TechSpot

Trojan Horse Generic Various - How To Remove!

Solved
By vekky
Jun 7, 2013
  1. Good Afternoon,

    I have been reading a few threads related to my issue and let me first start by saying keep up the good work. However, I have read that each situation is unique so I thought I'd start my own thread.

    I made the mistake of downloading a file which has infected my computer with a multitude of trojan horses. Specifically:

    - Trojan Horse Generic32.CEMU
    - Trojan Horse Generic31.ZCS
    - Trojan Horse Generic29.ANPX
    - Trojan Horse BackDoor.Generic15.CGSY
    - Luhe.Sirefef.A

    This computer is running Windows 8. Any help is much appreciated. I'm relatively new to all of this so I appreciate your patience.

    Vekky
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Malwarebytes Anti-Malware (MBAM) Log

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.07.10

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16580
    Vivek :: VIVEKDESKTOP [administrator]

    Protection: Enabled

    8/06/2013 10:27:43 AM
    mbam-log-2013-06-08 (10-27-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212074
    Time elapsed: 1 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\$Recycle.Bin\S-1-5-21-3786517670-1886614608-158006185-1001\$RDA518DB1 (Trojan.FakeMS) -> Quarantined and deleted successfully.


    (end)
     
  4. vekky

    vekky TS Rookie Topic Starter Posts: 34

    DDS Logs

    DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
    Run by Vivek at 10:36:54 on 2013-06-08
    Microsoft Windows 8 6.2.9200.0.1252.61.2057.18.8142.6389 [GMT 8:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\dwm.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\ASGT.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhostex.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\msiexec.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Vivek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: NameServer = 10.1.1.1
    TCP: Interfaces\{CB15E06F-0B29-48D9-8960-83612773815A} : DHCPNameServer = 10.1.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-26 645952]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-3-21 248120]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2011-6-29 91864]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-18 239616]
    R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-26 7168]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-26 166720]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-8 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-8 701512]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-26 365376]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-13 544840]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-6-8 25928]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-7-26 690832]
    R4 IOMap;IOMap;C:\Windows\System32\Drivers\IOMap64.sys [2013-4-20 23680]
    S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
    S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
    S3 acsock;acsock;C:\Windows\System32\Drivers\acsock64.sys [2013-5-7 112080]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    .
    =============== Created Last 30 ================
    .
    2013-06-08 02:26:53--------d-----w-C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 02:26:4425928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-06-08 02:26:44--------d-----w-C:\ProgramData\Malwarebytes
    2013-06-08 02:26:44--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 02:26:16--------d-----w-C:\Users\Vivek\AppData\Local\Programs
    2013-06-07 10:21:50--------d-----w-C:\Program Files (x86)\x264 Video Codec
    2013-06-07 06:04:52222384----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10205.bin
    2013-06-04 23:05:23222384----a-w-C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10205.bin
    2013-06-04 23:05:23222384----a-w-C:\Program Files\Windows Defender\en-GB\systemprofile\AppData\Local\Microsoft\Windows\Sqm\Manifest\Sqm10205.bin
    2013-06-04 00:59:32696320----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
    2013-06-04 00:59:3257344----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
    2013-06-04 00:59:325632----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
    2013-06-04 00:59:32282756----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
    2013-06-04 00:59:32237568----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
    2013-06-04 00:59:32163972----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
    2013-06-04 00:59:32155648----a-w-C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
    2013-06-02 16:10:567599720----a-w-C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013\update\backup\avgmfapx.exe
    2013-06-02 16:10:567599720----a-w-C:\Program Files\Windows Defender\en-GB\systemprofile\AppData\Local\Avg2013\update\backup\avgmfapx.exe
    2013-05-17 04:51:491455368----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-17 04:51:3370144----a-w-C:\Windows\System32\appinfo.dll
    2013-05-17 04:51:33112872----a-w-C:\Windows\System32\consent.exe
    2013-05-17 04:51:13861184----a-w-C:\Windows\System32\drivers\http.sys
    2013-05-17 04:51:126987528----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-05-17 04:51:122851840----a-w-C:\Windows\System32\esent.dll
    2013-05-17 04:51:122382336----a-w-C:\Windows\SysWow64\esent.dll
    2013-05-11 03:29:44--------d-----w-C:\Users\Vivek\AppData\Local\Adobe
    .
    ==================== Find3M ====================
    .
    2013-05-07 20:07:5078200----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-07 20:07:50693112----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-07 04:16:3895648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-05-07 04:16:38866720----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-05-07 04:16:38788896----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-04-13 05:56:35444416----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-04-09 23:17:442242048----a-w-C:\Windows\System32\wininet.dll
    2013-04-09 23:17:36915968----a-w-C:\Windows\System32\uxtheme.dll
    2013-04-09 23:16:583958784----a-w-C:\Windows\System32\jscript9.dll
    2013-04-09 22:30:261767424----a-w-C:\Windows\SysWow64\wininet.dll
    2013-04-09 22:29:442877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-04-09 05:33:02489576----a-w-C:\Windows\System32\AudioEng.dll
    2013-04-09 05:33:02446792----a-w-C:\Windows\System32\AudioSes.dll
    2013-04-09 05:33:02253544----a-w-C:\Windows\System32\audiodg.exe
    2013-04-09 05:27:43284424----a-w-C:\Windows\System32\drivers\spaceport.sys
    2013-04-09 05:20:0286280----a-w-C:\Windows\System32\kdnet.dll
    2013-04-09 05:20:02306952----a-w-C:\Windows\System32\kd_02_10ec.dll
    2013-04-09 05:18:0577960----a-w-C:\Windows\System32\kdvm.dll
    2013-04-09 05:17:571829408----a-w-C:\Windows\System32\ntdll.dll
    2013-04-09 04:52:07816128----a-w-C:\Windows\System32\SearchIndexer.exe
    2013-04-09 04:52:07373760----a-w-C:\Windows\System32\SearchProtocolHost.exe
    2013-04-09 04:52:07197120----a-w-C:\Windows\System32\SearchFilterHost.exe
    2013-04-09 04:52:07126464----a-w-C:\Windows\System32\Robocopy.exe
    2013-04-09 04:52:06804352----a-w-C:\Windows\System32\RecoveryDrive.exe
    2013-04-09 04:51:51367616----a-w-C:\Windows\System32\conhost.exe
    2013-04-09 04:51:45523264----a-w-C:\Windows\System32\XpsGdiConverter.dll
    2013-04-09 04:51:4199840----a-w-C:\Windows\System32\wscsvc.dll
    2013-04-09 04:51:41456704----a-w-C:\Windows\System32\wpncore.dll
    2013-04-09 04:51:2013648384----a-w-C:\Windows\System32\Windows.UI.Xaml.dll
    2013-04-09 04:51:17595456----a-w-C:\Windows\System32\Windows.Networking.dll
    2013-04-09 04:51:17391168----a-w-C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-04-09 04:51:0510116096----a-w-C:\Windows\System32\twinui.dll
    2013-04-09 04:51:033552768----a-w-C:\Windows\System32\tquery.dll
    2013-04-09 04:50:53414720----a-w-C:\Windows\System32\GenuineCenter.dll
    2013-04-09 04:50:39422400----a-w-C:\Windows\System32\schannel.dll
    2013-04-09 04:50:391285632----a-w-C:\Windows\System32\schedsvc.dll
    2013-04-09 04:50:0396256----a-w-C:\Windows\System32\mssprxy.dll
    2013-04-09 04:50:03745984----a-w-C:\Windows\System32\mssvp.dll
    2013-04-09 04:50:032107904----a-w-C:\Windows\System32\mssrch.dll
    2013-04-09 04:50:0265024----a-w-C:\Windows\System32\msscntrs.dll
    2013-04-09 04:50:02435200----a-w-C:\Windows\System32\mssph.dll
    2013-04-09 04:50:0213824----a-w-C:\Windows\System32\msshooks.dll
    2013-04-09 04:49:541444864----a-w-C:\Windows\System32\MSAudDecMFT.dll
    2013-04-09 04:49:45468992----a-w-C:\Windows\System32\MFMediaEngine.dll
    2013-04-09 04:49:45281088----a-w-C:\Windows\System32\mfreadwrite.dll
    2013-04-09 04:49:36817152----a-w-C:\Windows\System32\kerberos.dll
    2013-04-09 04:49:33210432----a-w-C:\Windows\System32\iuilp.dll
    2013-04-09 04:49:1650176----a-w-C:\Windows\System32\fmifs.dll
    2013-04-09 04:49:16231936----a-w-C:\Windows\System32\fhengine.dll
    2013-04-09 04:49:09172544----a-w-C:\Windows\System32\dwmredir.dll
    2013-04-09 04:49:06196096----a-w-C:\Windows\System32\dmvdsitf.dll
    2013-04-09 04:48:432303488----a-w-C:\Windows\System32\authui.dll
    2013-04-09 04:48:42785408----a-w-C:\Windows\System32\audiosrv.dll
    2013-04-09 04:48:42169472----a-w-C:\Windows\System32\AudioEndpointBuilder.dll
    2013-04-09 04:48:34419840----a-w-C:\Windows\System32\intl.cpl
    2013-04-09 02:35:134038144----a-w-C:\Windows\System32\win32k.sys
    2013-04-09 02:34:4983968----a-w-C:\Windows\System32\drivers\hidclass.sys
    2013-04-09 02:34:4227648----a-w-C:\Windows\System32\drivers\hidusb.sys
    2013-04-09 02:34:3095744----a-w-C:\Windows\System32\drivers\hidbth.sys
    2013-04-09 02:33:4160416----a-w-C:\Windows\System32\drivers\ndproxy.sys
    2013-04-09 02:33:05623104----a-w-C:\Windows\System32\drivers\srv2.sys
    2013-04-09 02:32:02805376----a-w-C:\Windows\System32\drivers\PEAuth.sys
    2013-04-09 02:31:14247808----a-w-C:\Windows\System32\drivers\srvnet.sys
    2013-04-09 02:31:0183456----a-w-C:\Windows\System32\drivers\wanarp.sys
    2013-04-08 23:44:25123880----a-w-C:\Windows\SysWow64\wscapi.dll
    2013-04-08 23:39:141408896----a-w-C:\Windows\SysWow64\ntdll.dll
    2013-04-08 23:37:29426024----a-w-C:\Windows\SysWow64\AudioEng.dll
    2013-04-08 23:37:29324368----a-w-C:\Windows\SysWow64\AudioSes.dll
    2013-04-08 21:52:16670208----a-w-C:\Windows\SysWow64\SearchIndexer.exe
    2013-04-08 21:52:16302592----a-w-C:\Windows\SysWow64\SearchProtocolHost.exe
    2013-04-08 21:52:16171008----a-w-C:\Windows\SysWow64\SearchFilterHost.exe
    2013-04-08 21:52:16106496----a-w-C:\Windows\SysWow64\Robocopy.exe
    2013-04-08 21:52:06364544----a-w-C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-04-04 23:30:17503080----a-w-C:\Windows\System32\ci.dll
    2013-03-30 18:16:051403784----a-w-C:\Windows\System32\winload.efi
    2013-03-30 18:16:051267424----a-w-C:\Windows\System32\winload.exe
    2013-03-28 22:09:091093880----a-w-C:\Windows\System32\winresume.exe
    2013-03-28 22:09:041217328----a-w-C:\Windows\System32\winresume.efi
    2013-03-28 18:53:48246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-03-20 19:08:26248120----a-w-C:\Windows\System32\drivers\avgwfpa.sys
    2013-03-15 22:05:34298456----a-w-C:\Windows\System32\rsaenh.dll
    2013-03-15 22:05:16252928----a-w-C:\Windows\SysWow64\rsaenh.dll
    .
    ============= FINISH: 10:37:01.75 ===============
     
  5. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/04/2013 3:06:45 PM
    System Uptime: 8/06/2013 10:31:20 AM (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V LX
    Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 111 GiB total, 65.157 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 889.856 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP5: 14/05/2013 2:22:03 PM - Windows Update
    RP6: 3/06/2013 12:20:42 AM - Windows Update
    RP7: 4/06/2013 9:00:50 AM - Installed Adobe Photoshop
    .
    ==== Installed Programs ======================
    .
    Adobe Reader XI (11.0.02)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS GPU Tweak
    ASUS Product Register Program
    ASUS Utility
    ASUS VGA Driver
    µTorrent
    AVG 2013
    Bonjour
    Cisco AnyConnect Secure Mobility Client
    Cisco AnyConnect Secure Mobility Client
    Citrix Authentication Manager
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    Google Chrome
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    ObjectDock Free
    Online Plug-in
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Self-service Plug-in
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/06/2013 10:31:30 AM, Error: Service Control Manager [7024] -
    8/06/2013 10:31:07 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    8/06/2013 10:23:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xfffffa800679b080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060813-9906-01.
    7/06/2013 6:22:08 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.1.1.9. The computer with the IP address 10.1.1.1 did not allow the name to be claimed by this computer.
    7/06/2013 11:20:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000028, 0x0000000000000002, 0x0000000000000000, 0xfffff88001cdbfd2). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060713-11984-01.
    .

    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  7. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Rogue Killer Log 1

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Vivek [Admin rights]
    Mode : Scan -- Date : 06/08/2013 10:58:23
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{ac379ef7-6496-7efe-9243-554a3080cbbc}\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
    --- User ---
    [MBR] 4b54ccd594ac755973a297ef29013769
    [BSP] bdb89f7a832e32e143bfd97417e0a99b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST1000DM003-1CH162 +++++
    --- User ---
    [MBR] f4f2ba52264772206c3d7a60c5cab9d4
    [BSP] bc5903bd79df211ff7449cf8503ec114 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_06082013_02d1058.txt >>
    RKreport[1]_S_06082013_02d1058.txt
     
  8. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Rogue Killer Log 2

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Vivek [Admin rights]
    Mode : Remove -- Date : 06/08/2013 11:00:07
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{ac379ef7-6496-7efe-9243-554a3080cbbc}\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
    --- User ---
    [MBR] 4b54ccd594ac755973a297ef29013769
    [BSP] bdb89f7a832e32e143bfd97417e0a99b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: ST1000DM003-1CH162 +++++
    --- User ---
    [MBR] f4f2ba52264772206c3d7a60c5cab9d4
    [BSP] bc5903bd79df211ff7449cf8503ec114 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_06082013_02d1100.txt >>
    RKreport[1]_S_06082013_02d1058.txt ; RKreport[2]_D_06082013_02d1100.txt
     
  9. vekky

    vekky TS Rookie Topic Starter Posts: 34

    MBAR Log

    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    www.malwarebytes.org

    Database version: v2013.06.07.10

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16580
    Vivek :: VIVEKDESKTOP [administrator]

    8/06/2013 11:16:00 AM
    mbar-log-2013-06-08 (11-16-00).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: Deep Anti-Rootkit Scan | PUP
    Objects scanned: 231185
    Time elapsed: 3 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)


    (end)
     
  10. vekky

    vekky TS Rookie Topic Starter Posts: 34

    System Log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16580

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 3.410000 GHz
    Memory total: 8537436160, free: 6289977344

    Downloaded database version: v2013.06.07.10
    Downloaded database version: v2013.05.22.01
    Initializing...
    ------------ Kernel report ------------
    06/08/2013 11:15:58
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\EhStorClass.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\avgwfpa.sys
    \SystemRoot\system32\DRIVERS\avgfwd6a.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ctxusbm.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\HECIx64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt630x64.sys
    \SystemRoot\System32\drivers\serial.sys
    \SystemRoot\System32\drivers\serenum.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\dc3d.sys
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\IOMap64.sys
    \SystemRoot\System32\drivers\condrv.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8008d10060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000003c\
    Lower Device Object: 0xfffffa8006dd1180
    Lower Device Driver Name: \Driver\iaStorA\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8008d11060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000003b\
    Lower Device Object: 0xfffffa8006dd37f0
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8008d11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008d11b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008d11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8006b8dbe0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8006dd37f0, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F20632BD

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848 Numsec = 233719808

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 120034123776 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8008d10060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008d10a30, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008d10060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8006b6aa30, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8006dd1180, DeviceName: \Device\0000003c\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2E24DA9

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Read File: File "c:\programdata\avg2013\chjw\b03890d938909fc0.dat:86e26470-da5e-4535-9a1c-5c005a007668" is sparse (flags = 32768)
    Read File: File "c:\programdata\avg2013\chjw\b03890d938909fc0.dat:d581b65a-11ae-4862-8659-b902571c171d" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

    Removal finished
     
  11. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
     
  12. vekky

    vekky TS Rookie Topic Starter Posts: 34

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 02
    Ran by Vivek (administrator) on 08-06-2013 12:10:46
    Running from C:\Users\Vivek\Desktop
    Windows 8 (X64) OS Language: English(UK)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Windows\SysWOW64\ASGT.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\system32\dashost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    (Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\system32\msiexec.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-19] (Adobe Systems Incorporated)
    Startup: C:\Users\Vivek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
    CHR Plugin: (Norton Confidential) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Extension: (YouTube) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (AdBlock) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
    CHR Extension: (Gmail) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

    ==================== Services (Whitelisted) =================

    R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
    S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
    R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248120 2013-03-21] (AVG Technologies CZ, s.r.o.)
    R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-13] (Cisco Systems, Inc.)
    S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
    S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-08 12:10 - 2013-06-08 12:10 - 00000000 ____D C:\FRST
    2013-06-08 12:09 - 2013-06-08 12:09 - 01358671 ____A (Farbar) C:\Users\Vivek\Desktop\FRST.exe
    2013-06-08 12:07 - 2013-06-08 12:07 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
    2013-06-08 11:15 - 2013-06-08 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-08 11:02 - 2013-06-08 11:14 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
    2013-06-08 10:26 - 2013-06-08 10:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 10:26 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-06-08 10:23 - 2013-06-08 10:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-08 10:23 - 2013-06-08 10:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
    2013-06-07 18:21 - 2013-06-08 18:22 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-04 09:01 - 2013-06-04 09:01 - 00000000 ____D C:\ProgramData\Macrovision
    2013-06-02 21:29 - 2013-04-09 13:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
    2013-06-02 21:29 - 2013-04-09 13:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
    2013-06-02 21:29 - 2013-04-09 13:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    2013-06-02 21:29 - 2013-04-09 13:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
    2013-06-02 21:29 - 2013-04-09 13:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
    2013-06-02 21:29 - 2013-04-09 13:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
    2013-06-02 21:29 - 2013-04-09 13:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
    2013-06-02 21:29 - 2013-04-09 13:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-06-02 21:29 - 2013-04-09 12:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
    2013-06-02 21:29 - 2013-04-09 12:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
    2013-06-02 21:29 - 2013-04-09 12:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
    2013-06-02 21:29 - 2013-04-09 12:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-06-02 21:29 - 2013-04-09 12:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
    2013-06-02 21:29 - 2013-04-09 12:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
    2013-06-02 21:29 - 2013-04-09 12:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
    2013-06-02 21:29 - 2013-04-09 12:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-06-02 21:29 - 2013-04-09 12:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
    2013-06-02 21:29 - 2013-04-09 12:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
    2013-06-02 21:29 - 2013-04-09 12:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
    2013-06-02 21:29 - 2013-04-09 10:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-06-02 21:29 - 2013-04-09 10:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
    2013-06-02 21:29 - 2013-04-09 10:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
    2013-06-02 21:29 - 2013-04-09 10:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
    2013-06-02 21:29 - 2013-04-09 10:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
    2013-06-02 21:29 - 2013-04-09 10:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
    2013-06-02 21:29 - 2013-04-09 10:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
    2013-06-02 21:29 - 2013-04-09 10:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
    2013-06-02 21:29 - 2013-04-09 10:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
    2013-06-02 21:29 - 2013-04-09 07:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
    2013-06-02 21:29 - 2013-04-09 07:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-06-02 21:29 - 2013-04-09 07:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2013-06-02 21:29 - 2013-04-09 07:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2013-06-02 21:29 - 2013-04-09 05:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2013-06-02 21:29 - 2013-04-09 05:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2013-06-02 21:29 - 2013-04-09 05:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2013-06-02 21:29 - 2013-04-09 05:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2013-06-02 21:29 - 2013-04-09 05:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2013-06-02 21:29 - 2013-04-09 05:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
    2013-06-02 21:29 - 2013-04-09 05:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
    2013-06-02 21:29 - 2013-04-09 05:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2013-06-02 21:29 - 2013-04-09 05:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2013-06-02 21:29 - 2013-04-05 07:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
    2013-06-02 21:29 - 2013-04-03 06:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
    2013-06-02 21:29 - 2013-03-31 02:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
    2013-06-02 21:29 - 2013-03-31 02:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
    2013-06-02 21:29 - 2013-03-29 06:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
    2013-06-02 21:29 - 2013-03-29 06:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
    2013-06-02 21:29 - 2013-03-16 06:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
    2013-06-02 21:29 - 2013-03-16 06:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
    2013-06-02 21:29 - 2012-12-13 12:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-06-02 21:29 - 2012-12-13 11:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-05-18 17:05 - 2013-06-05 22:54 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
    2013-05-17 12:52 - 2013-04-10 07:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-17 12:52 - 2013-04-10 07:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-05-17 12:52 - 2013-04-10 07:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-17 12:52 - 2013-04-10 07:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-17 12:52 - 2013-04-10 07:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-17 12:52 - 2013-04-10 07:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-17 12:52 - 2013-04-10 06:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-17 12:52 - 2013-04-10 06:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-17 12:52 - 2013-04-10 06:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-17 12:52 - 2013-02-12 09:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2013-05-17 12:52 - 2013-02-12 08:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
    2013-05-17 12:51 - 2013-04-16 10:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-17 12:51 - 2013-04-11 14:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-05-17 12:51 - 2013-03-22 11:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
    2013-05-17 12:51 - 2013-03-22 06:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
    2013-05-17 12:51 - 2013-03-15 08:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
    2013-05-17 12:51 - 2013-03-06 15:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-17 12:51 - 2013-03-06 14:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-17 12:51 - 2013-03-06 14:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-17 12:51 - 2013-03-06 14:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-17 12:51 - 2013-03-06 13:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-17 12:51 - 2013-03-06 13:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-17 12:49 - 2013-05-17 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2013-05-16 20:55 - 2013-05-16 20:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
    2013-05-11 11:29 - 2013-05-11 11:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
    2013-05-11 11:28 - 2013-06-08 18:22 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-05-11 11:28 - 2013-05-11 11:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2013-05-11 11:23 - 2013-06-08 18:22 - 00000000 ____D C:\ProgramData\Adobe
    2013-05-11 01:37 - 2013-05-11 01:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== One Month Modified Files and Folders =======

    2013-06-08 18:22 - 2013-06-07 18:21 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-08 18:22 - 2013-05-11 11:28 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-06-08 18:22 - 2013-05-11 11:23 - 00000000 ____D C:\ProgramData\Adobe
    2013-06-08 18:22 - 2013-05-07 12:23 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\ICAClient
    2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\Users\Vivek\AppData\Local\Citrix
    2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\ProgramData\Citrix
    2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\Program Files (x86)\Citrix
    2013-06-08 18:22 - 2013-05-07 12:17 - 00000000 ____D C:\Program Files (x86)\Cisco
    2013-06-08 18:22 - 2013-05-07 12:16 - 00000000 ____D C:\Program Files (x86)\Java
    2013-06-08 18:22 - 2013-04-21 13:31 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\vlc
    2013-06-08 18:22 - 2013-04-21 13:11 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-08 18:22 - 2013-04-21 12:52 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\uTorrent
    2013-06-08 18:22 - 2013-04-20 15:10 - 00000000 ____D C:\Users\Vivek\AppData\Local\Google
    2013-06-08 18:22 - 2013-04-20 15:06 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Adobe
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\registration
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Defender
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2013-06-08 18:22 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\servicing
    2013-06-08 12:10 - 2013-06-08 12:10 - 00000000 ____D C:\FRST
    2013-06-08 12:09 - 2013-06-08 12:09 - 01358671 ____A (Farbar) C:\Users\Vivek\Desktop\FRST.exe
    2013-06-08 12:07 - 2013-06-08 12:07 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
    2013-06-08 12:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\sru
    2013-06-08 11:23 - 2012-07-26 01:10 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-08 11:20 - 2013-06-08 11:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-08 11:14 - 2013-06-08 11:02 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
    2013-06-08 10:35 - 2012-07-26 15:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-08 10:31 - 2012-07-26 15:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-08 10:31 - 2012-07-26 13:26 - 00524288 __ASH C:\Windows\System32\config\BBI
    2013-06-08 10:31 - 2012-07-26 01:10 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-08 10:31 - 2012-07-26 00:46 - 01341936 ____A C:\Windows\PFRO.log
    2013-06-08 10:28 - 2013-04-20 15:44 - 00000000 ____D C:\ProgramData\MFAData
    2013-06-08 10:26 - 2013-06-08 10:26 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-08 10:23 - 2013-06-08 10:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-06-08 10:23 - 2013-06-08 10:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
    2013-06-08 10:23 - 2013-05-07 01:46 - 380871978 ____A C:\Windows\MEMORY.DMP
    2013-06-08 10:23 - 2013-05-07 01:46 - 00000000 ____D C:\Windows\Minidump
    2013-06-08 10:23 - 2013-04-20 15:06 - 00000000 ____D C:\users\Vivek
    2013-06-07 18:21 - 2013-04-20 15:06 - 01265365 ____A C:\Windows\WindowsUpdate.log
    2013-06-05 22:54 - 2013-05-18 17:05 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
    2013-06-04 16:14 - 2013-04-21 18:21 - 00000000 ____D C:\Users\Vivek\Documents\Outlook Files
    2013-06-04 09:04 - 2013-04-20 15:06 - 00000000 ____D C:\Users\Vivek\AppData\Local\VirtualStore
    2013-06-04 09:01 - 2013-06-04 09:01 - 00000000 ____D C:\ProgramData\Macrovision
    2013-06-04 09:00 - 2012-07-26 01:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-06-04 08:56 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ToastData
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
    2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\en-GB
    2013-06-03 00:12 - 2013-04-20 15:50 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-06-03 00:12 - 2012-07-26 13:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
    2013-06-02 21:37 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent
    2013-06-02 21:26 - 2012-07-26 01:10 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-02 21:25 - 2012-07-26 15:21 - 00018118 ____A C:\Windows\setupact.log
    2013-05-17 13:33 - 2013-04-21 15:21 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-17 12:49 - 2013-05-17 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2013-05-17 12:49 - 2013-04-21 13:11 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Apple Computer
    2013-05-16 20:55 - 2013-05-16 20:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
    2013-05-11 11:29 - 2013-05-11 11:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
    2013-05-11 11:28 - 2013-05-11 11:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2013-05-11 01:37 - 2013-05-11 01:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    C:\Program Files\Windows Defender\en-GB => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    Last Boot: 2013-06-03 00:20

    ==================== End Of Log ============================
     
  13. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2013 02
    Ran by Vivek at 2013-06-08 12:11:01 Run:
    Running from C:\Users\Vivek\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    µTorrent (Version: 3.3.0.29544)
    Adobe Reader XI (11.0.02) (Version: 11.0.02)
    Apple Application Support (Version: 2.3.3)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (Version: 2.1.3.127)
    ASUS GPU Tweak (Version: 2.1.4.0)
    ASUS Product Register Program (Version: 1.0.014)
    ASUS Utility (Version: 1.00.0000)
    ASUS VGA Driver (Version: 3.0.0.1)
    AVG 2013 (Version: 13.0.3199)
    AVG 2013 (Version: 13.0.3343)
    AVG 2013 (Version: 2013.0.3343)
    Bonjour (Version: 3.0.0.10)
    Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
    Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
    Citrix Authentication Manager (Version: 2.0.0.41479)
    Citrix Receiver (HDX Flash Redirection) (Version: 13.1.0.89)
    Citrix Receiver (Version: 13.1.0.89)
    Citrix Receiver Inside (Version: 3.1.0.64094)
    Citrix Receiver(Aero) (Version: 13.1.0.89)
    Citrix Receiver(DV) (Version: 13.1.0.89)
    Citrix Receiver(USB) (Version: 13.1.0.89)
    Google Chrome (Version: 27.0.1453.94)
    Google Update Helper (Version: 1.3.21.145)
    Intel(R) Control Center (Version: 1.2.1.1008)
    Intel(R) Management Engine Components (Version: 8.1.0.1252)
    Intel(R) Rapid Storage Technology (Version: 11.5.0.1207)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1)
    iTunes (Version: 11.0.2.26)
    Java 7 Update 21 (Version: 7.0.210)
    Java Auto Updater (Version: 2.1.9.5)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
    Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    ObjectDock Free (Version: 2.00)
    Online Plug-in (Version: 13.1.0.89)
    Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
    Realtek High Definition Audio Driver (Version: 6.0.1.6657)
    Self-service Plug-in (Version: 3.1.0.21744)
    Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
    VLC media player 2.0.6 (Version: 2.0.6)

    ==================== Restore Points =========================

    14-05-2013 06:22:03 Windows Update
    02-06-2013 16:20:42 Windows Update
    04-06-2013 01:00:50 Installed Adobe Photoshop

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/08/2013 11:00:00 AM) (Source: ESENT) (User: )
    Description: svchost (1876) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU000D6.log.

    Error: (06/08/2013 10:31:56 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
    Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/08/2013 10:23:44 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
    Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/07/2013 01:37:05 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3172

    Error: (06/07/2013 01:37:05 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3172

    Error: (06/07/2013 01:37:05 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/07/2013 01:37:04 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2109

    Error: (06/07/2013 01:37:04 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2109

    Error: (06/07/2013 01:37:04 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/07/2013 01:37:03 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1062


    System errors:
    =============
    Error: (06/08/2013 10:31:30 AM) (Source: Service Control Manager) (User: )
    Description: The AVG Firewall service terminated with the following service-specific error:
    %%3758162007

    Error: (06/08/2013 10:31:07 AM) (Source: Service Control Manager) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (06/08/2013 10:23:22 AM) (Source: Service Control Manager) (User: )
    Description: The AVG Firewall service terminated with the following service-specific error:
    %%3758162007

    Error: (06/08/2013 10:23:18 AM) (Source: BugCheck) (User: )
    Description: 0x000000ef (0xfffffa800679b080, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP060813-9906-01

    Error: (06/07/2013 06:22:08 PM) (Source: NetBT) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.1.1.9.
    The computer with the IP address 10.1.1.1 did not allow the name to be claimed by
    this computer.

    Error: (06/07/2013 11:20:33 AM) (Source: Service Control Manager) (User: )
    Description: The AVG Firewall service terminated with the following service-specific error:
    %%3758162007

    Error: (06/07/2013 11:20:32 AM) (Source: BugCheck) (User: )
    Description: 0x000000d1 (0x0000000000000028, 0x0000000000000002, 0x0000000000000000, 0xfffff88001cdbfd2)C:\Windows\MEMORY.DMP060713-11984-01

    Error: (06/07/2013 11:20:30 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 10:58:08 AM on ?7/?06/?2013 was unexpected.

    Error: (06/04/2013 08:20:29 AM) (Source: Service Control Manager) (User: )
    Description: The AVG Firewall service terminated with the following service-specific error:
    %%3758162007

    Error: (06/04/2013 08:19:56 AM) (Source: Service Control Manager) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5


    Microsoft Office Sessions:
    =========================
    Error: (06/08/2013 11:00:00 AM) (Source: ESENT)(User: )
    Description: svchost1876SRUJet: C:\Windows\system32\SRU\SRU000D6.log-1811 (0xfffff8ed)

    Error: (06/08/2013 10:31:56 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

    Error: (06/08/2013 10:23:44 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

    Error: (06/07/2013 01:37:05 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3172

    Error: (06/07/2013 01:37:05 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3172

    Error: (06/07/2013 01:37:05 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/07/2013 01:37:04 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2109

    Error: (06/07/2013 01:37:04 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2109

    Error: (06/07/2013 01:37:04 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/07/2013 01:37:03 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1062


    ==================== Memory info ===========================

    Percentage of memory in use: 27%
    Total physical RAM: 8141.93 MB
    Available physical RAM: 5905.41 MB
    Total Pagefile: 16333.93 MB
    Available Pagefile: 13606.66 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.76 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.45 GB) (Free:64.84 GB) NTFS (Disk=0 Partition=2)
    Drive e: (VivekStorage) (Fixed) (Total:931.51 GB) (Free:889.84 GB) NTFS (Disk=1 Partition=1)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: F20632BD)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 02E24DA9)
    Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  14. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-06-2013 02
    Ran by Vivek at 2013-06-08 12:59:30 Run:1
    Running from C:\Users\Vivek\Desktop
    Boot Mode: Normal
    ==============================================

    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
    "C:\Program Files\Windows Defender\en-GB" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

    ==== End of Fixlog ====
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Very good :)

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Hi Broni,

    Thanks for your help, it is much appreciated. The computer is doing well. As it is fairly new, I haven'tnoticed much of a issue during operation but this morning it booted up normally whereas it crashed yesterday morning during boot up. So it does seem to be improving
     
  18. vekky

    vekky TS Rookie Topic Starter Posts: 34

    AdwCleaner[S1]
    # AdwCleaner v2.303 - Logfile created 06/09/2013 at 11:00:50
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 8 (64 bits)
    # User : Vivek - VIVEKDESKTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Vivek\Desktop\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Folder Deleted : C:\Users\Vivek\AppData\LocalLow\Conduit
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v10.0.9200.16537
    [OK] Registry is clean.
    -\\ Google Chrome v27.0.1453.110
    File : C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [943 octets] - [09/06/2013 11:00:50]
    ########## EOF - C:\AdwCleaner[S1].txt - [1002 octets] ##########
     
  19. vekky

    vekky TS Rookie Topic Starter Posts: 34

    JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 8 x64
    Ran by Vivek on Sun 09/06/2013 at 11:07:12.21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/06/2013 at 11:08:48.13
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  20. vekky

    vekky TS Rookie Topic Starter Posts: 34

    OTL.txt

    OTL logfile created on: 9/06/2013 11:16:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vivek\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16580)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    7.95 Gb Total Physical Memory | 6.61 Gb Available Physical Memory | 83.09% Memory free
    15.95 Gb Paging File | 14.52 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.45 Gb Total Space | 64.72 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 889.84 Gb Free Space | 95.53% Space Free | Partition Type: NTFS

    Computer Name: VIVEKDESKTOP | User Name: Vivek | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/09 11:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vivek\Desktop\OTL.exe
    PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/13 21:44:45 | 000,702,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    PRC - [2012/12/13 21:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    PRC - [2012/07/17 12:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2012/07/17 12:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2012/07/09 11:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2012/07/09 11:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2012/06/25 08:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    PRC - [2012/01/17 09:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
    PRC - [2011/12/22 11:37:54 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2011/12/22 11:36:50 | 000,362,432 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2011/12/19 14:57:48 | 001,136,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    PRC - [2011/12/19 12:35:16 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    PRC - [2010/11/08 23:21:05 | 003,768,688 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/12/13 21:45:20 | 000,063,560 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    MOD - [2010/11/08 23:21:04 | 000,681,288 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll
    MOD - [2010/10/05 00:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll
    MOD - [2010/10/05 00:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll
    MOD - [2010/10/05 00:54:22 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\Docklets\Clock\Clock.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/04/09 12:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2013/03/02 10:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/02 10:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/02/02 16:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/01/29 09:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2013/01/10 07:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/01/10 07:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/10/18 01:52:28 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/09/20 17:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 14:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 14:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/07/26 11:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/07/26 11:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/26 11:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/26 11:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/26 11:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/26 11:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/26 11:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/26 11:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/26 11:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/26 11:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/26 11:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/26 11:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/26 11:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/26 08:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV:64bit: - [2012/04/20 12:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
    SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/13 21:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
    SRV - [2012/07/26 11:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/07/26 11:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2012/07/17 12:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2012/07/17 12:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2012/07/09 11:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2012/06/25 08:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
    SRV - [2012/01/17 09:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/09 13:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/03/21 03:08:26 | 000,248,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
    DRV:64bit: - [2013/03/02 18:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2013/03/02 18:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/03/02 18:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2013/03/02 18:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/03/02 18:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013/02/02 19:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/02/02 15:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/01/29 09:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2013/01/29 07:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2013/01/10 09:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/12/13 21:28:42 | 000,050,128 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64-6.sys -- (vpnva)
    DRV:64bit: - [2012/12/13 21:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/11/27 11:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/20 12:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 11:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
    DRV:64bit: - [2012/10/18 01:52:18 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/10/18 01:52:16 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/10/12 16:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 15:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 15:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/09/20 15:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 15:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 15:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 15:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/31 00:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2012/07/26 13:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 13:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 13:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 13:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 13:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 13:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 13:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 13:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 13:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 13:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 13:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 13:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 13:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 13:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 13:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 13:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 13:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/26 12:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/26 12:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/26 12:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/26 11:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/26 10:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/26 10:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/26 10:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/26 10:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/26 10:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/26 10:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/26 10:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/26 10:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/26 10:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/26 10:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/26 10:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/26 10:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/26 10:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/26 10:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/26 10:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/26 10:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/26 10:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/26 10:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/26 10:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/26 10:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/26 10:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/09 11:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/07/02 13:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/02 22:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/06/29 05:18:16 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2011/05/18 06:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/04/08 21:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2010/02/23 05:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\Drivers\IOMap64.sys -- (IOMap)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

    ========== Standard Registry (SafeList) ==========
     
  21. vekky

    vekky TS Rookie Topic Starter Posts: 34

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 4F ED 40 69 50 CE 01 [binary data]
    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    CHR - Extension: YouTube = C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: AdBlock = C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
    CHR - Extension: Gmail = C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/26 13:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
    O4 - Startup: C:\Users\Vivek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB15E06F-0B29-48D9-8960-83612773815A}: DhcpNameServer = 10.1.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/09 11:14:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vivek\Desktop\OTL.exe
    [2013/06/09 11:07:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/06/09 11:06:34 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/09 11:06:10 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Vivek\Desktop\JRT.exe
    [2013/06/08 12:58:10 | 001,919,218 | ---- | C] (Farbar) -- C:\Users\Vivek\Desktop\FRST64.exe
    [2013/06/08 12:10:32 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/06/08 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/08 11:02:22 | 000,000,000 | ---D | C] -- C:\Users\Vivek\Desktop\Virus
    [2013/06/08 10:26:53 | 000,000,000 | ---D | C] -- C:\Users\Vivek\AppData\Roaming\Malwarebytes
    [2013/06/08 10:26:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/06/08 10:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/06/08 10:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/06/08 10:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/06/08 10:26:16 | 000,000,000 | ---D | C] -- C:\Users\Vivek\AppData\Local\Programs
    [2013/06/07 18:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264 Video Codec
    [2013/06/04 09:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
    [2013/06/03 00:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/05/11 11:29:44 | 000,000,000 | ---D | C] -- C:\Users\Vivek\AppData\Local\Adobe
    [2013/05/11 11:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/05/11 11:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2013/05/11 11:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

    ========== Files - Modified Within 30 Days ==========

    [2013/06/09 11:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vivek\Desktop\OTL.exe
    [2013/06/09 11:06:13 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Vivek\Desktop\JRT.exe
    [2013/06/09 11:06:01 | 000,850,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/06/09 11:06:01 | 000,723,298 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/06/09 11:06:01 | 000,136,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/06/09 11:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/09 11:01:51 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/09 11:01:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/06/09 11:01:33 | 2534,981,631 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/09 10:59:01 | 000,648,201 | ---- | M] () -- C:\Users\Vivek\Desktop\adwcleaner.exe
    [2013/06/08 23:23:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/08 16:24:37 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/08 12:07:56 | 001,919,218 | ---- | M] (Farbar) -- C:\Users\Vivek\Desktop\FRST64.exe
    [2013/06/08 10:23:16 | 000,422,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/06/08 10:23:11 | 380,871,978 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/06/03 00:12:18 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/05/17 14:36:28 | 000,086,150 | ---- | M] () -- C:\Users\Vivek\Desktop\Cirque du Soleil Official Website - Tickets - Perth.pdf
    [2013/05/17 12:49:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    [2013/05/11 11:28:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

    ========== Files Created - No Company Name ==========

    [2013/06/09 10:58:56 | 000,648,201 | ---- | C] () -- C:\Users\Vivek\Desktop\adwcleaner.exe
    [2013/06/08 10:23:14 | 000,422,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/06/02 21:29:28 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
    [2013/05/17 14:36:28 | 000,086,150 | ---- | C] () -- C:\Users\Vivek\Desktop\Cirque du Soleil Official Website - Tickets - Perth.pdf
    [2013/05/17 12:49:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    [2013/05/11 11:28:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/05/11 11:28:32 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/05/05 19:34:01 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2012/10/18 01:52:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/10/18 01:52:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/10/18 01:52:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2012/07/26 16:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2012/07/26 16:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2012/07/26 15:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2012/07/26 09:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2012/07/26 04:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2012/07/26 04:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/07/26 01:47:22 | 000,811,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/26 01:10:15 | 000,051,056 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2012/07/26 01:07:10 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/07/26 01:07:07 | 000,036,990 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/07/26 01:07:07 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2012/07/26 00:46:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/06/02 22:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2012/04/20 11:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
    [2012/01/17 09:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 14:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 13:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 11:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 11:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 11:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/05/10 10:24:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/05/10 10:24:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/04/20 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\AVG2013
    [2013/06/08 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\ICAClient
    [2013/04/21 22:03:47 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\Stardock
    [2013/04/20 15:50:23 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\TuneUp Software
    [2013/06/08 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Vivek\AppData\Roaming\uTorrent

    ========== Purity Check ==========




    < End of report >
     
  22. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Extras.txt

    OTL Extras logfile created on: 9/06/2013 11:16:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vivek\Desktop
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16580)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    7.95 Gb Total Physical Memory | 6.61 Gb Available Physical Memory | 83.09% Memory free
    15.95 Gb Paging File | 14.52 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.45 Gb Total Space | 64.72 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
    Drive E: | 931.51 Gb Total Space | 889.84 Gb Free Space | 95.53% Space Free | Partition Type: NTFS

    Computer Name: VIVEKDESKTOP | User Name: Vivek | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3786517670-1886614608-158006185-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{8DDDA781-63F1-48F8-AD55-8C2DB8AB8FDD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0176453D-42E9-455B-8196-3996B127A436}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{16D95326-03B4-418F-BEB7-1B58EEC37ABB}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{18A6B5BA-071B-4499-A5C2-73FF28F56884}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{1AA87FF3-731F-4581-9518-D1E7545841DC}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{2ED81796-7628-4703-B440-6E3B21E3EFB0}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{2F69255F-A0DB-4AD3-A144-8B189A1AC773}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{38084295-5050-4B6C-9350-624060926E1B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{510D49BE-272F-4AA3-AE6F-4E8E2A898694}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{5F3E061A-8AD9-444B-9E88-226577078C89}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{5F77C0B2-F6B6-4AAA-81B9-67C3288D24E1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{600DEF78-BA18-4EA7-A20D-AB648C853937}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{613D6BA5-276B-4E3A-9522-A9AD14E655C8}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{65362466-09E9-4CC0-8A0F-26EE652BE80B}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{6938DE13-8E19-4CFD-9078-524E683D1EFB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{69C039D2-7D11-449B-AAA1-0FC2C8925216}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{6B9A7E82-3A3E-4B5B-87EA-DC535E66D256}" = protocol=6 | dir=in | app=c:\users\vivek\appdata\roaming\utorrent\utorrent.exe |
    "{6C8C136B-AC54-409D-A246-0C422F6ABEE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{77CD998E-80A2-4E5A-868E-7E53AC132B64}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{8130B1DA-34D8-4534-9F36-32E879D43A10}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{83154E71-FAEB-41A4-9A1E-B443512D72E5}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{8472AEDB-09BC-4B4C-A7E1-756B1BA3C97D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{87BE6866-9CCA-4653-A613-3D15A6615139}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{8CA68F90-925C-4DF6-B567-59B3A1BAB701}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{9589E863-4FC6-40EF-8C11-B34B722F460B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A5A9041D-D0DE-4250-95EA-4BEF821BD110}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{AC0382CC-33FF-4807-9638-A2C54DF7FCE7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{AFC574A8-A0CF-4ACF-8750-592A07C9413F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{B1D2E05D-EDFE-467B-9F91-370D74A7055F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    "{B78CA84D-A108-4E6F-88C1-40E86B227A72}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{C4FBFF79-A936-4232-86F9-6752D7AD379D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{D04AB0A3-F80C-4BFC-A053-7E4E79DAD7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D21FB749-0F65-4417-95C3-9EFF0E714573}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{D45EBDAD-94F2-4DED-A7CB-385A73FADD4D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{DD745781-F85A-4C70-B178-E8196004B05C}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{DFEED989-4C1C-4310-9DDA-248D470DFE15}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E496E0C2-6371-4DCE-948B-96BC8FC2F227}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{E8641C40-543A-4AF4-80B4-155983F3177C}" = dir=out | name=windows_ie_ac_001 |
    "{EDA1A7B3-FB8B-436F-8DBC-2858A819F4C8}" = protocol=17 | dir=in | app=c:\users\vivek\appdata\roaming\utorrent\utorrent.exe |
    "{F373A197-9A7F-458E-8B90-06011C20572E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
    "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
    "AVG" = AVG 2013

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003A5708-9078-45C9-A2FE-EBBF422B3D0A}" = ASUS Utility
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{246CB06B-308C-4CAE-AD1C-CB8409274261}" = Citrix Receiver(Aero)
    "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
    "{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{49BE9B8A-E858-4533-A74A-64306C13DB59}" = ASUS Product Register Program
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{655C5545-7974-443F-882F-D745607EBB08}" = Citrix Receiver(DV)
    "{739A6D0C-CA8D-4955-8E3D-58D1847327AC}" = Online Plug-in
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{991057FA-3CA7-42B0-94B6-5B1B2535FBD3}" = Citrix Receiver Inside
    "{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
    "{A113003E-8271-4485-ABC1-83FB96BFFF52}" = Citrix Receiver(USB)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{BC728724-882E-4E2D-B3EE-E2C7332DC2F2}" = Citrix Receiver (HDX Flash Redirection)
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F605992E-FD5B-46D7-AFDA-FDB1AB00F829}" = Self-service Plug-in
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
    "CitrixOnlinePluginPackWeb" = Citrix Receiver
    "Google Chrome" = Google Chrome
    "InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "ObjectDock Free2.00" = ObjectDock Free
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.6

    ========== Last 20 Event Log Errors ==========

    [ Cisco AnyConnect Secure Mobility Client Events ]
    Error - 18/05/2013 7:38:23 AM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
    Line:
    1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
    (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

    Error - 18/05/2013 7:38:23 AM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
    Line:
    1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
    (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
    not contact target

    Error - 18/05/2013 7:38:23 AM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
    772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
    Description:
    NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

    Error - 18/05/2013 12:44:19 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CTlsTransport::OnSocketReadComplete File: .\IP\TlsTransport.cpp
    Line:
    519 Invoked Function: ISocketTransportCB::OnSocketReadComplete Return Code: -31588336
    (0xFE1E0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was
    shutdown by the operating system or a remote peer.

    Error - 18/05/2013 12:44:19 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CHttpSessionAsync::OnSocketReadComplete File: .\IP\HttpSessionAsync.cpp
    Line:
    1464 Invoked Function: CSocketTransport::readSocket Return Code: -31588336 (0xFE1E0010)
    Description:
    SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was shutdown by the operating
    system or a remote peer.

    Error - 18/05/2013 12:44:19 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CHttpProbeAsync::OnSendRequestComplete File: .\IP\HttpProbeAsync.cpp
    Line:
    373 Invoked Function: CHttpSessionAsync::OnSendRequestComplete Return Code: -31588336
    (0xFE1E0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN:The socket was
    shutdown by the operating system or a remote peer.

    Error - 18/05/2013 12:44:27 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
    Line:
    303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588316
    (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

    Error - 18/05/2013 12:44:27 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
    Line:
    1655 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31588316
    (0xFE1E0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT

    Error - 18/05/2013 12:44:27 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
    Line:
    1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
    (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
    not contact target

    Error - 18/05/2013 12:44:27 PM | Computer Name = VivekDesktop | Source = acvpnagent | ID = 67108866
    Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
    772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
    Description:
    NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target


    < End of report >
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKU\S-1-5-21-3786517670-1886614608-158006185-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. vekky

    vekky TS Rookie Topic Starter Posts: 34

    Hi Broni,

    After running the fix on OTL, I am unable to log back in using my windows live credentials as it says my passowrd is wrong. I am sure I have entered it correctly and a quick google search says that it might be because some credentials may have been deleted in windows. I am unsure how to proceed. Any ideas?
     
  25. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Are you posting from some other computer?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.