My computer could not connect to anti-virus website...

Solved
By srikanth25
Dec 28, 2012
  1. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Thanks for the upload.
    Here is the log.
    ------------
    Farbar Service Scanner Version: 23-12-2012
    Ran by kalapala (administrator) on 01-01-2013 at 00:39:51
    Running from "C:\Users\kalapala\Desktop"
    Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    ATTENTION!=====> local policy on IP:
    Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
    Vlue: "ActivePolicy"
    Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465}"

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  2. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465}]
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Post new FSS log.
  3. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465}\ deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kalapala
    ->Temp folder emptied: 62245 bytes
    ->Temporary Internet Files folder emptied: 8130082 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: srikanth
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1435 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 454193 bytes

    Total Files Cleaned = 8.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: kalapala
    ->Java cache emptied: 0 bytes

    User: Public

    User: srikanth

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: kalapala
    ->Flash cache emptied: 0 bytes

    User: Public

    User: srikanth

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01012013_010245
    Files\Folders moved on Reboot...
    C:\Users\kalapala\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\advert[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\chunk[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\chunk[2].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\chunk[3].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\chunk[4].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\comScore[1].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\page-2[1].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJS6DZW1\recentposts[1].htm moved successfully.
    File move failed. C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\;ctx=4_454_h;ctx=4_254_h;ctx=4_226_m;ctx=2_78_m;ctx=2_404_m;ctx=2_447_m;ctx=6_1197_m;ips=none;ppos=btf;kw=;tile=4;sz=600x300;ord=539434517169658;an=;bu=;br=[1].js scheduled to be moved on reboot.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\al[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\chunk[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\chunk[2].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\chunk[3].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\chunk[4].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\chunk[5].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\d=1[1].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\mail[2].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0F7DCM\mail[4].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\chunk[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\chunk[2].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\chunk[3].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\chunk[4].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\mail[2].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\ping[1].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW2UMCS6\zrt_lookup[1].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\bind[1].htm moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\chunk[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\chunk[2].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\chunk[3].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\chunk[4].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\context[1].js moved successfully.
    C:\Users\kalapala\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWSBVJ3P\frame[1].htm moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  4. Broni

    Broni Malware Annihilator Posts: 46,339   +252

  5. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Farbar Service Scanner Version: 23-12-2012
    Ran by kalapala (administrator) on 01-01-2013 at 01:08:41
    Running from "C:\Users\kalapala\Desktop"
    Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    ATTENTION!=====> local policy on IP:
    Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
    Vlue: "ActivePolicy"
    Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465}"

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  6. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Was abt to post , then my browser was frozen for a sec
  7. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Something is not right.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  8. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    It's already late night. I wil post it tomorow. Thanks for support.

    I hope with your support I clear this mess soon.

    srikanth.
  9. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Happy New Year :)
  10. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Hello Broni,
    Well the good news is now I can connect to AV sites and support.microsofot.com.
    I ran MBAR also and found no threats.
    Here are the logs. Let me know if I need to run any other tool or my system is safe now.
    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.01.01
    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kalapala :: KALAPALA-PC [administrator]
    1/1/2013 9:38:07 AM
    mbar-log-2013-01-01 (09-38-07).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 30268
    Time elapsed: 9 minute(s), 14 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  11. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7600 Windows 7 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_19
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.194000 GHz
    Memory total: 4260315136, free: 2433875968
    ------------ Kernel report ------------
    01/01/2013 09:27:35
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\ACPI.sys
    \SystemRoot\system32\DRIVERS\WMILIB.SYS
    \SystemRoot\system32\DRIVERS\msisadrv.sys
    \SystemRoot\system32\DRIVERS\pci.sys
    \SystemRoot\system32\DRIVERS\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\DRIVERS\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\atapi.sys
    \SystemRoot\system32\DRIVERS\ataport.SYS
    \SystemRoot\system32\DRIVERS\msahci.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\system32\DRIVERS\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw5s64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\jmcr.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \??\C:\Windows\system32\drivers\VMkbd.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\WinUSB.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthmodem.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    \SystemRoot\system32\DRIVERS\VMNET.SYS
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\hcmon.sys
    \??\C:\Windows\system32\drivers\vmx86.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\vmnetuserif.sys
    \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
    \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\clbcatq.dll
    \Windows\System32\user32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\sechost.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\psapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004c54060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa8004ae9060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.01.01
    Downloaded database version: v2012.12.27.02
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004c54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004c54b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004c54060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004c53040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xfffffa8004b13520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004ae9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a00cdf1870, 0xfffffa8004c54060, 0xfffffa80053a1790
    Lower DeviceData: 0xfffff8a00fec3490, 0xfffffa8004ae9060, 0xfffffa800482a210
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B25F934C
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 204693504
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204900352 Numsec = 387072000
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 591972352 Numsec = 33167360
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  12. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Post new FSS log.
  13. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Hello,
    I ran the tool as mentioned in above steps, after that I lost my wireless. I could connect to LAN.
    Here is FSS latest log:
    Farbar Service Scanner Version: 23-12-2012
    Ran by kalapala (administrator) on 02-01-2013 at 08:40:58
    Running from "C:\Users\kalapala\Desktop"
    Windows 7 Ultimate (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    ATTENTION!=====> local policy on IP:
    Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
    Vlue: "ActivePolicy"
    Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b4f9004c-904c-45a5-8711-3501b4a3f465}"


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
    ------------------------------------------------------------
  14. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Hello,

    After the latest log, do you still see any issues?

    Thanks for your support.

    Thanks,
    Srikanth.
  15. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    We still have issue with the very same registry key which is not supposed to be there.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  16. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Log:
    ----------------------

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
    Ran by SYSTEM at 02-01-2013 10:02:49
    Running from H:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-10-02] (NVIDIA Corporation)
    HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
    HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
    HKU\kalapala\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-12-31] (SUPERAntiSpyware.com)
    Tcpip\Parameters: [DhcpNameServer] 123.176.37.37 123.176.37.35 202.53.8.8 202.53.8.9
    Tcpip\..\Interfaces\{81E50D9E-9C49-4CA9-8F3B-AF8EEB130EE0}: [NameServer]192.168.1.1
    Tcpip\..\Interfaces\{82E54A1E-156D-4B61-B591-9ABD91E16E3A}: [NameServer]192.168.1.1

    ==================== Services (Whitelisted) ===================

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-19] (Nero AG)
    3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [382248 2007-09-20] (Nero AG)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
    2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-02] (Validity Sensors, Inc.)
    2 vfsFPService; C:\Windows\SysWow64\vfsFPService.exe [599344 2009-06-02] (Validity Sensors, Inc.)
    2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [109360 2007-05-01] (VMware, Inc.)
    2 vmount2; "C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe" [269104 2007-03-22] (VMware, Inc.)
    4 Siebel QuickStart Service; C:\Siebel8.1\WebClient\bin\siebqsvc.exe [x]
    3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]
    2 vvdsvc; C:\Windows\system32\nagasoft\vjocx.dll [x]

    ==================== Drivers (Whitelisted) =====================

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    2 vstor2; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [24880 2007-03-22] (VMware, Inc.)
    3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-04-03] (ZTEMT Incorporated)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-02 10:02 - 2013-01-02 10:02 - 00000000 ____D C:\FRST
    2013-01-01 19:37 - 2013-01-01 19:37 - 01464235 ____A (Farbar) C:\Users\kalapala\Downloads\FRST64.exe
    2013-01-01 19:10 - 2013-01-01 19:11 - 00002241 ____A C:\Users\kalapala\Desktop\FSS.txt
    2013-01-01 18:54 - 2008-05-07 20:03 - 00303616 ____A ( ) C:\SetACL.exe
    2013-01-01 18:35 - 2004-06-11 14:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe
    2013-01-01 18:09 - 2013-01-01 18:09 - 00003424 ____N C:\bootsqm.dat
    2013-01-01 18:05 - 2013-01-01 19:00 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2013-01-01 18:03 - 2013-01-01 18:03 - 00002251 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2013-01-01 18:03 - 2013-01-01 18:03 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2013-01-01 18:02 - 2013-01-01 18:02 - 05415956 ____A C:\Users\kalapala\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2013-01-01 01:44 - 2013-01-01 20:25 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-01 01:44 - 2013-01-01 19:55 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-01 01:44 - 2013-01-01 17:55 - 00000000 ____D C:\Program Files\Google
    2012-12-31 21:17 - 2012-12-31 21:18 - 18286112 ____A (Microsoft Corporation) C:\Users\kalapala\Downloads\Windows-KB890830-x64-V4.15.exe
    2012-12-31 21:16 - 2012-11-28 01:49 - 65087872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-12-31 20:34 - 2012-12-16 08:52 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-31 20:34 - 2012-12-16 06:40 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-31 20:34 - 2012-12-16 06:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-31 20:34 - 2012-12-16 06:25 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-31 19:55 - 2013-01-01 01:21 - 00000000 ____D C:\Users\kalapala\Desktop\mbar
    2012-12-31 11:37 - 2012-12-31 11:37 - 00013654 ____A C:\Users\kalapala\Desktop\01012013_010245_lat.txt
    2012-12-31 11:23 - 2012-12-31 11:30 - 154495016 ____A (Kaspersky Lab) C:\Users\kalapala\Downloads\kav13.0.1.4190en.exe
    2012-12-31 11:07 - 2012-12-31 11:07 - 00697911 ____A (Farbar) C:\Users\kalapala\Desktop\FSS.exe
    2012-12-31 11:04 - 2012-12-31 11:04 - 00697911 ____A (Farbar) C:\Users\kalapala\Downloads\FSS.exe
    2012-12-31 10:20 - 2012-12-31 10:20 - 00856731 ____A C:\Users\kalapala\Desktop\SecurityCheck.exe
    2012-12-31 10:00 - 2012-12-31 10:00 - 00012648 ____A C:\Users\kalapala\Desktop\12312012_232446.log
    2012-12-31 09:54 - 2012-12-31 09:54 - 00000000 ____D C:\_OTL
    2012-12-31 09:23 - 2012-12-31 09:23 - 00097700 ____A C:\Users\kalapala\Desktop\Extras.Txt
    2012-12-31 09:20 - 2012-12-31 09:20 - 00105382 ____A C:\Users\kalapala\Desktop\OTL.Txt
    2012-12-31 09:05 - 2012-12-31 09:05 - 00001183 ____A C:\Users\kalapala\Desktop\todo.txt
    2012-12-31 09:03 - 2012-12-31 09:03 - 00602112 ____A (OldTimer Tools) C:\Users\kalapala\Desktop\OTL.exe
    2012-12-31 02:17 - 2013-01-01 18:17 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bdc5b92-a030-4d02-b190-7e9b9e364cd7.job
    2012-12-31 02:17 - 2012-12-31 05:15 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cecf346b-e4d4-4635-9bc1-81e4007a8e8d.job
    2012-12-31 02:16 - 2012-12-31 02:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-12-31 02:16 - 2012-12-31 02:16 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-12-31 02:16 - 2012-12-31 02:16 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-31 02:16 - 2012-12-31 02:16 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-12-31 02:11 - 2012-12-31 02:14 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\kalapala\Downloads\SUPERAntiSpyware.exe
    2012-12-31 01:53 - 2012-12-31 01:53 - 00000000 ____D C:\Program Files (x86)\PC Tools
    2012-12-31 01:34 - 2012-12-31 01:34 - 01878477 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-12-31 01:34 - 2012-11-01 02:05 - 00253256 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
    2012-12-31 01:32 - 2012-12-31 02:11 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-12-31 01:32 - 2012-12-31 01:32 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\TestApp
    2012-12-31 01:29 - 2012-12-31 01:30 - 04124152 ____A (PC Tools) C:\Users\kalapala\Downloads\sdsetup.exe
    2012-12-31 01:21 - 2012-12-31 01:21 - 00020341 ____A C:\ComboFix.txt
    2012-12-30 09:04 - 2012-12-30 09:04 - 00000000 ____D C:\Users\kalapala\AppData\Local\DDMSettings
    2012-12-30 06:49 - 2012-12-31 01:22 - 00000000 ____D C:\Qoobox
    2012-12-30 06:49 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-12-30 06:49 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-12-30 06:49 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-12-30 06:49 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-12-30 06:49 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-12-30 06:49 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-12-30 06:49 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-12-30 06:49 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-12-30 06:48 - 2012-12-31 01:15 - 00000000 ____D C:\Windows\erdnt
    2012-12-30 06:48 - 2012-12-30 07:22 - 00026350 ____A C:\Users\kalapala\Desktop\com.txt
    2012-12-30 06:44 - 2012-12-30 06:44 - 05015826 ____R (Swearware) C:\Users\kalapala\Desktop\ComboFix.exe
    2012-12-29 20:28 - 2012-12-31 00:25 - 00000000 ____D C:\Users\kalapala\Desktop\RK_Quarantine
    2012-12-29 20:26 - 2012-12-29 20:26 - 00759808 ____A C:\Users\kalapala\Desktop\RogueKiller.exe
    2012-12-29 11:18 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-12-29 11:18 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-12-29 11:18 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-12-29 11:18 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-12-29 11:08 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-12-29 11:08 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-12-29 11:08 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-12-29 11:08 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-12-29 11:08 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-12-29 11:08 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-12-29 11:08 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-12-29 11:08 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-12-29 11:08 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-12-29 11:08 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-12-29 11:08 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-12-29 11:08 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-12-29 11:08 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-12-29 11:08 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-12-29 11:08 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-12-29 11:08 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-12-29 11:08 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-12-29 11:08 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-12-29 11:08 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-12-29 11:08 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-12-29 11:08 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-12-29 11:08 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-12-29 11:08 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-12-29 11:08 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-12-29 11:08 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-12-29 11:08 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-12-29 11:08 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-12-29 11:08 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-12-29 11:08 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-12-29 11:08 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-12-29 11:08 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-12-29 11:08 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-12-29 11:07 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-12-29 11:07 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-12-29 11:07 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-12-29 11:07 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-12-29 11:07 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-12-29 11:07 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-12-29 11:07 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-12-29 11:07 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-12-29 11:05 - 2012-02-29 22:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-12-29 11:05 - 2012-02-29 22:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-12-29 11:05 - 2012-02-29 22:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-12-29 11:05 - 2012-02-29 21:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2012-12-29 11:05 - 2012-02-29 21:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2012-12-29 11:02 - 2012-03-02 22:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2012-12-29 11:02 - 2012-03-02 22:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-12-29 11:02 - 2012-03-02 22:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-12-29 11:02 - 2012-03-02 22:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2012-12-29 11:02 - 2012-03-02 22:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2012-12-29 11:02 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2012-12-29 11:02 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-12-29 11:02 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2012-12-29 11:02 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2012-12-29 11:02 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2012-12-29 11:02 - 2011-10-25 21:22 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
    2012-12-29 11:02 - 2011-10-25 21:22 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-12-29 11:02 - 2011-10-25 20:28 - 01328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2012-12-29 11:02 - 2011-10-25 20:28 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-12-29 11:00 - 2012-08-30 10:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-12-29 11:00 - 2012-08-30 09:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-12-29 11:00 - 2012-08-30 09:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-12-29 11:00 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-12-29 11:00 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-12-29 11:00 - 2012-02-14 22:27 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
    2012-12-29 11:00 - 2012-02-14 21:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
    2012-12-29 11:00 - 2012-02-14 20:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
    2012-12-29 11:00 - 2012-01-04 01:58 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
    2012-12-29 11:00 - 2012-01-04 01:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2012-12-29 11:00 - 2011-11-16 23:12 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
    2012-12-29 11:00 - 2011-11-16 21:39 - 00314368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2012-12-29 10:59 - 2012-11-22 00:20 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-12-29 10:59 - 2012-11-08 21:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-12-29 10:59 - 2012-11-08 20:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-12-29 10:59 - 2012-10-04 09:38 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-12-29 10:59 - 2012-10-04 09:38 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-12-29 10:59 - 2012-10-04 09:38 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-12-29 10:59 - 2012-10-04 09:38 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-12-29 10:59 - 2012-10-04 09:35 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-12-29 10:59 - 2012-10-04 09:32 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-12-29 10:59 - 2012-10-04 09:32 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 09:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:54 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-12-29 10:59 - 2012-10-04 08:54 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-12-29 10:59 - 2012-10-04 08:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 08:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 07:19 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-12-29 10:59 - 2012-10-04 06:49 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-12-29 10:59 - 2012-10-04 06:49 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-12-29 10:59 - 2012-10-04 06:49 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-12-29 10:59 - 2012-10-04 06:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-12-29 10:59 - 2012-10-04 06:44 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 06:44 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 06:44 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-29 10:59 - 2012-10-04 06:44 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-12-29 10:59 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-12-29 10:58 - 2012-11-01 21:27 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2012-12-29 10:58 - 2012-11-01 20:48 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2012-12-29 10:58 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-12-29 10:58 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-12-29 10:58 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-12-29 10:58 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-12-29 10:58 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-12-29 10:58 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-12-29 10:58 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-12-29 10:58 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-12-29 10:58 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-12-29 10:58 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-12-29 10:58 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-12-29 10:58 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-12-29 10:58 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-12-29 10:58 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-12-29 10:58 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-12-29 10:58 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-12-29 10:58 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-12-29 10:58 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-12-29 10:58 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-12-29 10:58 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-12-29 10:58 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-12-29 10:58 - 2011-11-16 23:11 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
    2012-12-29 10:58 - 2011-11-16 23:11 - 00028672 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
    2012-12-29 10:58 - 2011-11-16 23:11 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
    2012-12-29 10:58 - 2011-11-16 23:08 - 01446912 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
    2012-12-29 10:58 - 2011-11-16 23:05 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
    2012-12-29 10:57 - 2012-09-06 09:38 - 00295792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
    2012-12-29 10:57 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-12-29 10:57 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-12-29 10:57 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-12-29 10:57 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-12-29 10:57 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-12-29 10:57 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-12-29 10:57 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-12-29 10:57 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-12-29 10:57 - 2012-03-16 23:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-12-29 10:57 - 2012-01-02 22:24 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
    2012-12-29 10:57 - 2012-01-02 21:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2012-12-29 10:57 - 2011-12-27 19:59 - 00499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
    2012-12-29 10:57 - 2011-10-25 21:19 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2012-12-29 10:57 - 2011-08-16 21:32 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
    2012-12-29 10:57 - 2011-08-16 21:27 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\MSNP.ax
    2012-12-29 10:57 - 2011-08-16 21:27 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
    2012-12-29 10:57 - 2011-08-16 21:27 - 00104960 ____A (Microsoft Corporation) C:\Windows\System32\Mpeg2Data.ax
    2012-12-29 10:57 - 2011-08-16 21:27 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\MSDvbNP.ax
    2012-12-29 10:57 - 2011-08-16 20:26 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
    2012-12-29 10:57 - 2011-08-16 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
    2012-12-29 10:57 - 2011-08-16 20:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
    2012-12-29 10:57 - 2011-08-16 20:22 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
    2012-12-29 10:57 - 2011-08-16 20:22 - 00059904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
    2012-12-29 10:56 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-12-29 10:56 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-12-29 10:56 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-12-29 10:56 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-12-29 10:56 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-12-29 10:56 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-12-29 10:55 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-12-29 10:55 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-12-29 10:55 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-12-29 10:55 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-12-29 10:55 - 2011-08-26 21:40 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
    2012-12-29 10:55 - 2011-08-26 21:40 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
    2012-12-29 10:55 - 2011-08-26 20:43 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2012-12-29 10:55 - 2011-08-26 20:43 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
    2012-12-29 10:46 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-12-29 10:46 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-12-29 10:46 - 2012-07-06 11:58 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-12-29 10:46 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-12-29 10:46 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-12-29 10:46 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-12-29 10:46 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-12-29 10:46 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-12-29 10:46 - 2012-03-30 03:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-12-29 10:46 - 2011-12-16 00:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
    2012-12-29 10:46 - 2011-12-15 23:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
    2012-12-29 10:46 - 2011-11-19 07:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
    2012-12-29 10:46 - 2011-11-19 06:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2012-12-29 10:46 - 2011-11-16 23:14 - 01739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2012-12-29 10:46 - 2011-11-16 21:41 - 01292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2012-12-29 10:46 - 2011-10-14 22:25 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2012-12-29 10:46 - 2011-10-14 21:48 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2012-12-29 10:12 - 2012-12-29 10:12 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\ZTEMTUI
    2012-12-29 09:55 - 2012-12-29 09:55 - 00005938 ____A C:\Users\kalapala\Desktop\attach.txt
    2012-12-29 09:55 - 2012-12-29 09:54 - 00020292 ____A C:\Users\kalapala\Desktop\dds.txt
    2012-12-28 18:16 - 2012-12-31 00:26 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-12-28 18:16 - 2012-10-30 14:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-12-28 18:16 - 2012-10-30 14:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-12-28 18:16 - 2012-10-30 14:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-12-28 18:16 - 2012-10-30 14:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-12-28 18:16 - 2012-10-15 07:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-12-28 18:15 - 2013-01-01 00:11 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-12-28 18:15 - 2012-10-30 14:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-12-28 18:15 - 2012-10-30 14:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-12-28 18:14 - 2012-10-30 14:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-12-28 18:14 - 2012-10-30 14:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-12-28 18:08 - 2012-12-28 18:08 - 00269000 ____A C:\Windows\Minidump\122912-19718-01.dmp
    2012-12-28 09:56 - 2012-12-28 18:13 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-12-28 09:56 - 2012-12-28 18:13 - 00000000 ____D C:\Program Files\AVAST Software
    2012-12-28 09:54 - 2012-12-28 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-28 09:54 - 2012-12-14 03:19 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-27 20:47 - 2012-12-27 20:52 - 102315992 ____A C:\Users\kalapala\Downloads\avast_free_antivirus_setup.exe
    2012-12-27 20:45 - 2012-12-27 20:45 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\kalapala\Downloads\mbam-setup-1.70.0.1100.exe
    2012-12-27 20:06 - 2012-12-27 20:12 - 00000000 ____D C:\Users\All Users\MFAData
    2012-12-27 20:06 - 2012-12-27 20:06 - 00000000 ____D C:\Users\kalapala\AppData\Local\MFAData
    2012-12-27 20:06 - 2012-12-27 20:06 - 00000000 ____D C:\Users\kalapala\AppData\Local\Avg2013
    2012-12-27 19:24 - 2012-12-27 19:25 - 00002678 ____A C:\CalInstall.log
    2012-12-27 19:01 - 2012-12-27 19:01 - 00000050 ____A C:\Users\kalapala\AppData\Roaming\mbam.context.scan
    2012-12-17 19:58 - 2012-12-31 00:24 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\Ebino
    2012-12-16 07:03 - 2012-12-31 00:24 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\Azqeq
    2012-12-08 09:46 - 2012-12-08 09:46 - 00291112 ____A C:\Windows\Minidump\120812-25584-01.dmp
    2012-12-08 08:00 - 2012-12-08 08:01 - 00007987 ____A C:\Users\kalapala\Desktop\tools 1.cfg
    2012-12-08 07:33 - 2012-12-08 08:10 - 00001939 ____A C:\Users\kalapala\Desktop\Siebel Tools.lnk
    2012-12-08 07:33 - 2012-12-08 07:33 - 00001963 ____A C:\Users\kalapala\Desktop\Siebel Financial Services - ENU.lnk
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000241 ____A C:\Windows\SysWOW64\SAMP8.1_setup.err
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000155 ____A C:\Windows\SysWOW64\SAMP8.1_setup.log
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000012 ____A C:\Windows\SysWOW64\SAMP8.1_setup.reg
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000000 ____A C:\Windows\SysWOW64\SAMP8.1_setup.file
    2012-12-08 06:51 - 2012-12-08 06:51 - 00000000 ____D C:\Siebel
    2012-12-08 04:49 - 2012-12-08 07:04 - 00000235 ____A C:\siebinst.log
    2012-12-08 04:23 - 2012-12-08 04:23 - 00000000 ____D C:\Program Files\Oracle
    2012-12-08 04:23 - 2012-12-08 04:23 - 00000000 ____D C:\app
    2012-12-08 02:53 - 2012-12-08 02:53 - 00000000 ____D C:\Program Files (x86)\Oracle

    ==================== One Month Modified Files and Folders =======
  17. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    2013-01-02 10:02 - 2013-01-02 10:02 - 00000000 ____D C:\FRST
    2013-01-01 20:30 - 2010-01-08 11:42 - 01866051 ____A C:\Windows\WindowsUpdate.log
    2013-01-01 20:30 - 2009-07-13 20:45 - 00018000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-01 20:30 - 2009-07-13 20:45 - 00018000 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-01 20:25 - 2013-01-01 01:44 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-01 20:25 - 2010-01-08 23:01 - 00000000 ____D C:\Users\All Users\VMware
    2013-01-01 20:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-01 20:24 - 2009-07-13 20:51 - 00162138 ____A C:\Windows\setupact.log
    2013-01-01 20:01 - 2009-07-13 21:13 - 00722040 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-01 19:55 - 2013-01-01 01:44 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-01 19:37 - 2013-01-01 19:37 - 01464235 ____A (Farbar) C:\Users\kalapala\Downloads\FRST64.exe
    2013-01-01 19:37 - 2010-02-02 06:22 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1643222980-1362892797-2240600343-1000UA.job
    2013-01-01 19:27 - 2010-01-08 11:43 - 00110896 ____A C:\Users\kalapala\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-01-01 19:11 - 2013-01-01 19:10 - 00002241 ____A C:\Users\kalapala\Desktop\FSS.txt
    2013-01-01 19:02 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
    2013-01-01 19:01 - 2009-07-13 20:45 - 00411736 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-01 19:00 - 2013-01-01 18:05 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
    2013-01-01 18:56 - 2010-01-08 23:01 - 00722040 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-01-01 18:17 - 2012-12-31 02:17 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bdc5b92-a030-4d02-b190-7e9b9e364cd7.job
    2013-01-01 18:09 - 2013-01-01 18:09 - 00003424 ____N C:\bootsqm.dat
    2013-01-01 18:03 - 2013-01-01 18:03 - 00002251 ____A C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2013-01-01 18:03 - 2013-01-01 18:03 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2013-01-01 18:02 - 2013-01-01 18:02 - 05415956 ____A C:\Users\kalapala\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2013-01-01 17:55 - 2013-01-01 01:44 - 00000000 ____D C:\Program Files\Google
    2013-01-01 17:55 - 2010-01-08 23:54 - 00000000 ____D C:\Program Files (x86)\Google
    2013-01-01 17:55 - 2010-01-08 12:06 - 00543180 ____A C:\Windows\PFRO.log
    2013-01-01 03:15 - 2010-01-08 23:54 - 00000000 ____D C:\Users\kalapala\AppData\Local\Google
    2013-01-01 01:47 - 2010-01-10 07:58 - 00000000 ____D C:\Users\All Users\Adobe
    2013-01-01 01:43 - 2012-07-28 23:22 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-01 01:43 - 2012-01-13 20:14 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-01 01:21 - 2012-12-31 19:55 - 00000000 ____D C:\Users\kalapala\Desktop\mbar
    2013-01-01 00:11 - 2012-12-28 18:15 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-12-31 22:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-31 21:18 - 2012-12-31 21:17 - 18286112 ____A (Microsoft Corporation) C:\Users\kalapala\Downloads\Windows-KB890830-x64-V4.15.exe
    2012-12-31 11:37 - 2012-12-31 11:37 - 00013654 ____A C:\Users\kalapala\Desktop\01012013_010245_lat.txt
    2012-12-31 11:30 - 2012-12-31 11:23 - 154495016 ____A (Kaspersky Lab) C:\Users\kalapala\Downloads\kav13.0.1.4190en.exe
    2012-12-31 11:07 - 2012-12-31 11:07 - 00697911 ____A (Farbar) C:\Users\kalapala\Desktop\FSS.exe
    2012-12-31 11:04 - 2012-12-31 11:04 - 00697911 ____A (Farbar) C:\Users\kalapala\Downloads\FSS.exe
    2012-12-31 10:20 - 2012-12-31 10:20 - 00856731 ____A C:\Users\kalapala\Desktop\SecurityCheck.exe
    2012-12-31 10:00 - 2012-12-31 10:00 - 00012648 ____A C:\Users\kalapala\Desktop\12312012_232446.log
    2012-12-31 09:54 - 2012-12-31 09:54 - 00000000 ____D C:\_OTL
    2012-12-31 09:23 - 2012-12-31 09:23 - 00097700 ____A C:\Users\kalapala\Desktop\Extras.Txt
    2012-12-31 09:20 - 2012-12-31 09:20 - 00105382 ____A C:\Users\kalapala\Desktop\OTL.Txt
    2012-12-31 09:05 - 2012-12-31 09:05 - 00001183 ____A C:\Users\kalapala\Desktop\todo.txt
    2012-12-31 09:03 - 2012-12-31 09:03 - 00602112 ____A (OldTimer Tools) C:\Users\kalapala\Desktop\OTL.exe
    2012-12-31 06:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-12-31 05:15 - 2012-12-31 02:17 - 00000516 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cecf346b-e4d4-4635-9bc1-81e4007a8e8d.job
    2012-12-31 02:19 - 2012-12-31 02:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-12-31 02:16 - 2012-12-31 02:16 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-12-31 02:16 - 2012-12-31 02:16 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\SUPERAntiSpyware.com
    2012-12-31 02:16 - 2012-12-31 02:16 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-12-31 02:14 - 2012-12-31 02:11 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\kalapala\Downloads\SUPERAntiSpyware.exe
    2012-12-31 02:11 - 2012-12-31 01:32 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-12-31 01:53 - 2012-12-31 01:53 - 00000000 ____D C:\Program Files (x86)\PC Tools
    2012-12-31 01:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-12-31 01:34 - 2012-12-31 01:34 - 01878477 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-12-31 01:32 - 2012-12-31 01:32 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\TestApp
    2012-12-31 01:30 - 2012-12-31 01:29 - 04124152 ____A (PC Tools) C:\Users\kalapala\Downloads\sdsetup.exe
    2012-12-31 01:22 - 2012-12-30 06:49 - 00000000 ____D C:\Qoobox
    2012-12-31 01:21 - 2012-12-31 01:21 - 00020341 ____A C:\ComboFix.txt
    2012-12-31 01:15 - 2012-12-30 06:48 - 00000000 ____D C:\Windows\erdnt
    2012-12-31 01:05 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-12-31 00:45 - 2009-07-13 18:34 - 63176704 ____A C:\Windows\System32\config\software.bak
    2012-12-31 00:45 - 2009-07-13 18:34 - 17301504 ____A C:\Windows\System32\config\system.bak
    2012-12-31 00:45 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak
    2012-12-31 00:45 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
    2012-12-31 00:45 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\default.bak
    2012-12-31 00:26 - 2012-12-28 18:16 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-12-31 00:25 - 2012-12-29 20:28 - 00000000 ____D C:\Users\kalapala\Desktop\RK_Quarantine
    2012-12-31 00:25 - 2010-01-08 11:41 - 00000000 ____D C:\users\kalapala
    2012-12-31 00:24 - 2012-12-17 19:58 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\Ebino
    2012-12-31 00:24 - 2012-12-16 07:03 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\Azqeq
    2012-12-31 00:24 - 2010-01-24 05:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-12-31 00:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2012-12-31 00:23 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2012-12-30 09:04 - 2012-12-30 09:04 - 00000000 ____D C:\Users\kalapala\AppData\Local\DDMSettings
    2012-12-30 07:22 - 2012-12-30 06:48 - 00026350 ____A C:\Users\kalapala\Desktop\com.txt
    2012-12-30 06:44 - 2012-12-30 06:44 - 05015826 ____R (Swearware) C:\Users\kalapala\Desktop\ComboFix.exe
    2012-12-29 20:26 - 2012-12-29 20:26 - 00759808 ____A C:\Users\kalapala\Desktop\RogueKiller.exe
    2012-12-29 11:29 - 2009-07-13 23:46 - 00000000 ____D C:\Program Files\Windows Journal
    2012-12-29 11:29 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System
    2012-12-29 10:54 - 2010-01-20 09:04 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\vlc
    2012-12-29 10:12 - 2012-12-29 10:12 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\ZTEMTUI
    2012-12-29 09:55 - 2012-12-29 09:55 - 00005938 ____A C:\Users\kalapala\Desktop\attach.txt
    2012-12-29 09:54 - 2012-12-29 09:55 - 00020292 ____A C:\Users\kalapala\Desktop\dds.txt
    2012-12-28 20:22 - 2011-01-29 22:54 - 00000000 ____D C:\users\srikanth
    2012-12-28 18:13 - 2012-12-28 09:56 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-12-28 18:13 - 2012-12-28 09:56 - 00000000 ____D C:\Program Files\AVAST Software
    2012-12-28 18:08 - 2012-12-28 18:08 - 00269000 ____A C:\Windows\Minidump\122912-19718-01.dmp
    2012-12-28 18:08 - 2012-06-25 08:56 - 157973200 ____A C:\Windows\MEMORY.DMP
    2012-12-28 18:08 - 2012-06-25 08:56 - 00000000 ____D C:\Windows\Minidump
    2012-12-28 09:55 - 2012-12-28 09:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-28 09:52 - 2012-05-13 02:00 - 00000000 ____D C:\Users\All Users\Avira
    2012-12-27 20:52 - 2012-12-27 20:47 - 102315992 ____A C:\Users\kalapala\Downloads\avast_free_antivirus_setup.exe
    2012-12-27 20:45 - 2012-12-27 20:45 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\kalapala\Downloads\mbam-setup-1.70.0.1100.exe
    2012-12-27 20:12 - 2012-12-27 20:06 - 00000000 ____D C:\Users\All Users\MFAData
    2012-12-27 20:06 - 2012-12-27 20:06 - 00000000 ____D C:\Users\kalapala\AppData\Local\MFAData
    2012-12-27 20:06 - 2012-12-27 20:06 - 00000000 ____D C:\Users\kalapala\AppData\Local\Avg2013
    2012-12-27 19:39 - 2010-05-21 22:04 - 00000000 ____D C:\Program Files (x86)\Reliance Netconnect - Broadband+
    2012-12-27 19:37 - 2010-10-19 07:56 - 00000000 ____D C:\Program Files (x86)\VERTX Systems
    2012-12-27 19:36 - 2010-01-08 12:02 - 00054090 ____A C:\Windows\DPINST.LOG
    2012-12-27 19:34 - 2010-01-08 19:14 - 00000000 ____D C:\Users\All Users\SpeedBit
    2012-12-27 19:30 - 2011-10-07 08:06 - 00000000 ____D C:\Program Files (x86)\CoffeeCup Software
    2012-12-27 19:27 - 2010-09-06 08:41 - 00000000 ____D C:\Windows\SysWOW64\no
    2012-12-27 19:26 - 2010-03-28 07:43 - 00000000 ____D C:\Windows\System32\appmgmt
    2012-12-27 19:25 - 2012-12-27 19:24 - 00002678 ____A C:\CalInstall.log
    2012-12-27 19:25 - 2010-02-18 06:06 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\Cisco
    2012-12-27 19:24 - 2010-02-18 06:03 - 00000000 ____D C:\Windows\Downloaded Installations
    2012-12-27 19:01 - 2012-12-27 19:01 - 00000050 ____A C:\Users\kalapala\AppData\Roaming\mbam.context.scan
    2012-12-27 07:37 - 2010-02-02 06:22 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1643222980-1362892797-2240600343-1000Core.job
    2012-12-24 06:07 - 2010-09-17 21:02 - 00000000 ____D C:\Users\kalapala\AppData\Roaming\TeamViewer
    2012-12-24 06:00 - 2010-09-17 21:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2012-12-22 06:51 - 2012-07-09 19:57 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForkalapala.job
    2012-12-22 03:08 - 2010-01-12 06:40 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-12-21 05:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2012-12-16 08:52 - 2012-12-31 20:34 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 06:40 - 2012-12-31 20:34 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 06:25 - 2012-12-31 20:34 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-16 06:25 - 2012-12-31 20:34 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-14 03:19 - 2012-12-28 09:54 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-09 19:40 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-08 09:52 - 2011-02-16 10:11 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2012-12-08 09:51 - 2011-02-16 10:19 - 00000000 ____D C:\Users\All Users\Yahoo!
    2012-12-08 09:46 - 2012-12-08 09:46 - 00291112 ____A C:\Windows\Minidump\120812-25584-01.dmp
    2012-12-08 08:10 - 2012-12-08 07:33 - 00001939 ____A C:\Users\kalapala\Desktop\Siebel Tools.lnk
    2012-12-08 08:01 - 2012-12-08 08:00 - 00007987 ____A C:\Users\kalapala\Desktop\tools 1.cfg
    2012-12-08 07:33 - 2012-12-08 07:33 - 00001963 ____A C:\Users\kalapala\Desktop\Siebel Financial Services - ENU.lnk
    2012-12-08 07:05 - 2010-01-08 12:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000241 ____A C:\Windows\SysWOW64\SAMP8.1_setup.err
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000155 ____A C:\Windows\SysWOW64\SAMP8.1_setup.log
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000012 ____A C:\Windows\SysWOW64\SAMP8.1_setup.reg
    2012-12-08 07:04 - 2012-12-08 07:04 - 00000000 ____A C:\Windows\SysWOW64\SAMP8.1_setup.file
    2012-12-08 07:04 - 2012-12-08 04:49 - 00000235 ____A C:\siebinst.log
    2012-12-08 06:51 - 2012-12-08 06:51 - 00000000 ____D C:\Siebel
    2012-12-08 04:23 - 2012-12-08 04:23 - 00000000 ____D C:\Program Files\Oracle
    2012-12-08 04:23 - 2012-12-08 04:23 - 00000000 ____D C:\app
    2012-12-08 02:53 - 2012-12-08 02:53 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-12-04 07:33 - 2012-11-13 07:56 - 00008523 ____A C:\Users\kalapala\Desktop\Stocks to buy this year.xlsx
    ==================== Known DLLs (Whitelisted) =================
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys
    [2012-12-29 10:57] - [2012-09-06 09:38] - 0295792 ____A (Microsoft Corporation) 9E425AC5C9A5A973273D169F43B4F5E1
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-12-30 06:45:11
    Restore point made on: 2012-12-30 06:49:54
    Restore point made on: 2012-12-31 00:21:44
    Restore point made on: 2012-12-31 19:51:05
    Restore point made on: 2012-12-31 20:34:19
    Restore point made on: 2013-01-01 18:31:06
    ==================== Memory info ===========================
    Percentage of memory in use: 14%
    Total physical RAM: 4062.95 MB
    Available physical RAM: 3463.65 MB
    Total Pagefile: 4061.1 MB
    Available Pagefile: 3450.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:97.61 GB) (Free:50.42 GB) NTFS
    2 Drive e: () (Fixed) (Total:184.57 GB) (Free:58.39 GB) NTFS
    3 Drive f: (RECOVERY) (Fixed) (Total:15.82 GB) (Free:2.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7643 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 97 GB 101 MB
    Partition 3 Primary 184 GB 97 GB
    Partition 4 Primary 15 GB 282 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 100 MB Healthy
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 97 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 184 GB Healthy
    =========================================================
    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F RECOVERY NTFS Partition 15 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7643 MB 31 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 7643 MB Healthy
    =========================================================
    Last Boot: 2012-12-25 01:03
    ==================== End Of Log =============================
  18. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    That looks good.

    What are the current issues if any?
  19. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Hello Broni,
    I think now I can connect to all sites, I had some wirless issues. I ran window troubleshoot and it looks like DHCP is disabled and I enabled it. From the recent logs, can we say my system is virus free?.right?

    I thank you very much for your time and helping me to fix the issues.

    Have a great day!!!

    Thanks,
    Srikanth.
  20. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ==========================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =========================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  21. srikanth25

    srikanth25 Newcomer, in training Topic Starter Posts: 30

    Hello,

    Thanks to your help, I think now my computer is back to normal. May be the movie I downloaded thru p2p could be culprit for viurs in my laptop. I will be more careful in future..

    Here is the OTL log:
    -----------------------------------------
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: kalapala
    ->Temp folder emptied: 280269 bytes
    ->Temporary Internet Files folder emptied: 3488042 bytes
    ->Java cache emptied: 1880 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 73317707 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: srikanth
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 26817 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 561023 bytes

    Total Files Cleaned = 74.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: kalapala
    ->Flash cache emptied: 0 bytes

    User: Public

    User: srikanth

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: kalapala
    ->Java cache emptied: 0 bytes

    User: Public

    User: srikanth

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01032013_231132

    Files\Folders moved on Reboot...
    C:\Users\kalapala\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Have a great day!!!

    Thanks,
    Srikanth.
  22. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.