 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 05:52:37 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-12 05:52:36 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 05:52:36 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
.
==================== Find3M ====================
.
2013-07-03 06:08:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-03 06:08:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 06:06:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 06:06:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 21:15:06.03 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-11 21:15:57
-----------------------------
21:15:57.434 OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:57.434 Number of processors: 8 586 0x2A07
21:15:57.435 ComputerName: AZARITHE-PC UserName: Azarithe
21:16:40.028 Initialize success
21:18:46.746 AVAST engine defs: 13071102
21:19:05.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:19:05.305 Disk 0 Vendor: WDC_WD7500BPVT-75HXZT1 01.01A01 Size: 715404MB BusType: 11
21:19:06.117 Disk 0 MBR read successfully
21:19:06.120 Disk 0 MBR scan
21:19:06.123 Disk 0 Windows 7 default MBR code
21:19:06.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:19:06.252 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
21:19:07.240 Disk 0 scanning C:\Windows\system32\drivers
21:19:36.594 Service scanning
21:20:00.808 Modules scanning
21:20:00.814 Disk 0 trace - called modules:
21:20:00.837 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:20:00.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d61790]
21:20:01.177 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b251f0]
21:20:07.792 AVAST engine scan C:\Windows
21:20:17.398 AVAST engine scan C:\Windows\system32
21:31:04.491 AVAST engine scan C:\Windows\system32\drivers
21:31:30.119 AVAST engine scan C:\Users\Azarithe
21:32:10.334 Disk 0 MBR has been saved successfully to "C:\Users\Azarithe\Documents\MBR.dat"
21:32:10.350 The log file has been saved successfully to "C:\Users\Azarithe\Documents\aswMBR.txt"
22:30:13.205 AVAST engine scan C:\ProgramData
22:34:07.458 Scan finished successfully
22:43:23.529 Disk 0 MBR has been saved successfully to "C:\Users\Azarithe\Desktop\MBR.dat"
22:43:23.589 The log file has been saved successfully to "C:\Users\Azarithe\Desktop\aswMBR.txt"
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.25.2
Run by Azarithe at 21:13:46 on 2013-07-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8086.4699 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Azarithe\Desktop\Downloads\erunt-setup.exe
C:\Users\Azarithe\AppData\Local\Temp\is-NTO1P.tmp\is-OFV3H.tmp
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [MusicManager] "C:\Users\Azarithe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Azarithe\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Spotify] "C:\Users\Azarithe\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Azarithe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Azarithe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Azarithe\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{1FE6D5DF-D2F4-4869-943B-8B6F869C4FC2} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\351757164602341627 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\36F6C6C61676564616C656C61657E6462797 : DHCPNameServer = 66.18.32.2 66.18.32.3
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\452757D4F66756D656E647 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\540524 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5F2F0609-76CF-40E4-8104-3E5555FD6476}\B6D6E6564777F627B6 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{61FF4AC0-6CF6-49DB-AEB8-AD1734AD3F6B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EBF05125-4512-4D04-983D-2D5486241DDA} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-14 56208]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-10-5 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-3 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-3 168384]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-10-5 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-5 250984]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-3 1103392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-6 3463080]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-30 103064]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [2012-12-13 16896]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-30 203672]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2012-11-22 1917576]
S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2013-3-31 31248]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2013-3-31 31296]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VIA_USB_ETS;VIA Telecom USB ETS Driver;C:\Windows\System32\drivers\VIA_USB_ETS.sys [2013-1-22 21760]
S3 ViaUsbModemDriver;VIA Telecom USB MODEM Driver;C:\Windows\System32\drivers\VIA_USB_MODEM.sys [2013-1-22 28160]
.
=============== Created Last 30 ================
.
2013-07-11 08:33:00 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA5D780A-73C7-46B2-B083-3A943FD8B44B}\mpengine.dll
2013-07-11 06:12:31 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 06:12:28 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:12:26 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:33:08 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-08 05:25:11 -------- d-----w- C:\Users\Azarithe\AppData\Local\acid
2013-07-08 05:23:04 -------- d-----w- C:\Program Files (x86)\vBProductMaker
2013-07-06 05:59:53 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\DVDFab9
2013-07-06 05:59:34 -------- d-----w- C:\Program Files (x86)\DVDFab 9
2013-07-03 06:08:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 21:04:47 -------- d-----w- C:\Program Files\WinHTTrack
2013-06-28 05:01:37 -------- d-----w- C:\ProgramData\RedGiant
2013-06-26 06:45:56 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\BitTorrent Sync
2013-06-24 03:31:49 -------- d-----w- C:\Users\Azarithe\AppData\Local\Spotify
2013-06-24 03:31:16 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\Spotify
2013-06-24 03:22:13 -------- d-----w- C:\Users\Azarithe\AppData\Roaming\Foxit Software
2013-06-24 03:22:13 -------- d-----w- C:\Program Files (x86)\Foxit Software
2013-06-21 22:45:09 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{295B239A-BC9C-49E9-8DDF-25E521A874F8}\gapaengine.dll
2013-06-14 21:18:57 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-12 05:54:36 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 05:53:04 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 05:53:04 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 05:53:00 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 05:53:00 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 05:52:38 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-06-12 05:52:38 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-06-12 05:52:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-06-12 05:52:37 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-06-12 05:52:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 05:52:37 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-06-12 05:52:37 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-06-12 05:52:37 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-06-12 05:52:36 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-06-12 05:52:36 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
.
==================== Find3M ====================
.
2013-07-03 06:08:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-03 06:08:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 06:06:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 06:06:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
.
============= FINISH: 21:15:06.03 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-11 21:15:57
-----------------------------
21:15:57.434 OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:57.434 Number of processors: 8 586 0x2A07
21:15:57.435 ComputerName: AZARITHE-PC UserName: Azarithe
21:16:40.028 Initialize success
21:18:46.746 AVAST engine defs: 13071102
21:19:05.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:19:05.305 Disk 0 Vendor: WDC_WD7500BPVT-75HXZT1 01.01A01 Size: 715404MB BusType: 11
21:19:06.117 Disk 0 MBR read successfully
21:19:06.120 Disk 0 MBR scan
21:19:06.123 Disk 0 Windows 7 default MBR code
21:19:06.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:19:06.252 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
21:19:07.240 Disk 0 scanning C:\Windows\system32\drivers
21:19:36.594 Service scanning
21:20:00.808 Modules scanning
21:20:00.814 Disk 0 trace - called modules:
21:20:00.837 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:20:00.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d61790]
21:20:01.177 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b251f0]
21:20:07.792 AVAST engine scan C:\Windows
21:20:17.398 AVAST engine scan C:\Windows\system32
21:31:04.491 AVAST engine scan C:\Windows\system32\drivers
21:31:30.119 AVAST engine scan C:\Users\Azarithe
21:32:10.334 Disk 0 MBR has been saved successfully to "C:\Users\Azarithe\Documents\MBR.dat"
21:32:10.350 The log file has been saved successfully to "C:\Users\Azarithe\Documents\aswMBR.txt"
22:30:13.205 AVAST engine scan C:\ProgramData
22:34:07.458 Scan finished successfully
22:43:23.529 Disk 0 MBR has been saved successfully to "C:\Users\Azarithe\Desktop\MBR.dat"
22:43:23.589 The log file has been saved successfully to "C:\Users\Azarithe\Desktop\aswMBR.txt"