Clicking anything tries to download unwanted things

[mmttw]

Hello,

I apparently downloaded something nasty by accident. I ran a scan and cleaned some stuff out, but I am still having a problem. Whenever I click on just about anything it loads another tab asking me to download other things. Also, all of my banner ads are asking me to download things. Most of the tabs open with urls that start with gzj.jsopen. Also of interest is that when I was trying to download the programs to get the logs you need here it did something else odd. When I clicked on the links for the programs it just started downloading a program from a url that used getsoftfree.com as the source. I did not install them, but they loaded automatically when I was clicking on the link for ERUNT. I am attaching what I believe it was you were looking for for logs. I will warn you that I am a huge technotard, and you may need to explain things like you were telling to a child for me to get this right the first time. I apologize if I did the logs wrong, but it took me all night to get this far.

Thank you for your help.
mmttw


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Mom's at 19:43:20 on 2013-08-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2032 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Mom's\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Users\Mom's\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mom's\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=A81CD0DF9A9B7B0B&affID=119557&tsp=4985
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LyricsContainer: {a47fdceb-4d34-49c8-bd51-24c1201d1473} - C:\Program Files (x86)\LyricsContainer\130.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Mom's\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://216.17.38.65:8051/DVROcxEx.cab
TCP: NameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377} : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\34963736F65343134343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\6596277696E6D4F62696C65602D49664962323030302344333 : DHCPNameServer = 192.168.1.68
TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\D4F4D435D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\D4F4D435D20534F5E4564777F627B6F513 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{44907CC4-7A2A-45F7-986B-97496E7B0377}\D6D6474777 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
TCP: Interfaces\{B5840D9F-6020-46EE-B7D3-DFB4DFA7910D} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mom's\AppData\Roaming\Mozilla\Firefox\Profiles\91kusb0y.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Mom's\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a81cacb8000000000000d0df9a9b7b0b
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15942
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:05:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119557&tsp=4985
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-10-7 135272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-10-18 867712]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-26 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-26 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-4 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-26 2320920]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-26 135560]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-8-26 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-8-26 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-26 287232]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-26 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-26 02:55:12 -------- d-----w- C:\Program Files (x86)\LyricsContainer
2013-08-25 03:12:04 -------- d-----w- C:\Users\Mom's\AppData\Local\avgchrome
2013-08-25 03:11:34 -------- d-----w- C:\Users\Mom's\AppData\Local\SwvUpdater
2013-08-25 03:05:06 -------- d-----w- C:\Program Files (x86)\BrowseFox
2013-08-18 02:04:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-18 02:04:50 -------- d-----w- C:\Program Files\iTunes
2013-08-18 02:04:50 -------- d-----w- C:\Program Files\iPod
2013-08-18 02:04:50 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-18 02:02:21 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-17 22:41:30 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F950FE1-9F36-4DC8-A97A-A44595C3CA7A}\offreg.dll
2013-08-17 02:54:27 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F950FE1-9F36-4DC8-A97A-A44595C3CA7A}\mpengine.dll
2013-08-16 02:47:10 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M ====================
.
2013-08-21 02:55:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 02:55:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 19:43:51.97 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-27 21:02:45
-----------------------------
21:02:45.894 OS Version: Windows x64 6.1.7601 Service Pack 1
21:02:45.894 Number of processors: 4 586 0x2505
21:02:45.895 ComputerName: MOMS-PC UserName: Mom's
21:02:47.113 Initialize success
21:03:49.509 AVAST engine defs: 13082701
21:04:26.507 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:04:26.512 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:04:26.639 Disk 0 MBR read successfully
21:04:26.644 Disk 0 MBR scan
21:04:26.652 Disk 0 Windows 7 default MBR code
21:04:26.657 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
21:04:26.681 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
21:04:26.697 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
21:04:26.729 Disk 0 scanning C:\Windows\system32\drivers
21:04:34.571 Service scanning
21:04:59.999 Modules scanning
21:05:00.017 Disk 0 trace - called modules:
21:05:00.036 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:05:00.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fcf060]
21:05:00.056 3 CLASSPNP.SYS[fffff88001b6343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f87050]
21:05:01.251 AVAST engine scan C:\Windows
21:05:03.541 AVAST engine scan C:\Windows\system32
21:07:53.267 AVAST engine scan C:\Windows\system32\drivers
21:08:04.755 AVAST engine scan C:\Users\Mom's
21:10:44.104 AVAST engine scan C:\ProgramData
21:11:25.897 Scan finished successfully
21:12:12.705 Disk 0 MBR has been saved successfully to "C:\Users\Mom's\Desktop\MBR.dat"
21:12:12.710 The log file has been saved successfully to "C:\Users\Mom's\Desktop\aswMBR.txt"