Hi
Avast keeps popping up saying its blocked a harmful file, some it moves to the chest, some it just blocks. I have screenshotted the avast chest should you need it, one of the issues seems to be a type of windows update file in WIN32??? I run XP SP3 still.
I have run DDS.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dianne Fox at 21:40:58 on 2015-05-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.622 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.10.11023.1534\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dianne~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375641003437
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30DA2D19-782B-44F3-8089-367301CE92E5} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\42.0.2311.135\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dianne fox\application data\mozilla\firefox\profiles\qo3ndag9.default-1398015338453\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-30 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-30 209048]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-5-8 218008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-12-30 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-12-30 427992]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-13 42272]
R1 RapportCerberus_1412097;RapportCerberus_1412097;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412097.sys [2015-5-12 528600]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2015-5-8 279800]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2015-5-8 348632]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-11 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-30 74976]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-30 343336]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2015-5-8 2214168]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.0\ToolbarUpdater.exe [2014-4-29 1801240]
R4 RapportCerberus_1412095;RapportCerberus_1412095;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412095.sys [2015-5-10 528856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2015-05-12 18:56:20 57888 ----a-w- c:\windows\system32\drivers\asw2B9.tmp
2015-05-12 18:56:16 208024 ----a-w- c:\windows\system32\drivers\asw2B8.tmp
2015-05-12 18:56:12 427736 ----a-w- c:\windows\system32\drivers\asw2B7.tmp
2015-05-12 18:56:11 49904 ----a-w- c:\windows\system32\drivers\asw2B6.tmp
2015-05-12 18:56:08 73440 ----a-w- c:\windows\system32\drivers\asw2B5.tmp
2015-05-12 18:56:06 24144 ----a-w- c:\windows\system32\drivers\asw2B4.tmp
2015-05-12 18:54:10 55200 ----a-w- c:\windows\system32\drivers\asw2B3.tmp
2015-05-12 18:53:26 788272 ----a-w- c:\windows\system32\drivers\asw2B2.tmp
2015-05-12 18:45:24 43112 ----a-w- c:\windows\avastSS.scr
2015-05-08 16:25:16 218008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-02 16:18:32 -------- d-----w- c:\documents and settings\dianne fox\local settings\application data\CDex
2015-05-02 16:17:42 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
2015-05-02 16:17:14 -------- d-----w- c:\program files\CDex
2015-05-02 16:00:27 -------- d-----w- c:\documents and settings\dianne fox\application data\NCH Software
2015-05-02 15:40:46 -------- d-----w- c:\program files\NCH Software
.
==================== Find3M ====================
.
2015-05-12 18:46:26 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-12 18:46:23 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-12 18:46:22 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-12 18:46:22 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-12 18:42:14 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-10 12:37:21 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-27 20:20:29 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-27 20:20:28 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 16:04:46 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-06-29 09:46:27 6010880 ----a-w- c:\program files\GUT5.tmp
2013-10-12 11:16:22 50053120 ----a-w- c:\program files\GUT3.tmp
.
============= FINISH: 21:45:11.53 ===============
Avast keeps popping up saying its blocked a harmful file, some it moves to the chest, some it just blocks. I have screenshotted the avast chest should you need it, one of the issues seems to be a type of windows update file in WIN32??? I run XP SP3 still.
I have run DDS.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dianne Fox at 21:40:58 on 2015-05-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1535.622 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.10.11023.1534\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dianne~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1375641003437
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{30DA2D19-782B-44F3-8089-367301CE92E5} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\42.0.2311.135\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dianne fox\application data\mozilla\firefox\profiles\qo3ndag9.default-1398015338453\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_169.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-30 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-30 209048]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2015-5-8 218008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-12-30 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-12-30 427992]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-8-13 42272]
R1 RapportCerberus_1412097;RapportCerberus_1412097;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412097.sys [2015-5-12 528600]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2015-5-8 279800]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2015-5-8 348632]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-11 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-30 74976]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-30 343336]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2015-5-8 2214168]
R2 vToolbarUpdater18.1.0;vToolbarUpdater18.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.0\ToolbarUpdater.exe [2014-4-29 1801240]
R4 RapportCerberus_1412095;RapportCerberus_1412095;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_1412095.sys [2015-5-10 528856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2015-05-12 18:56:20 57888 ----a-w- c:\windows\system32\drivers\asw2B9.tmp
2015-05-12 18:56:16 208024 ----a-w- c:\windows\system32\drivers\asw2B8.tmp
2015-05-12 18:56:12 427736 ----a-w- c:\windows\system32\drivers\asw2B7.tmp
2015-05-12 18:56:11 49904 ----a-w- c:\windows\system32\drivers\asw2B6.tmp
2015-05-12 18:56:08 73440 ----a-w- c:\windows\system32\drivers\asw2B5.tmp
2015-05-12 18:56:06 24144 ----a-w- c:\windows\system32\drivers\asw2B4.tmp
2015-05-12 18:54:10 55200 ----a-w- c:\windows\system32\drivers\asw2B3.tmp
2015-05-12 18:53:26 788272 ----a-w- c:\windows\system32\drivers\asw2B2.tmp
2015-05-12 18:45:24 43112 ----a-w- c:\windows\avastSS.scr
2015-05-08 16:25:16 218008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2015-05-02 16:18:32 -------- d-----w- c:\documents and settings\dianne fox\local settings\application data\CDex
2015-05-02 16:17:42 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
2015-05-02 16:17:14 -------- d-----w- c:\program files\CDex
2015-05-02 16:00:27 -------- d-----w- c:\documents and settings\dianne fox\application data\NCH Software
2015-05-02 15:40:46 -------- d-----w- c:\program files\NCH Software
.
==================== Find3M ====================
.
2015-05-12 18:46:26 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-12 18:46:23 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-12 18:46:22 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-12 18:46:22 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-12 18:42:14 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-10 12:37:21 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-27 20:20:29 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-27 20:20:28 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 16:04:46 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-06-29 09:46:27 6010880 ----a-w- c:\program files\GUT5.tmp
2013-10-12 11:16:22 50053120 ----a-w- c:\program files\GUT3.tmp
.
============= FINISH: 21:45:11.53 ===============