-
Malware Trouble
Hey! there :D
Here's my logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Shiva at 9:25:41 on 2013-02-25
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.1877 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiva\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = 127.0.0.1:9421;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
uWinlogon: Shell = c:\users\shiva\appdata\roaming\hotfix.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - c:\program files\searchqu toolbar\datamngr\BrowserConnection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [cdloader] "c:\users\shiva\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\users\shiva\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://webaccess.gct.com//SNX/CSHELL/extender.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E2986BF6-26F8-4036-9996-76A18D2746B3} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shiva\appdata\roaming\mozilla\firefox\profiles\i4t4q3ev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN78249553025775836&q=
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\users\shiva\appdata\roaming\mozilla\firefox\profiles\i4t4q3ev.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\shiva\appdata\roaming\mozilla\firefox\profiles\i4t4q3ev.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\shiva\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\shiva\appdata\roaming\mozilla\firefox\profiles\i4t4q3ev.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: c:\users\shiva\appdata\roaming\mozilla\firefox\profiles\i4t4q3ev.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\users\shiva\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\shiva\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-03-13 05:03; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-09-03 10:57; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-09-24 13:58; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\searchqu toolbar\datamngr\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - d69c72020000000000005472c2640a0e
FF - user.js: extensions.BabylonToolbar_i.hardId - d69c72020000000000005472c2640a0e
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15374
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:27:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQnnwVjzU&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d69c72020000000000005472c2640a0e
FF - user.js: extensions.incredibar_i.hardId - d69c72020000000000005472c2640a0e
FF - user.js: extensions.incredibar_i.instlDay - 15374
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2716:32:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQnnwVjzU
FF - user.js: extensions.incredibar_i.upn2n - 92542316584910102
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10604
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-10-8 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-14 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-9-14 360392]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-14 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-9-14 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-14 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-20 26080]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-18 111616]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2008-6-5 120976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-2-18 213640]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-18 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-18 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-18 73728]
S4 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2008-6-5 344161]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-18 359952]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-18 606736]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2013-02-22 14:42:19 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4747e2eb-429b-4d01-9744-1da3d0b06627}\mpengine.dll
2013-02-21 15:34:09 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-14 13:50:25 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 13:50:22 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-14 13:45:43 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 13:45:40 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 13:45:39 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-09 15:29:47 -------- d-----w- c:\users\shiva\appdata\roaming\VideoReDo-TVSuite4
2013-02-09 15:29:47 -------- d-----w- c:\program files\VideoReDoTVSuite4
2013-02-06 17:04:59 -------- d-----w- c:\program files\DVDFab Virtual Drive
2013-02-06 03:18:04 -------- d-----w- c:\program files\common files\PX Storage Engine
2013-02-06 03:17:29 -------- d-----w- c:\program files\common files\DivX Shared
.
==================== Find3M ====================
.
2013-02-21 15:33:34 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-21 15:33:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-08 16:14:50 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 16:14:50 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 9:26:29.82 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 09:29:24
-----------------------------
09:29:24.519 OS Version: Windows 6.0.6002 Service Pack 2
09:29:24.519 Number of processors: 2 586 0x170A
09:29:24.521 ComputerName: SHIVA-PC UserName: Shiva
09:29:46.230 Initialize success
09:29:46.386 AVAST engine defs: 13022500
09:29:57.584 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:29:57.584 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
09:29:57.615 Disk 0 MBR read successfully
09:29:57.615 Disk 0 MBR scan
09:29:57.615 Disk 0 Windows VISTA default MBR code
09:29:57.615 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:29:57.630 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
09:29:57.646 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 287644 MB offset 30801920
09:29:57.662 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 619898880
09:29:57.708 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 619900928
09:29:57.708 Disk 0 scanning sectors +625139712
09:29:57.786 Disk 0 scanning C:\Windows\system32\drivers
09:30:09.206 Service scanning
09:30:40.721 Modules scanning
09:30:50.998 Disk 0 trace - called modules:
09:30:51.028 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:30:51.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874a2748]
09:30:51.044 3 CLASSPNP.SYS[8c9a78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x864a3030]
09:30:52.663 AVAST engine scan C:\Windows
09:30:56.740 AVAST engine scan C:\Windows\system32
09:33:39.871 AVAST engine scan C:\Windows\system32\drivers
09:34:04.965 AVAST engine scan C:\Users\Shiva
09:52:16.718 AVAST engine scan C:\ProgramData
09:57:31.542 Scan finished successfully
09:58:30.245 Disk 0 MBR has been saved successfully to "C:\Users\Shiva\Desktop\MBR.dat"
09:58:30.245 The log file has been saved successfully to "C:\Users\Shiva\Desktop\aswMBR.txt"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
