Solved Virus identified Win64/Patched.A can't be removed with AVG

[Dendi]

Hi Guys,

since yesterday, I keep receiving AVG virus alters on my PC and they are being cleaned except for the one that says

Virus identified Win64/Patched.A


I have searched through the forum for solutions but I would like to make sure that I do not do something that would ruin my system.

Appreciate if anyone could help.

Regards

 

[Dendi]

Here are the results from Farbar

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Dropbox, Inc.) C:\Users\dendi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Visagesoft) C:\Program Files (x86)\Avanquest\Expert PDF 8 Professional\vspdfprsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp [4267064 2013-04-27] (SoftEther Project at University

of Tsukuba, Japan.)
HKLM-x32\...\Runonce: [WD Smartware Upgrader - Uninstall] cmd /c MsiExec.exe /X{3890215D-D18A-43EF-AE0C-0C6B084F652D} /qn [x]
HKCU\...\Run: [Facebook Update] "C:\Users\dendi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-02-15] (Facebook Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [openvpntray.EXE] C:\Users\dendi\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin [x]
HKCU\...\Run: [Mobile Partner] C:\Program Files (x86)\Qtel Mobile Broadband\Qtel Mobile Broadband.exe [515072 2013-04-15] ()
HKCU\...\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband [x]
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
MountPoints2: F - "F:\WD Drive Unlock.exe" autoplay=true
MountPoints2: G - "G:\WD Drive Unlock.exe" autoplay=true
MountPoints2: H - H:\AutoRun.exe
MountPoints2: {0da1c840-a657-11e2-8218-ca5426c6984a} - I:\AutoRun.exe /s
MountPoints2: {8f088e77-a8d9-11e2-8603-c7e321c0e347} - F:\AutoRun.exe
MountPoints2: {9381be26-abd7-11e2-987f-efe378551f59} - F:\AutoRun.exe
MountPoints2: {93c3d6b6-a1a5-11e2-a75c-00ac778b001b} - F:\AutoRun.exe /s
MountPoints2: {93c3d6cd-a1a5-11e2-a75c-00ac778b001b} - F:\AutoRun.exe /s
MountPoints2: {93d8decf-a4c2-11e2-83d0-00ac778b001b} - F:\AutoRun.exe
MountPoints2: {93d8dee5-a4c2-11e2-83d0-00ac778b001b} - F:\AutoRun.exe
MountPoints2: {93d8df06-a4c2-11e2-83d0-00ac778b001b} - F:\AutoRun.exe
MountPoints2: {9aac018e-86e9-11e2-870c-e42f57de7c53} - F:\AutoRun.exe
MountPoints2: {9aac01d8-86e9-11e2-870c-e42f57de7c53} - F:\AutoRun.exe
MountPoints2: {9aac081a-86e9-11e2-870c-e42f57de7c53} - F:\AutoRun.exe
MountPoints2: {cdf5a621-7342-11e2-ae63-00ac778b001b} - G:\LaunchU3.exe -a
MountPoints2: {e82726c8-5a1c-11e2-a341-7845c4a33b5a} - "F:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey [5164624 2012-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Avanquest\Expert PDF 8 Professional\vspdfprsrv.exe --background [6078464 2012-04-23] (Visagesoft)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5237256 2012-12-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED [12995376 2013-05-24] (Zemana Ltd.)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [89936 2013-05-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL [82696 2013-05-24] (Zemana Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe (No File)
Startup: C:\Users\dendi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dendi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: nhq-proxy:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uae.msn.com/?rd=1&ucc=QA&dcc=QA&opt=1&ocid=iehp&tc=0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2}: [NameServer]212.77.192.59 212.77.192.60
Tcpip\..\Interfaces\{A4E60143-839F-4212-8694-2C4921D717CC}: [NameServer]212.77.192.59 212.77.192.60

FireFox:
========
FF ProfilePath: C:\Users\dendi\AppData\Roaming\Mozilla\Firefox\Profiles\rlolupo8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ???????? HTTP ?????????? - C:\Users\dendi\AppData\Roaming\Mozilla\Firefox\Profiles\rlolupo8.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}

{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey=

{google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\dendi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.22) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Bejeweled) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Google Docs) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0
CHR Extension: (Cut the Rope) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0
CHR Extension: (Expenses.co.in) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplpdfhoildmmfmchmhhfgigfhehjdbn\1.0.0.0_0
CHR Extension: (CouponsHelper) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpeepoceboiddajjkgdccddjkmmiigdh\1.3_0
CHR Extension: (Poppit) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Mail Checker) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Booking.com) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc\1.0.0.6_0
CHR Extension: (Gmail) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Qtel Mobile Broadband. RunOuc; C:\Program Files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [655712 2012-06-14] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4267064 2013-04-27] (SoftEther Project at University of Tsukuba, Japan.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [26080 2013-05-24] (Zemana Ltd.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0118.sys [29312 2013-01-26] (SoftEther Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [x]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [x]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [x]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [x]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-22 16:30 - 2013-06-22 16:30 - 00000000 ____D C:\FRST
2013-06-22 16:17 - 2013-06-22 16:17 - 02347384 ____A (ESET) C:\Users\dendi\Downloads\esetsmartinstaller_enu.exe
2013-06-22 16:17 - 2013-06-22 16:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 16:16 - 2013-06-22 16:16 - 01931364 ____A (Farbar) C:\Users\dendi\Downloads\FRST64.exe
2013-06-20 22:45 - 2013-06-20 22:45 - 00000000 ____D C:\Program Files (x86)\Twitter
2013-06-20 22:43 - 2013-06-20 22:44 - 14643200 ____A C:\Users\dendi\Downloads\TweetDeck.msi
2013-06-20 22:16 - 2013-06-22 15:44 - 00000000 ____D C:\Users\dendi\AppData\Local\AntiLogger Free
2013-06-20 22:07 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-06-20 22:07 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-06-20 22:07 - 2013-05-24 17:08 - 00026080 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2013-06-20 22:06 - 2013-06-20 22:06 - 04316560 ____A (Zemana Ltd. ) C:\Users\dendi\Downloads

\AntiLoggerFree_Setup_1.6.2.226.exe
2013-06-19 10:53 - 2013-06-19 10:53 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal_20130619.psd
2013-06-19 10:44 - 2013-06-19 10:44 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal.psd
2013-06-19 10:21 - 2013-06-19 10:22 - 99012171 ____A C:\Users\dendi\Downloads\Ramadan Charity.rar
2013-06-18 12:11 - 2013-06-18 12:11 - 00020941 ____A C:\Users\dendi\Desktop\Copy of QODP DB Credentials Cross env's v1 2 (6).xlsx
2013-06-16 08:48 - 2013-06-16 15:49 - 00009477 ____A C:\Users\dendi\Desktop\Hours - June QTL10.xlsx
2013-06-13 14:15 - 2013-06-13 14:15 - 01418352 ____A (Juniper Networks, Inc.) C:\Users\dendi\Downloads\JuniperSetupClientInstaller.exe
2013-06-13 12:48 - 2013-06-13 12:48 - 03502400 ____A (RealVNC Ltd) C:\Users\dendi\Downloads\VNC-Viewer-5.0.5-Windows-64bit.exe
2013-06-08 23:06 - 2013-06-09 15:07 - 00000141 ____A C:\Users\dendi\Desktop\Numbers.txt
2013-06-02 16:02 - 2013-06-02 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-31 23:55 - 2013-05-31 23:55 - 00272531 ____A C:\Users\dendi\Downloads\contacts.csv
2013-05-31 22:43 - 2013-05-31 22:43 - 00851007 ____A C:\Users\dendi\Downloads\00001.vcf
2013-05-28 23:46 - 2013-05-29 00:08 - 00000000 ____D C:\Program Files (x86)\SmartBear
2013-05-28 23:46 - 2013-05-28 23:46 - 00002273 ____A C:\Users\Public\Desktop\soapUI 4.5.2.lnk
2013-05-28 23:26 - 2013-05-28 23:44 - 143916176 ____A (SmartBear Software) C:\Users\dendi\Downloads\soapUI-x32-4.5.2.exe
2013-05-23 10:54 - 2013-05-23 10:54 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-05-23 10:53 - 2013-05-23 10:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-05-23 10:53 - 2013-05-23 10:54 - 00000000 ____D C:\ProgramData\BlueStacks
2013-05-23 10:53 - 2013-05-23 10:53 - 11995256 ____A (BlueStack Systems Inc.) C:\Users\dendi\Downloads\BlueStacks-SplitInstaller_native.exe

==================== One Month Modified Files and Folders =======

2013-06-22 16:30 - 2013-06-22 16:30 - 00000000 ____D C:\FRST
2013-06-22 16:25 - 2013-01-09 09:10 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-22 16:22 - 2013-01-18 03:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-22 16:17 - 2013-06-22 16:17 - 02347384 ____A (ESET) C:\Users\dendi\Downloads\esetsmartinstaller_enu.exe
2013-06-22 16:17 - 2013-06-22 16:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 16:16 - 2013-06-22 16:16 - 01931364 ____A (Farbar) C:\Users\dendi\Downloads\FRST64.exe
2013-06-22 16:15 - 2009-07-14 07:45 - 00015488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-22 16:15 - 2009-07-14 07:45 - 00015488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 16:11 - 2013-01-09 11:14 - 00000000 ____D C:\Users\dendi\AppData\Roaming\Dropbox
2013-06-22 16:10 - 2013-01-09 08:37 - 00000000 ____D C:\Users\dendi\AppData\Roaming\Skype
2013-06-22 16:08 - 2013-01-09 16:12 - 00000000 ____D C:\Users\dendi\Tracing
2013-06-22 16:06 - 2013-04-06 17:01 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2013-06-22 16:06 - 2013-01-09 09:10 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-22 16:05 - 2013-03-18 00:14 - 00026936 ____A C:\Windows\setupact.log
2013-06-22 16:05 - 2013-03-14 10:34 - 00000000 ____D C:\ProgramData\VMware
2013-06-22 16:05 - 2009-07-14 08:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 15:59 - 2013-03-21 23:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-22 15:51 - 2013-02-15 02:00 - 00000962 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-343818398-725345543-12728Core.job
2013-06-22 15:44 - 2013-06-20 22:16 - 00000000 ____D C:\Users\dendi\AppData\Local\AntiLogger Free
2013-06-22 15:44 - 2013-02-15 02:00 - 00000984 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-343818398-725345543-12728UA.job
2013-06-22 01:07 - 2013-04-12 15:12 - 00000000 ____D C:\Users\dendi\AppData\Roaming\vlc
2013-06-22 00:45 - 2013-04-04 21:34 - 00000000 ____D C:\Users\dendi\AppData\Roaming\uTorrent
2013-06-21 20:56 - 2013-04-19 21:03 - 00000000 ____D C:\Users\dendi\AppData\Local\Pokki
2013-06-20 22:45 - 2013-06-20 22:45 - 00000000 ____D C:\Program Files (x86)\Twitter
2013-06-20 22:44 - 2013-06-20 22:43 - 14643200 ____A C:\Users\dendi\Downloads\TweetDeck.msi
2013-06-20 22:07 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-06-20 22:07 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-06-20 22:06 - 2013-06-20 22:06 - 04316560 ____A (Zemana Ltd. ) C:\Users\dendi\Downloads

\AntiLoggerFree_Setup_1.6.2.226.exe
2013-06-20 11:10 - 2013-01-23 08:48 - 00000000 ____D C:\Users\dendi\Desktop\Temporary
2013-06-19 14:22 - 2013-01-14 18:53 - 00002188 ___AH C:\Users\dendi\Documents\Default.rdp
2013-06-19 10:53 - 2013-06-19 10:53 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal_20130619.psd
2013-06-19 10:44 - 2013-06-19 10:44 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal.psd
2013-06-19 10:22 - 2013-06-19 10:21 - 99012171 ____A C:\Users\dendi\Downloads\Ramadan Charity.rar
2013-06-18 21:40 - 2013-02-12 22:44 - 00000132 ____A C:\Users\dendi\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-18 21:39 - 2013-02-09 13:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-18 21:11 - 2009-07-14 08:13 - 00730528 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 12:11 - 2013-06-18 12:11 - 00020941 ____A C:\Users\dendi\Desktop\Copy of QODP DB Credentials Cross env's v1 2 (6).xlsx
2013-06-17 09:10 - 2013-02-05 22:09 - 00000000 ____D C:\Users\dendi\Desktop\Personal
2013-06-16 15:49 - 2013-06-16 08:48 - 00009477 ____A C:\Users\dendi\Desktop\Hours - June QTL10.xlsx
2013-06-13 14:15 - 2013-06-13 14:15 - 01418352 ____A (Juniper Networks, Inc.) C:\Users\dendi\Downloads\JuniperSetupClientInstaller.exe
2013-06-13 12:48 - 2013-06-13 12:48 - 03502400 ____A (RealVNC Ltd) C:\Users\dendi\Downloads\VNC-Viewer-5.0.5-Windows-64bit.exe
2013-06-12 10:22 - 2013-01-18 03:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:22 - 2013-01-18 03:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 08:54 - 2013-01-13 15:45 - 00000000 ____D C:\Users\dendi\Documents\My Received Files
2013-06-09 15:07 - 2013-06-08 23:06 - 00000141 ____A C:\Users\dendi\Desktop\Numbers.txt
2013-06-03 08:00 - 2013-01-08 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-02 16:02 - 2013-06-02 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-02 08:04 - 2013-03-21 23:53 - 00042728 ____A C:\Windows\PFRO.log
2013-05-31 23:55 - 2013-05-31 23:55 - 00272531 ____A C:\Users\dendi\Downloads\contacts.csv
2013-05-31 22:43 - 2013-05-31 22:43 - 00851007 ____A C:\Users\dendi\Downloads\00001.vcf
2013-05-29 00:08 - 2013-05-28 23:46 - 00000000 ____D C:\Program Files (x86)\SmartBear
2013-05-29 00:08 - 2013-01-08 11:25 - 00000000 ____D C:\users\iHorizons
2013-05-28 23:46 - 2013-05-28 23:46 - 00002273 ____A C:\Users\Public\Desktop\soapUI 4.5.2.lnk
2013-05-28 23:44 - 2013-05-28 23:26 - 143916176 ____A (SmartBear Software) C:\Users\dendi\Downloads\soapUI-x32-4.5.2.exe
2013-05-26 10:00 - 2013-04-25 13:13 - 00237056 ____A C:\Users\dendi\Desktop\Octopus_Issue_Feedback_Post_Go_Live_v1 0_2013-23-05.xls
2013-05-24 17:08 - 2013-06-20 22:07 - 00026080 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2013-05-23 10:58 - 2013-05-23 10:53 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-05-23 10:54 - 2013-05-23 10:54 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-05-23 10:54 - 2013-05-23 10:53 - 00000000 ____D C:\ProgramData\BlueStacks
2013-05-23 10:54 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-23 10:53 - 2013-05-23 10:53 - 11995256 ____A (BlueStack Systems Inc.) C:\Users\dendi\Downloads\BlueStacks-SplitInstaller_native.exe

ZeroAccess:
C:\Windows\Installer\{b053bc83-39fe-543c-7b96-99a430e0365a}
C:\Windows\Installer\{b053bc83-39fe-543c-7b96-99a430e0365a}\@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== End Of Log ============================

 

[Dendi]

The additional log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by dendi at 2013-06-22 16:32:55
Running from C:\Users\dendi\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 3.3.0.29462)
64 Bit HP CIO Components Installer (Version: 8.2.1)
Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Reader Extended Language Support Font Pack (x32 Version: 10.0.0)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
AntiLogger Free version 1.6.2.226 (x32 Version: 1.6.2.226)
AVG 2013 (Version: 13.0.3199)
AVG 2013 (Version: 13.0.3345)
AVG 2013 (Version: 2013.0.3345)
BlueStacks App Player (x32 Version: 0.7.12.896)
BlueStacks Notification Center (x32 Version: 0.7.12.896)
Bluetooth Win7 Suite (64) (Version: 7.2.0.83)
Bullzip PDF Printer 9.3.0.1516 (Version: 9.3.0.1516)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
CSVed 2.2.3 (x32 Version: 2.2.3)
CyberLink PhotoDirector 3 (x32 Version: 3.0.3618)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Resource CD (x32 Version: 1.00.0000)
Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0)
Dropbox (HKCU Version: 2.0.22)
ESET Online Scanner v3 (x32)
Expert PDF 8 Professional (x32 Version: 8.0.0140.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
IDT Audio (x32 Version: 1.0.6341.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2342)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Juniper Networks Network Connect 7.1.0 (x32 Version: 7.1.0.20169)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.6.17115)
Juniper Networks, Inc. Setup Client Activex Control (x32 Version: 2.1.1.1)
loadUI 2.1.1 (x32 Version: 2.1.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Communicator 2007 R2 (x32 Version: 3.5.6907.266)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Project 2010 Service Pack 1 (SP1) (x32)
Microsoft Project Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
PDF Settings CS5 (x32 Version: 10.0)
Photomatix Pro version 4.2.6 (Version: 4.2.6)
Pokki (HKCU Version: 0.263.13.325)
Qtel Mobile Broadband (x32 Version: 23.003.07.01.183)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011)
Samsung Kies (x32 Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0)
Skype™ 6.3 (x32 Version: 6.3.107)
soapUI 4.5.2 4.5.2 (x32 Version: 4.5.2)
SoftEther VPN Client (Version: 1.00.9074)
TeamViewer 8 (x32 Version: 8.0.18051)
tools-freebsd (x32 Version: 9.2.0.812388)
tools-linux (x32 Version: 9.2.0.812388)
tools-netware (x32 Version: 9.2.0.812388)
tools-solaris (x32 Version: 9.2.0.812388)
tools-windows (x32 Version: 9.2.0.812388)
tools-winPre2k (x32 Version: 9.2.0.812388)
TweetDeck (x32 Version: 3.0.2)
uMark 3 (x32 Version: 3.10)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.7 (x32 Version: 2.0.7)
VMware Workstation (Version: 9.0.0)
VMware Workstation (x32 Version: 9.0.0)
WD SmartWare (Version: 1.6.5.2)
WD Software Upgrader (x32 Version: 1.6.5.3)
WinRAR 4.01 (32-bit) (x32 Version: 4.01.0)

==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
##128.227.248.22ihwiki
127.0.0.1 activate.adobe.com
#127.0.0.1 localhost
127.0.0.1 activate.adobe.com


==================== Scheduled Tasks (whitelisted) =============


==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow

the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow

the instructions.

Name: Dell Wireless 1702 Bluetooth v3.0+HS
Description: Dell Wireless 1702 Bluetooth v3.0+HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow

the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow

the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2013 04:17:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows

\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2"

on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2013 04:17:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows

\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2"

on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2013 03:54:02 PM) (Source: RasClient) (User: )
Description: CoId={EC98BD1A-45A5-4974-A75E-C94A9688A4AE}: The user IHORIZONS\dendi dialed a connection named Amman VPN

which has failed. The error code returned on failure is 0.

Error: (06/22/2013 03:53:33 PM) (Source: RasClient) (User: )
Description: CoId={8730EBB1-1D70-403D-A2F1-D10ECD126E91}: The user IHORIZONS\dendi dialed a connection named Amman VPN

which has failed. The error code returned on failure is 806.

Error: (06/22/2013 03:51:36 PM) (Source: RasClient) (User: )
Description: CoId={1A9734D0-72F2-4B94-94E7-0570D377D0B4}: The user IHORIZONS\dendi dialed a connection named Amman VPN

which has failed. The error code returned on failure is 806.

Error: (06/21/2013 08:02:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file

"assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element

"assemblyIdentity" is invalid.

Error: (06/21/2013 06:44:13 PM) (Source: RasClient) (User: )
Description: CoId={2D37D966-49C8-4C45-A06E-2EECD414D570}: The user IHORIZONS\dendi dialed a connection named Amman VPN

which has failed. The error code returned on failure is 0.

Error: (06/21/2013 05:32:41 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{f72fb8c6-59c7-11e2-81a2-

806e6f6e6963} - 0000000000000134,0x0053c008,0000000000340840,0,000000000033F830,4096,[0]). hr = 0x80070079, The semaphore

timeout period has expired.
.


Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (06/20/2013 10:50:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file

"assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element

"assemblyIdentity" is invalid.

Error: (06/19/2013 09:38:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file

"assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element

"assemblyIdentity" is invalid.


System errors:
=============
Error: (06/22/2013 04:08:55 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The

following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (06/22/2013 04:07:24 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to

start because of the following error:
%%-2147024891

Error: (06/22/2013 04:07:24 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/22/2013 04:07:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT

AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/22/2013 04:06:25 PM) (Source: Microsoft-Windows-GroupPolicy) (User: IHORIZONS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may

be a transient condition. A success message would be generated once the machine gets connected to the domain controller and

Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your

administrator.

Error: (06/22/2013 04:06:23 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may

be a transient condition. A success message would be generated once the machine gets connected to the domain controller and

Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your

administrator.

Error: (06/22/2013 04:05:46 PM) (Source: Service Control Manager) (User: )
Description: The Qtel Mobile Broadband. OUC service failed to start due to the following error:
%%1053

Error: (06/22/2013 04:05:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Qtel Mobile Broadband. OUC service to

connect.

Error: (06/22/2013 04:05:46 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/22/2013 04:05:46 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be

installed.


Microsoft Office Sessions:
=========================
Error: (06/22/2013 04:17:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\dendi

\Downloads\esetsmartinstaller_enu.exe

Error: (06/22/2013 04:17:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests

\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\dendi

\Downloads\esetsmartinstaller_enu.exe

Error: (06/22/2013 03:54:02 PM) (Source: RasClient)(User: )
Description: {EC98BD1A-45A5-4974-A75E-C94A9688A4AE}IHORIZONS\dendiAmman VPN0

Error: (06/22/2013 03:53:33 PM) (Source: RasClient)(User: )
Description: {8730EBB1-1D70-403D-A2F1-D10ECD126E91}IHORIZONS\dendiAmman VPN806

Error: (06/22/2013 03:51:36 PM) (Source: RasClient)(User: )
Description: {1A9734D0-72F2-4B94-94E7-0570D377D0B4}IHORIZONS\dendiAmman VPN806

Error: (06/21/2013 08:02:02 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll3

Error: (06/21/2013 06:44:13 PM) (Source: RasClient)(User: )
Description: {2D37D966-49C8-4C45-A06E-2EECD414D570}IHORIZONS\dendiAmman VPN0

Error: (06/21/2013 05:32:41 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{f72fb8c6-59c7-11e2-81a2-806e6f6e6963} -

0000000000000134,0x0053c008,0000000000340840,0,000000000033F830,4096,[0])0x80070079, The semaphore timeout period has

expired.


Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (06/20/2013 10:50:11 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll3

Error: (06/19/2013 09:38:21 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files

(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe

AIR.dll3


CodeIntegrity Errors:
===================================
Date: 2013-04-23 08:43:21.985
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\drivers\ewusbwwan.sys because file hash could not be found on the system. A recent hardware or software change

might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown

source.

Date: 2013-04-23 08:43:21.632
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\drivers\ewusbwwan.sys because file hash could not be found on the system. A recent hardware or software change

might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown

source.

Date: 2013-04-23 08:41:55.956
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\drivers\ewusbwwan.sys because file hash could not be found on the system. A recent hardware or software change

might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown

source.

Date: 2013-04-23 08:41:55.685
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\drivers\ewusbwwan.sys because file hash could not be found on the system. A recent hardware or software change

might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown

source.

Date: 2013-03-21 22:55:07.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-21 22:38:23.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-21 21:53:42.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-21 21:35:38.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-21 21:27:37.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-03-21 21:14:55.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows

\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 4004.27 MB
Available physical RAM: 1364.96 MB
Total Pagefile: 8006.74 MB
Available Pagefile: 4520.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.9 GB) (Free:23.39 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:198.09 GB) (Free:24.62 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

 

[Dendi]

Thank you very much Broni for the prompt response. Here are the results are requested:

Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by mohamed.benmessaoud at 2013-06-23 21:43:10
Running from C:\Users\dendi\Downloads
Boot Mode: Normal

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 02:19] - [2009-07-14 04:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 02:19] - [2009-07-14 04:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Re-run FRST one more time and post new log.
Also let me know how computer is doing.

 

[Dendi]

Here is the Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013
Ran by mohamed.benmessaoud at 2013-06-23 22:36:44 Run:1
Running from C:\Users\dendi\Downloads
Boot Mode: Normal
==============================================

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0da1c840-a657-11e2-8218-ca5426c6984a} => Key deleted successfully.
HKCR\CLSID\{0da1c840-a657-11e2-8218-ca5426c6984a} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f088e77-a8d9-11e2-8603-c7e321c0e347} => Key deleted successfully.
HKCR\CLSID\{8f088e77-a8d9-11e2-8603-c7e321c0e347} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9381be26-abd7-11e2-987f-efe378551f59} => Key deleted successfully.
HKCR\CLSID\{9381be26-abd7-11e2-987f-efe378551f59} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c3d6b6-a1a5-11e2-a75c-00ac778b001b} => Key deleted successfully.
HKCR\CLSID\{93c3d6b6-a1a5-11e2-a75c-00ac778b001b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c3d6cd-a1a5-11e2-a75c-00ac778b001b} => Key deleted successfully.
HKCR\CLSID\{93c3d6cd-a1a5-11e2-a75c-00ac778b001b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93d8decf-a4c2-11e2-83d0-00ac778b001b} => Key deleted successfully.
HKCR\CLSID\{93d8decf-a4c2-11e2-83d0-00ac778b001b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93d8dee5-a4c2-11e2-83d0-00ac778b001b} => Key deleted successfully.
HKCR\CLSID\{93d8dee5-a4c2-11e2-83d0-00ac778b001b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93d8df06-a4c2-11e2-83d0-00ac778b001b} => Key deleted successfully.
HKCR\CLSID\{93d8df06-a4c2-11e2-83d0-00ac778b001b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aac018e-86e9-11e2-870c-e42f57de7c53} => Key deleted successfully.
HKCR\CLSID\{9aac018e-86e9-11e2-870c-e42f57de7c53} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aac01d8-86e9-11e2-870c-e42f57de7c53} => Key deleted successfully.
HKCR\CLSID\{9aac01d8-86e9-11e2-870c-e42f57de7c53} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9aac081a-86e9-11e2-870c-e42f57de7c53} => Key deleted successfully.
HKCR\CLSID\{9aac081a-86e9-11e2-870c-e42f57de7c53} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdf5a621-7342-11e2-ae63-00ac778b001b} => Key deleted successfully.
HKCR\CLSID\{cdf5a621-7342-11e2-ae63-00ac778b001b} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e82726c8-5a1c-11e2-a341-7845c4a33b5a} => Key deleted successfully.
HKCR\CLSID\{e82726c8-5a1c-11e2-a341-7845c4a33b5a} => Key not found.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\\LibraryPath Error setting value to %SystemRoot%\system32\NLAapi.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\\LibraryPath Error setting value to %SystemRoot%\System32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001\\LibraryPath Error setting value to %SystemRoot%\system32\NLAapi.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\\LibraryPath Error setting value to %SystemRoot%\System32\mswsock.dll
C:\Windows\Installer\{b053bc83-39fe-543c-7b96-99a430e0365a} => File/Directory not found.
C:\Windows\assembly\GAC_32\Desktop.ini => File/Directory not found.
C:\Windows\assembly\GAC_64\Desktop.ini => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
C:\Windows\System32\services.exe => Could not move.
Could not replace C:\Windows\System32\services.exe.

==== End of Fixlog ====

 

[Dendi]

And here are the results of the second scan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by dendi (ATTENTION: The logged in user is not administrator) on 23-06-2013 22:37:50
Running from C:\Users\dendi\Downloads
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Dropbox, Inc.) C:\Users\dendi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(Pokki) C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Trojan Remover] "C:\Program Files (x86)\Trojan Remover\RMVTRJAN.EXE" /restart [4975864 2013-06-20] (Simply Super Software)
HKCU\...\Run: [Facebook Update] "C:\Users\dendi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-02-15] (Facebook Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [openvpntray.EXE] C:\Users\dendi\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin [x]
HKCU\...\Run: [Mobile Partner] C:\Program Files (x86)\Qtel Mobile Broadband\Qtel Mobile Broadband.exe [515072 2013-04-15] ()
HKCU\...\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband [x]
HKCU\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-03-28] (Samsung)
HKLM-x32\...\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey [5164624 2012-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED [12995376 2013-05-24] (Zemana Ltd.)
HKLM-x32\...\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot [1653008 2013-06-23] (Simply Super Software)
HKLM-x32\...\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60 [2916264 2013-05-30] (Emsisoft GmbH)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [89936 2013-05-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL [82696 2013-05-24] (Zemana Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\dendi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dendi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: nhq-proxy:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uae.msn.com/?rd=1&ucc=QA&dcc=QA&opt=1&ocid=iehp&tc=0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2}: [NameServer]212.77.192.59 212.77.192.60
Tcpip\..\Interfaces\{A4E60143-839F-4212-8694-2C4921D717CC}: [NameServer]212.77.192.59 212.77.192.60

FireFox:
========
FF ProfilePath: C:\Users\dendi\AppData\Roaming\Mozilla\Firefox\Profiles\rlolupo8.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ???????? HTTP ?????????? - C:\Users\dendi\AppData\Roaming\Mozilla\Firefox\Profiles\rlolupo8.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\dendi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.22) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Bejeweled) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Google Docs) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0
CHR Extension: (Cut the Rope) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0
CHR Extension: (Expenses.co.in) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplpdfhoildmmfmchmhhfgigfhehjdbn\1.0.0.0_0
CHR Extension: (CouponsHelper) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpeepoceboiddajjkgdccddjkmmiigdh\1.3_0
CHR Extension: (Poppit) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Mail Checker) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Booking.com) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc\1.0.0.6_0
CHR Extension: (Gmail) - C:\Users\dendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2626880 2013-05-30] (Emsisoft GmbH)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 Qtel Mobile Broadband. RunOuc; C:\Program Files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [655712 2012-06-14] ()
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4267064 2013-04-27] (SoftEther Project at University of Tsukuba, Japan.)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15680000 2012-08-15] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [26080 2013-05-24] (Zemana Ltd.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0118.sys [29312 2013-01-26] (SoftEther Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [x]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [x]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [x]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [x]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-23 22:19 - 2013-06-23 22:19 - 00000000 ____D C:\Users\dendi\Documents\Simply Super Software
2013-06-23 22:17 - 2013-06-23 22:19 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-06-23 22:14 - 2013-06-23 22:15 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-23 22:14 - 2013-06-23 22:14 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-23 22:14 - 2003-02-02 20:06 - 00153088 ____A C:\Windows\SysWOW64\UNRAR3.dll
2013-06-23 22:14 - 2002-03-06 01:00 - 00075264 ____A C:\Windows\SysWOW64\unacev2.dll
2013-06-23 22:13 - 2013-06-23 22:13 - 00000606 ____A C:\Users\dendi\Downloads\eset.txt
2013-06-23 22:11 - 2013-06-23 22:11 - 00393040 ____A (Softonic ) C:\Users\dendi\Downloads\SoftonicDownloader_for_trojan-remover.exe
2013-06-23 22:10 - 2013-06-23 22:15 - 187563056 ____A (Emsisoft GmbH ) C:\Users\dendi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-06-23 21:43 - 2013-06-23 21:48 - 00000669 ____A C:\Users\dendi\Downloads\Search.txt
2013-06-23 21:42 - 2013-06-23 21:42 - 01931364 ____A (Farbar) C:\Users\dendi\Downloads\FRST64.exe
2013-06-23 21:35 - 2013-06-23 21:35 - 02347384 ____A (ESET) C:\Users\dendi\Downloads\esetsmartinstaller_enu.exe
2013-06-23 08:27 - 2013-06-23 08:27 - 00000056 ____A C:\Windows\setupact.log
2013-06-23 08:27 - 2013-06-23 08:27 - 00000000 ____A C:\Windows\setuperr.log
2013-06-22 23:34 - 2013-06-22 23:34 - 00000000 ____D C:\Program Files\CCleaner
2013-06-22 23:33 - 2013-06-22 23:33 - 04378864 ____A (Piriform Ltd) C:\Users\dendi\Downloads\ccsetup402.exe
2013-06-22 18:57 - 2013-06-22 23:23 - 00000000 ____D C:\ComboFix
2013-06-22 17:14 - 2013-06-22 17:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-22 17:08 - 2013-06-22 17:09 - 00000000 ____D C:\Qoobox
2013-06-22 17:05 - 2013-06-22 23:23 - 00000000 ____D C:\Windows\erdnt
2013-06-22 16:52 - 2013-06-22 23:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-22 16:52 - 2013-06-22 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-22 16:32 - 2013-06-22 16:59 - 00023640 ____A C:\Users\dendi\Downloads\Addition.txt
2013-06-22 16:30 - 2013-06-23 22:36 - 00000000 ____D C:\FRST
2013-06-22 16:17 - 2013-06-22 16:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-20 22:45 - 2013-06-20 22:45 - 00000000 ____D C:\Program Files (x86)\Twitter
2013-06-20 22:43 - 2013-06-20 22:44 - 14643200 ____A C:\Users\dendi\Downloads\TweetDeck.msi
2013-06-20 22:16 - 2013-06-22 15:44 - 00000000 ____D C:\Users\dendi\AppData\Local\AntiLogger Free
2013-06-20 22:07 - 2013-06-22 23:23 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-06-20 22:07 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-06-20 22:07 - 2013-05-24 17:08 - 00026080 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2013-06-20 22:06 - 2013-06-20 22:06 - 04316560 ____A (Zemana Ltd. ) C:\Users\dendi\Downloads\AntiLoggerFree_Setup_1.6.2.226.exe
2013-06-19 10:53 - 2013-06-19 10:53 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal_20130619.psd
2013-06-19 10:44 - 2013-06-19 10:44 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal.psd
2013-06-19 10:21 - 2013-06-19 10:22 - 99012171 ____A C:\Users\dendi\Downloads\Ramadan Charity.rar
2013-06-18 12:11 - 2013-06-18 12:11 - 00020941 ____A C:\Users\dendi\Desktop\Copy of QODP DB Credentials Cross env's v1 2 (6).xlsx
2013-06-16 08:48 - 2013-06-16 15:49 - 00009477 ____A C:\Users\dendi\Desktop\Hours - June QTL10.xlsx
2013-06-13 14:15 - 2013-06-13 14:15 - 01418352 ____A (Juniper Networks, Inc.) C:\Users\dendi\Downloads\JuniperSetupClientInstaller.exe
2013-06-13 12:48 - 2013-06-13 12:48 - 03502400 ____A (RealVNC Ltd) C:\Users\dendi\Downloads\VNC-Viewer-5.0.5-Windows-64bit.exe
2013-06-08 23:06 - 2013-06-09 15:07 - 00000141 ____A C:\Users\dendi\Desktop\Numbers.txt
2013-06-02 16:02 - 2013-06-22 23:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-31 23:55 - 2013-05-31 23:55 - 00272531 ____A C:\Users\dendi\Downloads\contacts.csv
2013-05-31 22:43 - 2013-05-31 22:43 - 00851007 ____A C:\Users\dendi\Downloads\00001.vcf
2013-05-28 23:46 - 2013-05-29 00:08 - 00000000 ____D C:\Program Files (x86)\SmartBear
2013-05-28 23:46 - 2013-05-28 23:46 - 00002273 ____A C:\Users\Public\Desktop\soapUI 4.5.2.lnk
2013-05-28 23:26 - 2013-05-28 23:44 - 143916176 ____A (SmartBear Software) C:\Users\dendi\Downloads\soapUI-x32-4.5.2.exe

==================== One Month Modified Files and Folders =======

2013-06-23 22:36 - 2013-06-22 16:30 - 00000000 ____D C:\FRST
2013-06-23 22:27 - 2013-03-21 23:33 - 00000000 ____D C:\ProgramData\MFAData
2013-06-23 22:25 - 2013-01-09 09:10 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 22:22 - 2013-01-18 03:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 22:19 - 2013-06-23 22:19 - 00000000 ____D C:\Users\dendi\Documents\Simply Super Software
2013-06-23 22:19 - 2013-06-23 22:17 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-06-23 22:15 - 2013-06-23 22:14 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2013-06-23 22:15 - 2013-06-23 22:10 - 187563056 ____A (Emsisoft GmbH ) C:\Users\dendi\Downloads\EmsisoftAntiMalwareSetup.exe
2013-06-23 22:14 - 2013-06-23 22:14 - 00000000 ____D C:\ProgramData\Simply Super Software
2013-06-23 22:13 - 2013-06-23 22:13 - 00000606 ____A C:\Users\dendi\Downloads\eset.txt
2013-06-23 22:11 - 2013-06-23 22:11 - 00393040 ____A (Softonic ) C:\Users\dendi\Downloads\SoftonicDownloader_for_trojan-remover.exe
2013-06-23 21:48 - 2013-06-23 21:43 - 00000669 ____A C:\Users\dendi\Downloads\Search.txt
2013-06-23 21:42 - 2013-06-23 21:42 - 01931364 ____A (Farbar) C:\Users\dendi\Downloads\FRST64.exe
2013-06-23 21:35 - 2013-06-23 21:35 - 02347384 ____A (ESET) C:\Users\dendi\Downloads\esetsmartinstaller_enu.exe
2013-06-23 21:25 - 2013-01-09 11:14 - 00000000 ____D C:\Users\dendi\AppData\Roaming\Dropbox
2013-06-23 20:30 - 2013-01-09 08:37 - 00000000 ____D C:\Users\dendi\AppData\Roaming\Skype
2013-06-23 20:29 - 2013-02-15 02:00 - 00000984 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-343818398-725345543-12728UA.job
2013-06-23 16:10 - 2013-01-14 18:53 - 00002188 ___AH C:\Users\dendi\Documents\Default.rdp
2013-06-23 08:37 - 2009-07-14 07:45 - 00015488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 08:37 - 2009-07-14 07:45 - 00015488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 08:28 - 2013-01-09 16:12 - 00000000 ____D C:\Users\dendi\Tracing
2013-06-23 08:27 - 2013-06-23 08:27 - 00000056 ____A C:\Windows\setupact.log
2013-06-23 08:27 - 2013-06-23 08:27 - 00000000 ____A C:\Windows\setuperr.log
2013-06-23 08:27 - 2013-04-06 17:01 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2013-06-23 08:27 - 2013-03-14 10:34 - 00000000 ____D C:\ProgramData\VMware
2013-06-23 08:27 - 2013-01-09 09:10 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 08:27 - 2009-07-14 08:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-22 23:37 - 2013-01-08 22:16 - 00000000 ____D C:\Windows\Panther
2013-06-22 23:34 - 2013-06-22 23:34 - 00000000 ____D C:\Program Files\CCleaner
2013-06-22 23:33 - 2013-06-22 23:33 - 04378864 ____A (Piriform Ltd) C:\Users\dendi\Downloads\ccsetup402.exe
2013-06-22 23:27 - 2013-01-08 11:25 - 00000000 ____D C:\users\iHorizons
2013-06-22 23:25 - 2013-01-08 16:45 - 00000000 ____D C:\users\dendi
2013-06-22 23:24 - 2013-01-08 15:24 - 00000000 ____D C:\users\mohammad.marei
2013-06-22 23:23 - 2013-06-22 18:57 - 00000000 ____D C:\ComboFix
2013-06-22 23:23 - 2013-06-22 17:05 - 00000000 ____D C:\Windows\erdnt
2013-06-22 23:23 - 2013-06-22 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-22 23:23 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-06-22 23:23 - 2013-04-27 22:31 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2013-06-22 23:23 - 2013-04-12 15:12 - 00000000 ____D C:\Users\dendi\AppData\Roaming\vlc
2013-06-22 23:23 - 2013-04-04 21:34 - 00000000 ____D C:\Users\dendi\AppData\Roaming\uTorrent
2013-06-22 23:23 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-22 23:23 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2013-06-22 23:23 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-22 23:20 - 2013-04-19 21:03 - 00000000 ____D C:\Users\dendi\AppData\Local\Pokki
2013-06-22 23:19 - 2013-06-02 16:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-22 17:14 - 2013-06-22 17:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-22 17:09 - 2013-06-22 17:08 - 00000000 ____D C:\Qoobox
2013-06-22 16:59 - 2013-06-22 16:32 - 00023640 ____A C:\Users\dendi\Downloads\Addition.txt
2013-06-22 16:52 - 2013-06-22 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-22 16:17 - 2013-06-22 16:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-06-22 15:44 - 2013-06-20 22:16 - 00000000 ____D C:\Users\dendi\AppData\Local\AntiLogger Free
2013-06-20 22:45 - 2013-06-20 22:45 - 00000000 ____D C:\Program Files (x86)\Twitter
2013-06-20 22:44 - 2013-06-20 22:43 - 14643200 ____A C:\Users\dendi\Downloads\TweetDeck.msi
2013-06-20 22:07 - 2013-06-20 22:07 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2013-06-20 22:06 - 2013-06-20 22:06 - 04316560 ____A (Zemana Ltd. ) C:\Users\dendi\Downloads\AntiLoggerFree_Setup_1.6.2.226.exe
2013-06-20 11:10 - 2013-01-23 08:48 - 00000000 ____D C:\Users\dendi\Desktop\Temporary
2013-06-19 10:53 - 2013-06-19 10:53 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal_20130619.psd
2013-06-19 10:44 - 2013-06-19 10:44 - 26981471 ____A C:\Users\dendi\Downloads\homepage_personal.psd
2013-06-19 10:22 - 2013-06-19 10:21 - 99012171 ____A C:\Users\dendi\Downloads\Ramadan Charity.rar
2013-06-18 21:40 - 2013-02-12 22:44 - 00000132 ____A C:\Users\dendi\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-18 21:39 - 2013-02-09 13:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-18 21:11 - 2009-07-14 08:13 - 00730528 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-18 12:11 - 2013-06-18 12:11 - 00020941 ____A C:\Users\dendi\Desktop\Copy of QODP DB Credentials Cross env's v1 2 (6).xlsx
2013-06-17 09:10 - 2013-02-05 22:09 - 00000000 ____D C:\Users\dendi\Desktop\Personal
2013-06-16 15:49 - 2013-06-16 08:48 - 00009477 ____A C:\Users\dendi\Desktop\Hours - June QTL10.xlsx
2013-06-14 09:33 - 2013-02-15 02:00 - 00000962 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-343818398-725345543-12728Core.job
2013-06-13 14:15 - 2013-06-13 14:15 - 01418352 ____A (Juniper Networks, Inc.) C:\Users\dendi\Downloads\JuniperSetupClientInstaller.exe
2013-06-13 12:48 - 2013-06-13 12:48 - 03502400 ____A (RealVNC Ltd) C:\Users\dendi\Downloads\VNC-Viewer-5.0.5-Windows-64bit.exe
2013-06-12 10:22 - 2013-01-18 03:13 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:22 - 2013-01-18 03:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 08:54 - 2013-01-13 15:45 - 00000000 ____D C:\Users\dendi\Documents\My Received Files
2013-06-09 15:07 - 2013-06-08 23:06 - 00000141 ____A C:\Users\dendi\Desktop\Numbers.txt
2013-06-03 08:00 - 2013-01-08 15:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-31 23:55 - 2013-05-31 23:55 - 00272531 ____A C:\Users\dendi\Downloads\contacts.csv
2013-05-31 22:43 - 2013-05-31 22:43 - 00851007 ____A C:\Users\dendi\Downloads\00001.vcf
2013-05-29 00:08 - 2013-05-28 23:46 - 00000000 ____D C:\Program Files (x86)\SmartBear
2013-05-28 23:46 - 2013-05-28 23:46 - 00002273 ____A C:\Users\Public\Desktop\soapUI 4.5.2.lnk
2013-05-28 23:44 - 2013-05-28 23:26 - 143916176 ____A (SmartBear Software) C:\Users\dendi\Downloads\soapUI-x32-4.5.2.exe
2013-05-26 10:00 - 2013-04-25 13:13 - 00237056 ____A C:\Users\dendi\Desktop\Octopus_Issue_Feedback_Post_Go_Live_v1 0_2013-23-05.xls
2013-05-24 17:08 - 2013-06-20 22:07 - 00026080 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

[Broni]

How is computer doing now?

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[Dendi]

Hi, well so far there is no strange behavior but I believe that the trojans are still there, I will execute the steps as advised and revert back with the results.

Thanks again for taking the time to assist me.

 

[Broni]

 

[Dendi]

Malwarebyte Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
iHorizons :: BENMESSA-LAPTOP [administrator]

6/23/2013 10:55:13 PM
mbam-log-2013-06-23 (22-55-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260853
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\dendi\Downloads\wirelesskeyview-x64.zip (PUP.WirelessKeyView) -> Quarantined and deleted successfully.

(end)

 

[Dendi]

Log from DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by iHorizons at 23:05:54 on 2013-06-23
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4004.1136 [GMT 3:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\ouc.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\vmnat.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Users\mohamed.benmessaoud\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\mohamed.benmessaoud\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\mohamed.benmessaoud\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\mohamed.benmessaoud\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Users\mohamed.benmessaoud\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\taskeng.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRunOnce: [Trojan Remover] "C:\Program Files (x86)\Trojan Remover\RMVTRJAN.EXE" /restart
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{A4E60143-839F-4212-8694-2C4921D717CC} : NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{F5636B3B-4D9E-43CA-B511-FCC8716507BC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F5636B3B-4D9E-43CA-B511-FCC8716507BC}\44A616A716962796 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F5636B3B-4D9E-43CA-B511-FCC8716507BC}\A4F65697021405 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 128.227.248.22ihwiki
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-3-14 70256]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-6-23 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-6-23 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-6-23 17384]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-6-23 2626880]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-1-8 89600]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-5-13 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-5-13 384840]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-8 13336]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2013-4-6 4267064]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-13 3574624]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-8 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-12-20 1155088]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-12-20 248840]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-12-20 1178128]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-6-23 66320]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2013-4-23 90112]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-8 317440]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-6-20 26080]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0118.sys [2013-1-26 29312]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-5-13 393032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Qtel Mobile Broadband. RunOuc;Qtel Mobile Broadband. OUC;C:\Program Files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [2013-4-15 655712]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-5-20 282272]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102936]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2013-4-23 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013-4-23 13952]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2013-4-23 450048]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-13 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-19 203544]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-13 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-9 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-06-23 19:53:3625928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-06-23 19:17:13--------d-----w-C:\Program Files (x86)\Emsisoft Anti-Malware
2013-06-23 19:14:0775264----a-w-C:\Windows\SysWow64\unacev2.dll
2013-06-23 19:14:06153088----a-w-C:\Windows\SysWow64\UNRAR3.dll
2013-06-23 19:14:05--------d-----w-C:\Users\iHorizons\AppData\Roaming\Simply Super Software
2013-06-23 19:14:05--------d-----w-C:\ProgramData\Simply Super Software
2013-06-23 19:14:05--------d-----w-C:\Program Files (x86)\Trojan Remover
2013-06-22 20:34:16--------d-----w-C:\Program Files\CCleaner
2013-06-22 15:57:55--------d-----w-C:\ComboFix
2013-06-22 14:14:07--------d-----w-C:\TDSSKiller_Quarantine
2013-06-22 13:53:12--------d-----w-C:\Users\iHorizons\AppData\Roaming\Malwarebytes
2013-06-22 13:52:42--------d-----w-C:\ProgramData\Malwarebytes
2013-06-22 13:52:41--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-22 13:30:15--------d-----w-C:\FRST
2013-06-22 13:17:30--------d-----w-C:\Program Files (x86)\ESET
2013-06-20 19:45:35--------d-----w-C:\Program Files (x86)\Twitter
2013-06-20 19:07:1126080----a-w-C:\Windows\System32\drivers\KeyCrypt64.sys
2013-06-20 19:07:11--------d-----w-C:\Program Files (x86)\KeyCryptSDK
2013-06-20 19:07:10--------d-----w-C:\Users\iHorizons\AppData\Local\AntiLogger Free
2013-06-20 19:07:10--------d-----w-C:\Program Files (x86)\Zemana AntiLogger Free
2013-05-28 21:08:32--------d-----w-C:\Users\iHorizons\.loadui
2013-05-28 20:46:34--------d-----w-C:\Users\iHorizons\tempLoadUI
2013-05-28 20:46:22--------d-----w-C:\Program Files (x86)\SmartBear
.
==================== Find3M ====================
.
2013-06-12 07:22:1971048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 07:22:19692104----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-05 05:47:18524----a-w-C:\Users\iHorizons\AppData\Roaming\clean.bat
2013-04-27 00:18:55135736----a-w-C:\Windows\System32\vpncmd.exe
2013-03-28 23:53:48246072----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH: 23:06:42.13 ===============

 

[Dendi]

Attaching attach.txt as requested

 

[Broni]

Please observe forum rules.
ALL logs have to be pasted not attached.

 

[Dendi]

Apologies, pasting attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 1/8/2013 11:25:22 AM
System Uptime: 6/23/2013 11:40:19 AM (12 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz | CPU 1 | 2394/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 23.164 GiB free.
D: is FIXED (NTFS) - 198 GiB total, 47.212 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Dell Wireless 1702 Bluetooth v3.0+HS
Device ID: USB\VID_0CF3&PID_3002\6&38606CA1&0&4
Manufacturer: Atheros Communications
Name: Dell Wireless 1702 Bluetooth v3.0+HS
PNP Device ID: USB\VID_0CF3&PID_3002\6&38606CA1&0&4
Service: BTHUSB
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
RP74: 6/22/2013 11:41:53 PM - Removed BlueStacks Notification Center
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Photoshop Lightroom 4.4 64-bit
Adobe Reader Extended Language Support Font Pack
Adobe Reader X (10.1.7)
AntiLogger Free version 1.6.2.226
AVG 2013
BlueStacks Notification Center
Bluetooth Win7 Suite (64)
Bullzip PDF Printer 9.3.0.1516
CCleaner
Cisco Systems VPN Client 5.0.07.0290
CSVed 2.2.3
CyberLink PhotoDirector 3
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Resource CD
Dell WLAN and Bluetooth Client Installation
Emsisoft Anti-Malware
ESET Online Scanner v3
Expert PDF 8 Professional
Facebook Video Calling 1.2.0.287
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
IDT Audio
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 17
Java Auto Updater
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client Activex Control
loadUI 2.1.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
Photomatix Pro version 4.2.6
Qtel Mobile Broadband
Realtek Ethernet Controller Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.3
soapUI 4.5.2 4.5.2
SoftEther VPN Client
TeamViewer 8
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Trojan Remover 6.8.7
uMark 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.7
VMware Workstation
WD SmartWare
WD Software Upgrader
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
6/23/2013 8:32:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error:
6/23/2013 8:31:27 AM, Error: Service Control Manager [7031] - The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program.
6/23/2013 8:30:23 AM, Error: Service Control Manager [7031] - The VMware Workstation Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/23/2013 8:30:06 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
6/23/2013 8:28:58 AM, Error: Service Control Manager [7031] - The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/23/2013 8:28:26 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/23/2013 8:27:31 AM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
6/23/2013 8:27:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Qtel Mobile Broadband. OUC service to connect.
6/23/2013 8:27:14 AM, Error: Service Control Manager [7000] - The Qtel Mobile Broadband. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/23/2013 5:13:01 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
6/23/2013 10:58:57 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain IHORIZONS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
6/23/2013 10:58:57 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
6/23/2013 1:42:08 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
6/22/2013 7:04:12 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/22/2013 6:58:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/22/2013 6:45:57 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/22/2013 5:45:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/22/2013 5:45:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2013 5:45:02 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2013 5:25:49 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/22/2013 4:07:24 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/22/2013 4:07:24 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/22/2013 4:05:46 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/22/2013 4:05:46 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/22/2013 4:05:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/22/2013 11:26:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VMware Workstation Server service to connect.
6/22/2013 11:26:34 PM, Error: Service Control Manager [7000] - The VMware Workstation Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/22/2013 11:17:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/22/2013 11:16:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 11:15:54 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 11:14:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 11:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/22/2013 11:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/22/2013 11:13:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6
6/22/2013 11:13:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
6/22/2013 11:13:53 PM, Error: Service Control Manager [7023] - The WinDefend service terminated with the following error: Access is denied.
6/22/2013 11:13:53 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: The dependency service or group failed to start.
6/22/2013 11:13:52 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
6/22/2013 10:56:27 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/22/2013 10:51:08 PM, Error: Service Control Manager [7022] - The VMware USB Arbitration Service service hung on starting.
6/22/2013 10:51:08 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
6/22/2013 10:51:04 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
6/21/2013 5:32:35 PM, Error: volsnap [67] - The shadow copy of volume D: being created failed to install.
6/19/2013 8:58:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer8 service.
6/17/2013 8:13:18 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E315DBEB-63F1-412E-B0BC-C0F2F1E96332} because another computer on the network has the same name. The server could not start.
6/16/2013 5:42:27 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The RPC server is unavailable. .
3 is not a valid Win32 application.
.
==== End Of File ===========================

 

[Broni]

You're running two AV programs, AVG and Emisoft.
You have to uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Dendi]

Thank you, here is RogueKiller report

RogueKiller V8.6.1 _x64_ [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : iHorizons [Admin rights]
Mode : Remove -- Date : 06/23/2013 23:23:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 8 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Qtel Mobile Broadband\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]
[SUSP PATH][DLL] explorer.exe -- C:\Users\dendi\AppData\Local\Pokki\ocdeskband_0.dll [x] ->
[SUSP PATH][WHITELIST] explorer.exe -- C:\Users\dendi\AppData\Local\Pokki\ocdeskband_0.dll [x] ->
[SUSP PATH] pokki.exe -- C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermProc]
[SUSP PATH] pokki.exe -- C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]
[SUSP PATH] pokki.exe -- C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]
[SUSP PATH] pokki.exe -- C:\Users\dendi\AppData\Local\Pokki\Engine\pokki.exe [7] -> KILLED [TermThr]
[SUSP PATH] _iu14D2N.tmp -- C:\Users\iHorizons\AppData\Local\temp\_iu14D2N.tmp [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-1085031214-343818398-725345543-12728\[...]\Run : openvpntray.EXE (C:\Users\dendi\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin [x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1085031214-343818398-725345543-12728\[...]\Run : Pokki (C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\LaunchDeskband.dll",RunLaunchDeskband [7][x][x]) -> DELETED
[DNS] HKLM\[...]\CCSet\[...]\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2} : NameServer (212.77.192.59 212.77.192.60) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CCSet\[...]\{A4E60143-839F-4212-8694-2C4921D717CC} : NameServer (212.77.192.59 212.77.192.60) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2} : NameServer (212.77.192.59 212.77.192.60) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS001\[...]\{A4E60143-839F-4212-8694-2C4921D717CC} : NameServer (212.77.192.59 212.77.192.60) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002\[...]\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2} : NameServer (212.77.192.59 212.77.192.60) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002\[...]\{A4E60143-839F-4212-8694-2C4921D717CC} : NameServer (212.77.192.59 212.77.192.60) -> NOT REMOVED, USE DNSFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


128.227.248.22ihwiki
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320LM000 HM321HI +++++
--- User ---
[MBR] 7d98d8d2f5a2a11a97c8f185a8cc78a5
[BSP] 3b9f0983535fc4afa5091833ef14f606 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 102300 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 209717248 | Size: 202843 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06232013_232339.txt >>
RKreport[0]_S_06232013_232254.txt

 

[Dendi]

Mbar Log

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
iHorizons :: BENMESSA-LAPTOP [administrator]

6/24/2013 8:34:25 AM
mbar-log-2013-06-24 (08-34-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 284858
Time elapsed: 11 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[Dendi]

System Log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4198785024, free: 1345536000

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4198785024, free: 2154708992

Downloaded database version: v2013.06.23.06
Initializing...
------------ Kernel report ------------
06/23/2013 23:40:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0118.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800642d790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000099\
Lower Device Object: 0xfffffa80077c8b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005ff7060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80040be050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005ff7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ff7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005ff7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040b89d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80040be050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5652041F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 209510400

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 209717248 Numsec = 415422464

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800642d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006413570, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800642d790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80077c8b60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: c:\Users\iHorizons\Desktop\VMware.Workstation.v9.0.0.812388.Incl.Keymaker-ZWT\keygen.exe --> [Riskware.Tool.CK]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4198785024, free: 1554046976

Initializing...
------------ Kernel report ------------
06/24/2013 08:34:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0118.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007416790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xfffffa8007469b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006017060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004153050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006017060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006017b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006017060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004114470, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004153050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5652041F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 209510400

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 209717248 Numsec = 415422464

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007416790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80074fab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007416790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007469b60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

[Dendi]

Hello,

After finishing all steps as advise, I have run eSet Online scanner and it seems there are still Trojans on the computer.

Here is the list of found threats
Win64/Sirefef.W trojan
Win64/Sirefef.EZ trojan
Win64/Patched.A.Gen trojan
Win64/Sirefef.W trojan
Win64/Sirefef.EZ trojan

 

[Broni]

You're not following my rules:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

=======================================

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Dendi]

rKill Log

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/25/2013 12:08:08 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/25/2013 12:12:57 PM
Execution time: 0 hours(s), 4 minute(s), and 49 seconds(s)

 

[Dendi]

ComboFix 13-06-24.01 - iHorizons 06/25/2013 15:06:43.2.4 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4004.2853 [GMT 3:00]
Running from: c:\users\dendi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-25 12:11 . 2013-06-25 12:11--------d-----w-c:\users\mohammad.marei\AppData\Local\temp
2013-06-25 12:11 . 2013-06-25 12:11--------d-----w-c:\users\iHorizons\AppData\Local\temp
2013-06-25 12:11 . 2013-06-25 12:11--------d-----w-c:\users\Default\AppData\Local\temp
2013-06-25 12:08 . 2013-06-25 12:0876232----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFA41B9C-A8F5-4C98-895B-D9F5F9DFB8C2}\offreg.dll
2013-06-25 12:01 . 2013-06-16 23:109552976----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFA41B9C-A8F5-4C98-895B-D9F5F9DFB8C2}\mpengine.dll
2013-06-25 08:52 . 2013-06-25 08:52--------d-----w-c:\users\iHorizons\AppData\Local\Avg2013
2013-06-25 07:55 . 2013-06-25 07:55--------d-----w-c:\users\iHorizons\AppData\Roaming\Anvisoft
2013-06-25 07:55 . 2012-11-07 07:1617232----a-w-c:\windows\system32\drivers\asdws.sys
2013-06-25 07:55 . 2012-11-07 07:1623376----a-w-c:\windows\system32\drivers\asdrs.sys
2013-06-25 07:55 . 2012-11-07 07:1618768----a-w-c:\windows\system32\drivers\asdrm.sys
2013-06-25 07:55 . 2013-06-25 07:55--------d-----w-c:\programdata\Anvisoft
2013-06-25 07:55 . 2013-06-25 07:55--------d-----w-c:\program files (x86)\Anvisoft
2013-06-23 20:40 . 2013-06-24 06:02--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-23 19:53 . 2013-04-04 11:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-06-23 19:17 . 2013-06-23 20:30--------d-----w-c:\program files (x86)\Emsisoft Anti-Malware
2013-06-23 19:14 . 2002-03-05 22:0075264----a-w-c:\windows\SysWow64\unacev2.dll
2013-06-23 19:14 . 2003-02-02 17:06153088----a-w-c:\windows\SysWow64\UNRAR3.dll
2013-06-23 19:14 . 2013-06-23 19:15--------d-----w-c:\program files (x86)\Trojan Remover
2013-06-23 19:14 . 2013-06-23 19:14--------d-----w-c:\users\iHorizons\AppData\Roaming\Simply Super Software
2013-06-23 19:14 . 2013-06-23 19:14--------d-----w-c:\programdata\Simply Super Software
2013-06-22 20:34 . 2013-06-22 20:34--------d-----w-c:\program files\CCleaner
2013-06-22 14:14 . 2013-06-22 14:14--------d-----w-C:\TDSSKiller_Quarantine
2013-06-22 13:53 . 2013-06-22 13:53--------d-----w-c:\users\iHorizons\AppData\Roaming\Malwarebytes
2013-06-22 13:52 . 2013-06-22 13:52--------d-----w-c:\programdata\Malwarebytes
2013-06-22 13:52 . 2013-06-23 19:53--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-22 13:30 . 2013-06-23 19:36--------d-----w-C:\FRST
2013-06-22 13:17 . 2013-06-22 13:17--------d-----w-c:\program files (x86)\ESET
2013-06-20 19:45 . 2013-06-20 19:45--------d-----w-c:\program files (x86)\Twitter
2013-06-20 19:16 . 2013-06-22 12:44--------d-----w-c:\users\dendi\AppData\Local\AntiLogger Free
2013-06-20 19:07 . 2013-06-22 20:23--------d-----w-c:\program files (x86)\KeyCryptSDK
2013-06-20 19:07 . 2013-05-24 14:0826080----a-w-c:\windows\system32\drivers\KeyCrypt64.sys
2013-06-20 19:07 . 2013-06-20 19:07--------d-----w-c:\users\iHorizons\AppData\Local\AntiLogger Free
2013-06-20 19:07 . 2013-06-20 19:07--------d-----w-c:\program files (x86)\Zemana AntiLogger Free
2013-05-28 21:08 . 2013-05-28 21:08--------d-----w-c:\users\iHorizons\.loadui
2013-05-28 20:46 . 2013-05-28 20:46--------d-----w-c:\users\iHorizons\tempLoadUI
2013-05-28 20:46 . 2013-05-28 21:08--------d-----w-c:\program files (x86)\SmartBear
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 07:22 . 2013-01-18 00:1371048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 07:22 . 2013-01-18 00:13692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-05 05:47 . 2013-05-05 05:47524----a-w-c:\users\iHorizons\AppData\Roaming\clean.bat
2013-04-27 00:18 . 2013-01-25 22:24135736----a-w-c:\windows\system32\vpncmd.exe
2013-04-05 17:40 . 2013-04-05 17:405165088----a-r-c:\users\dendi\AppData\Roaming\Microsoft\Installer\{3890215D-D18A-43EF-AE0C-0C6B084F652D}\icon.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-11-30 5164624]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2013-05-24 12995376]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-06-23 1653008]
"Anvi Smart Defender"="c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-06-08 1563720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Trojan Remover"="c:\program files (x86)\Trojan Remover\RMVTRJAN.EXE" [2013-06-20 4975864]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"(cleanup)"="c:\programdata\Malwarebytes' Anti-Malware (portable)\cleanup.dll" [2013-06-01 1563720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"128.227.248.0,255.255.248.0,192.168.0.201,1"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1085031214-343818398-725345543-13192\Scripts\Logon\0\0]
"Script"=DeleteRDP.cmd
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys;c:\windows\SYSNATIVE\DRIVERS\asdrm.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys;c:\windows\SYSNATIVE\DRIVERS\asdrs.sys [x]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys;c:\windows\SYSNATIVE\DRIVERS\asdws.sys [x]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Qtel Mobile Broadband. RunOuc;Qtel Mobile Broadband. OUC;c:\program files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Qtel Mobile Broadband\UpdateDog\ouc.exe [x]
R2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 massfilter_lte;ZTE LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys;c:\windows\SYSNATIVE\drivers\massfilter_lte.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcat.sys [x]
R3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcdiag.sys [x]
R3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcmdm.sys [x]
R3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcnet.sys [x]
R3 zgdcnmea;ZTE Datacard NMEA Port;c:\windows\system32\DRIVERS\zgdcnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcnmea.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0118.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0118.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 11:251165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 07:22]
.
2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-343818398-725345543-12728Core.job
- c:\users\dendi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-14 22:59]
.
2013-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-343818398-725345543-12728UA.job
- c:\users\dendi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-14 22:59]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 06:10]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 06:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39162552----a-w-c:\users\dendi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39162552----a-w-c:\users\dendi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39162552----a-w-c:\users\dendi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39162552----a-w-c:\users\dendi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 296960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(1).dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"128.227.248.0,255.255.248.0,192.168.0.201,1"=""
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3B634AEE-6BB1-478B-9E4E-35FBEC5D2DD2}: NameServer = 212.77.192.59 212.77.192.60
TCP: Interfaces\{A4E60143-839F-4212-8694-2C4921D717CC}: NameServer = 212.77.192.59 212.77.192.60
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\dendi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\iHorizons\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-25 15:13:06
ComboFix-quarantined-files.txt 2013-06-25 12:13
.
Pre-Run: 26,207,547,392 bytes free
Post-Run: 25,686,597,632 bytes free
.
- - End Of File - - D28FE717F87CAA8BAE640E58A8484AEC
D41D8CD98F00B204E9800998ECF8427E

 

[Dendi]

Apologies again for running other tools