Results 1 to 2 of 2

Thread: Nephews Computer Explorer seems to be hijacked... Please help

  1. #1
    Junior Member
    Join Date
    Aug 2013
    Posts
    1

    Default Nephews Computer Explorer seems to be hijacked... Please help

    My 12 year old nephew seems to have been hijacked... Lots of games on the computer and I'm not quite sure what other problems this has. I am posting the DDS log file and the aswMBR Files below... Thanks

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
    Run by Isabel at 10:09:40 on 2013-08-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8040.6391 [GMT -4:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Free Online Converter\FreeOnlineConverterUpdt.exe
    C:\Windows\jmesoft\Service.exe
    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
    C:\Windows\System32\igfxtray.exe
    C:\Users\Isabel\AppData\Local\Pokki\Engine\pokki.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\windows\system32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\windows\system32\rundll32.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\UMonit.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\regsvr32.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\SysWOW64\regsvr32.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Windows\jmesoft\hotkey.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Users\Isabel\AppData\Local\Pokki\Engine\pokki.exe
    C:\Users\Isabel\AppData\Local\Pokki\Engine\pokki.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    uSearch Page = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=33868650-dd22-4968-8b53-a1dc99941442&searchtype=ds&q={searchTerms}&installDate=16/05/2013
    mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={AE600A37-BE76-11E2-8F27-C89CDC53D61D}
    uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=33868650-dd22-4968-8b53-a1dc99941442&searchtype=ds&q={searchTerms}&installDate=16/05/2013
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
    BHO: Free Online Converter 1.0: {A229BC5B-E7A2-447B-B015-1E7CA944978D} - C:\Program Files (x86)\FreeFrog\FreeFrog2.0.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
    uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18F0865005NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [usyndication.com] Regsvr32.exe C:\Users\Isabel\AppData\Local\usyndication.com\txczwzxy.dll
    uRun: [Pokki] C:\windows\System32\rundll32.exe "C:\Users\Isabel\AppData\Local\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband
    uRunOnce: [Application Restart #3] C:\Users\Isabel\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Isabel\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
    mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Isabel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{54C67330-E4D5-4B5E-B5EE-2B80FFF5119C} : DHCPNameServer = 192.168.1.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [UMonit] C:\windows\SysWOW64\UMonit.exe
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NAVx64\1207010.003\symds64.sys [2012-4-4 450680]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NAVx64\1207010.003\symefa64.sys [2012-4-4 912504]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-7-2 45856]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20130813.001\IDSviA64.sys [2013-8-13 513184]
    R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NAVx64\1207010.003\ironx64.sys [2012-4-4 171128]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NAVx64\1207010.003\symnets.sys [2012-4-4 386168]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    R2 FreeOnlineConverterUpdt;FreeOnlineConverterUpdt;C:\Program Files (x86)\Free Online Converter\FreeOnlineConverterUpdt.exe [2012-8-21 686592]
    R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-7-26 32768]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-6-26 120592]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-4 130008]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-26 2655768]
    R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-10 138912]
    R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-7-26 57856]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-13 1255736]
    S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-08-14 15:49:36 -------- d-----w- C:\Users\Isabel\AppData\Roaming\Malwarebytes
    2013-08-14 15:49:27 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-08-14 15:49:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2013-08-14 15:49:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-08-14 15:49:17 -------- d-----w- C:\Users\Isabel\AppData\Local\Programs
    2013-08-14 15:46:59 -------- d-----w- C:\Program Files (x86)\Common Files\337
    2013-08-14 15:43:06 -------- d-----w- C:\windows\pss
    2013-08-14 15:36:46 -------- d-----w- C:\Users\Isabel\AppData\Roaming\SUPERAntiSpyware.com
    2013-08-14 15:36:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-08-13 13:58:35 -------- d-----w- C:\Program Files (x86)\Betcat
    2013-08-10 12:39:10 -------- d-----w- C:\Users\Isabel\AppData\Roaming\Betcat
    2013-07-29 11:41:51 -------- d-----w- C:\windows\SysWow64\cache
    .
    ==================== Find3M ====================
    .
    2013-08-16 01:06:31 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2013-08-14 22:36:01 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-14 22:36:01 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-07-01 19:03:42 420944 ----a-w- C:\windows\SysWow64\msvcp100.dll
    2013-06-22 15:00:33 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-22 15:00:32 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
    2013-06-22 15:00:32 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
    2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    .
    ============= FINISH: 10:10:51.60 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-16 10:17:21
    -----------------------------
    10:17:21.376 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:17:21.376 Number of processors: 4 586 0x2A07
    10:17:21.376 ComputerName: ISABEL-PC UserName: Isabel
    10:17:23.732 Initialize success
    10:18:02.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:18:02.440 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
    10:18:02.534 Disk 0 MBR read successfully
    10:18:02.534 Disk 0 MBR scan
    10:18:02.534 Disk 0 Windows 7 default MBR code
    10:18:02.550 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 48 MB offset 2048
    10:18:02.550 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464050 MB offset 100352
    10:18:02.581 Disk 0 Partition 3 00 12 Compaq diag NTFS 12841 MB offset 950474752
    10:18:02.628 Disk 0 scanning C:\windows\system32\drivers
    10:18:07.074 Service scanning
    10:18:18.303 Modules scanning
    10:18:18.310 Disk 0 trace - called modules:
    10:18:18.333 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    10:18:18.335 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007db9790]
    10:18:18.338 3 CLASSPNP.SYS[fffff8800108743f] -> nt!IofCallDriver -> [0xfffffa80076de520]
    10:18:18.343 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80076da680]
    10:18:18.345 Scan finished successfully
    10:21:05.556 Disk 0 MBR has been saved successfully to "C:\Users\Isabel\Desktop\MBR.dat"
    10:21:05.556 The log file has been saved successfully to "C:\Users\Isabel\Desktop\aswMBR.txt"

    Thanks
    Last edited by tashi; 2013-08-30 at 16:41. Reason: Date of archive

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    pca75,

    Sorry for the delay, if you still need help simply reply back.
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •