Solved Trojan Horse Generic Various - How To Remove!

[vekky]

Yes. I am using another computer for this post

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• 
  Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[vekky]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013
Ran by SYSTEM on 09-06-2013 12:32:20
Running from E:\
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\RunOnce: [OTL] "C:\Users\Vivek\Desktop\OTL.exe" [602112 2013-06-09] (OldTimer Tools)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
Startup: C:\Users\Vivek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

==================== Services (Whitelisted) =================

S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-25] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248120 2013-03-20] (AVG Technologies CZ, s.r.o.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-13] (Cisco Systems, Inc.)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 03:46 - 2013-06-09 03:46 - 00000000 ____D C:\_OTL
2013-06-09 03:17 - 2013-06-09 03:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
2013-06-09 03:17 - 2013-06-09 03:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
2013-06-09 03:14 - 2013-06-09 03:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
2013-06-09 03:08 - 2013-06-09 03:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
2013-06-09 03:07 - 2013-06-09 03:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-09 03:06 - 2013-06-09 03:07 - 00000000 ____D C:\JRT
2013-06-09 03:06 - 2013-06-09 03:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
2013-06-09 03:02 - 2013-06-09 03:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
2013-06-09 03:00 - 2013-06-09 03:01 - 00001071 ____A C:\AdwCleaner[S1].txt
2013-06-09 02:58 - 2013-06-09 02:59 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
2013-06-08 04:58 - 2013-06-08 04:11 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
2013-06-08 04:58 - 2013-06-08 04:11 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
2013-06-08 04:58 - 2013-06-08 04:07 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
2013-06-08 04:10 - 2013-06-08 04:59 - 00000000 ____D C:\FRST
2013-06-08 03:15 - 2013-06-08 03:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-08 03:02 - 2013-06-08 04:13 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 02:26 - 2013-04-04 06:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 02:23 - 2013-06-08 02:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-08 02:23 - 2013-06-08 02:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
2013-06-07 10:21 - 2013-06-08 10:22 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-04 01:01 - 2013-06-04 01:01 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-02 13:29 - 2013-04-09 05:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-06-02 13:29 - 2013-04-09 05:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-06-02 13:29 - 2013-04-09 05:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-06-02 13:29 - 2013-04-09 05:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-02 13:29 - 2013-04-09 05:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-06-02 13:29 - 2013-04-09 05:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-06-02 13:29 - 2013-04-09 05:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-06-02 13:29 - 2013-04-09 05:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-06-02 13:29 - 2013-04-09 04:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-06-02 13:29 - 2013-04-09 04:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-06-02 13:29 - 2013-04-09 04:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-06-02 13:29 - 2013-04-09 04:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-06-02 13:29 - 2013-04-09 04:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-06-02 13:29 - 2013-04-09 04:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-06-02 13:29 - 2013-04-09 04:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-06-02 13:29 - 2013-04-09 04:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-06-02 13:29 - 2013-04-09 04:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-06-02 13:29 - 2013-04-09 04:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-06-02 13:29 - 2013-04-09 04:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-02 13:29 - 2013-04-09 04:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-06-02 13:29 - 2013-04-09 04:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-02 13:29 - 2013-04-09 04:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-06-02 13:29 - 2013-04-09 02:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-02 13:29 - 2013-04-09 02:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-06-02 13:29 - 2013-04-09 02:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-02 13:29 - 2013-04-09 02:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-02 13:29 - 2013-04-09 02:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-06-02 13:29 - 2013-04-09 02:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-06-02 13:29 - 2013-04-09 02:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-06-02 13:29 - 2013-04-09 02:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-06-02 13:29 - 2013-04-09 02:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-06-02 13:29 - 2013-04-08 23:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-06-02 13:29 - 2013-04-08 23:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-06-02 13:29 - 2013-04-08 23:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-06-02 13:29 - 2013-04-08 23:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-06-02 13:29 - 2013-04-08 21:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-06-02 13:29 - 2013-04-08 21:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-06-02 13:29 - 2013-04-08 21:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-02 13:29 - 2013-04-08 21:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-06-02 13:29 - 2013-04-08 21:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-06-02 13:29 - 2013-04-08 21:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-06-02 13:29 - 2013-04-08 21:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-02 13:29 - 2013-04-08 21:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-06-02 13:29 - 2013-04-08 21:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-06-02 13:29 - 2013-04-04 23:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-06-02 13:29 - 2013-04-02 22:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-02 13:29 - 2013-03-30 18:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-06-02 13:29 - 2013-03-30 18:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-06-02 13:29 - 2013-03-28 22:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-06-02 13:29 - 2013-03-28 22:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-06-02 13:29 - 2013-03-15 22:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-06-02 13:29 - 2013-03-15 22:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-06-02 13:29 - 2012-12-13 04:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-06-02 13:29 - 2012-12-13 03:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-18 09:05 - 2013-06-05 14:54 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
2013-05-17 04:52 - 2013-04-09 23:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 04:52 - 2013-04-09 23:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 04:52 - 2013-04-09 23:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 04:52 - 2013-04-09 23:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-17 04:52 - 2013-04-09 23:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 04:52 - 2013-04-09 23:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-17 04:52 - 2013-04-09 23:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 04:52 - 2013-04-09 23:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 04:52 - 2013-04-09 23:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 04:52 - 2013-04-09 23:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 04:52 - 2013-04-09 22:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 04:52 - 2013-04-09 22:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 04:52 - 2013-04-09 22:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 04:52 - 2013-04-09 22:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 04:52 - 2013-04-09 22:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 04:52 - 2013-04-09 22:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 04:52 - 2013-04-09 22:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 04:52 - 2013-04-09 22:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 04:52 - 2013-02-12 01:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-05-17 04:52 - 2013-02-12 00:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-05-17 04:51 - 2013-04-16 02:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 04:51 - 2013-04-11 06:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-17 04:51 - 2013-03-22 03:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-17 04:51 - 2013-03-21 22:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-17 04:51 - 2013-03-15 00:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-17 04:51 - 2013-03-06 07:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-17 04:51 - 2013-03-06 06:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 04:51 - 2013-03-06 06:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-17 04:51 - 2013-03-06 06:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-17 04:51 - 2013-03-06 05:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-17 04:51 - 2013-03-06 05:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-17 04:49 - 2013-05-17 04:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-05-16 12:55 - 2013-05-16 12:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
2013-05-11 03:29 - 2013-05-11 03:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
2013-05-11 03:28 - 2013-06-08 10:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-11 03:28 - 2013-05-11 03:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-11 03:23 - 2013-06-08 10:22 - 00000000 ____D C:\ProgramData\Adobe
2013-05-10 17:37 - 2013-05-10 17:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

2013-06-09 04:28 - 2012-07-26 07:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 04:26 - 2012-07-26 07:21 - 00018914 ____A C:\Windows\setupact.log
2013-06-09 04:23 - 2012-07-25 17:10 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 04:16 - 2013-04-20 07:06 - 01322167 ____A C:\Windows\WindowsUpdate.log
2013-06-09 04:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-09 03:54 - 2012-07-26 07:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-09 03:47 - 2012-07-26 05:26 - 00524288 __ASH C:\Windows\System32\config\BBI
2013-06-09 03:46 - 2013-06-09 03:46 - 00000000 ____D C:\_OTL
2013-06-09 03:22 - 2013-04-20 07:44 - 00000000 ____D C:\Users\Vivek\AppData\Local\Avg2013
2013-06-09 03:22 - 2013-04-20 07:44 - 00000000 ____D C:\ProgramData\MFAData
2013-06-09 03:17 - 2013-06-09 03:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
2013-06-09 03:17 - 2013-06-09 03:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
2013-06-09 03:14 - 2013-06-09 03:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
2013-06-09 03:08 - 2013-06-09 03:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
2013-06-09 03:07 - 2013-06-09 03:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-09 03:07 - 2013-06-09 03:06 - 00000000 ____D C:\JRT
2013-06-09 03:06 - 2013-06-09 03:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
2013-06-09 03:02 - 2013-06-09 03:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
2013-06-09 03:01 - 2013-06-09 03:00 - 00001071 ____A C:\AdwCleaner[S1].txt
2013-06-09 03:01 - 2012-07-25 17:10 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-09 03:01 - 2012-07-25 16:46 - 01342768 ____A C:\Windows\PFRO.log
2013-06-09 02:59 - 2013-06-09 02:58 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
2013-06-08 10:22 - 2013-06-07 10:21 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-08 10:22 - 2013-05-11 03:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-08 10:22 - 2013-05-11 03:23 - 00000000 ____D C:\ProgramData\Adobe
2013-06-08 10:22 - 2013-05-07 04:23 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\ICAClient
2013-06-08 10:22 - 2013-05-07 04:22 - 00000000 ____D C:\Users\Vivek\AppData\Local\Citrix
2013-06-08 10:22 - 2013-05-07 04:22 - 00000000 ____D C:\ProgramData\Citrix
2013-06-08 10:22 - 2013-05-07 04:22 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-06-08 10:22 - 2013-05-07 04:17 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-08 10:22 - 2013-05-07 04:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 10:22 - 2013-04-21 05:31 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\vlc
2013-06-08 10:22 - 2013-04-21 05:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-08 10:22 - 2013-04-21 04:52 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\uTorrent
2013-06-08 10:22 - 2013-04-20 07:10 - 00000000 ____D C:\Users\Vivek\AppData\Local\Google
2013-06-08 10:22 - 2013-04-20 07:06 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Adobe
2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\registration
2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-06-08 10:22 - 2012-07-26 08:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-06-08 10:22 - 2012-07-26 05:37 - 00000000 ____D C:\Windows\servicing
2013-06-08 08:24 - 2012-07-25 17:10 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-08 04:59 - 2013-06-08 04:10 - 00000000 ____D C:\FRST
2013-06-08 04:13 - 2013-06-08 03:02 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
2013-06-08 04:11 - 2013-06-08 04:58 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
2013-06-08 04:11 - 2013-06-08 04:58 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
2013-06-08 04:07 - 2013-06-08 04:58 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
2013-06-08 03:20 - 2013-06-08 03:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 02:26 - 2013-06-08 02:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 02:23 - 2013-06-08 02:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-08 02:23 - 2013-06-08 02:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
2013-06-08 02:23 - 2013-05-06 17:46 - 380871978 ____A C:\Windows\MEMORY.DMP
2013-06-08 02:23 - 2013-05-06 17:46 - 00000000 ____D C:\Windows\Minidump
2013-06-08 02:23 - 2013-04-20 07:06 - 00000000 ____D C:\users\Vivek
2013-06-05 14:54 - 2013-05-18 09:05 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
2013-06-04 08:14 - 2013-04-21 10:21 - 00000000 ____D C:\Users\Vivek\Documents\Outlook Files
2013-06-04 01:04 - 2013-04-20 07:06 - 00000000 ____D C:\Users\Vivek\AppData\Local\VirtualStore
2013-06-04 01:01 - 2013-06-04 01:01 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-04 01:00 - 2012-07-25 17:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-04 00:56 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-06-04 00:19 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\en-GB
2013-06-02 16:12 - 2013-04-20 07:50 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-02 16:12 - 2012-07-26 05:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-02 13:37 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-05-17 05:33 - 2013-04-21 07:21 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-17 04:49 - 2013-05-17 04:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-05-17 04:49 - 2013-04-21 05:11 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Apple Computer
2013-05-16 12:55 - 2013-05-16 12:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
2013-05-11 03:29 - 2013-05-11 03:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
2013-05-11 03:28 - 2013-05-11 03:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-10 17:37 - 2013-05-10 17:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-05-10 02:24 - 2013-05-10 02:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-14 06:22:24
Restore point made on: 2013-06-02 16:20:50
Restore point made on: 2013-06-04 01:01:04

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8141.93 MB
Available physical RAM: 7321.66 MB
Total Pagefile: 8141.93 MB
Available Pagefile: 7325.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:65.55 GB) NTFS (Disk=0 Partition=2)
Drive d: (VivekStorage) (Fixed) (Total:931.51 GB) (Free:889.84 GB) NTFS (Disk=1 Partition=1)
Drive e: (Vivek) (Removable) (Total:0.94 GB) (Free:0.94 GB) exFAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.1 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: F20632BD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 02E24DA9)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 963 MB) (Disk ID: 509AB85B)
Partition 1: (Active) - (Size=962 MB) - (Type=07 NTFS)


LastRegBack: 2013-06-02 16:20

==================== End Of Log ============================

 

[vekky]

FYI,

In the recovery mode, it prompted me for my administrator password. This password is the same and it accepted it with no issues.

It just doesnt accept it to log into windows using this whole windows live account business. I should look into just having a local account to log into windows when we overcome our issue on hand.

Thanks once again

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.

If you do re-run regular FRST which you should have on your Desktop (instructions in my post #11).

 

[vekky]

Success, your instructions worked. Thank You.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-06-2013
Ran by SYSTEM at 2013-06-09 12:49:33 Run:2
Running from E:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

[vekky]

Re run of Scan

Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013
Ran by Vivek (administrator) on 09-06-2013 12:50:50
Running from F:\
Windows 8 (X64) OS Language: English(UK)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2012-06-12] (Realtek Semiconductor)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-19] (Adobe Systems Incorporated)
Startup: C:\Users\Vivek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (YouTube) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR Extension: (Gmail) - C:\Users\Vivek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248120 2013-03-21] (AVG Technologies CZ, s.r.o.)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [50128 2012-12-13] (Cisco Systems, Inc.)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-09 20:49 - 2013-06-09 20:49 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-06-09 11:46 - 2013-06-09 11:46 - 00000000 ____D C:\_OTL
2013-06-09 11:17 - 2013-06-09 11:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
2013-06-09 11:17 - 2013-06-09 11:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
2013-06-09 11:14 - 2013-06-09 11:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
2013-06-09 11:08 - 2013-06-09 11:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
2013-06-09 11:07 - 2013-06-09 11:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-09 11:06 - 2013-06-09 11:07 - 00000000 ____D C:\JRT
2013-06-09 11:06 - 2013-06-09 11:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
2013-06-09 11:02 - 2013-06-09 11:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
2013-06-09 11:00 - 2013-06-09 11:01 - 00001071 ____A C:\AdwCleaner[S1].txt
2013-06-09 10:58 - 2013-06-09 10:59 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
2013-06-08 12:58 - 2013-06-08 12:11 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
2013-06-08 12:58 - 2013-06-08 12:11 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
2013-06-08 12:58 - 2013-06-08 12:07 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
2013-06-08 12:10 - 2013-06-08 12:59 - 00000000 ____D C:\FRST
2013-06-08 11:15 - 2013-06-08 11:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-08 11:02 - 2013-06-08 12:13 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 10:26 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 10:23 - 2013-06-08 10:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-08 10:23 - 2013-06-08 10:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
2013-06-07 18:21 - 2013-06-08 18:22 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-04 09:01 - 2013-06-04 09:01 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-02 21:29 - 2013-04-09 13:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-06-02 21:29 - 2013-04-09 13:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-06-02 21:29 - 2013-04-09 13:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-06-02 21:29 - 2013-04-09 13:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-02 21:29 - 2013-04-09 13:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-06-02 21:29 - 2013-04-09 13:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-06-02 21:29 - 2013-04-09 13:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-06-02 21:29 - 2013-04-09 13:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-06-02 21:29 - 2013-04-09 12:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-06-02 21:29 - 2013-04-09 12:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-06-02 21:29 - 2013-04-09 12:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-06-02 21:29 - 2013-04-09 12:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-06-02 21:29 - 2013-04-09 12:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-06-02 21:29 - 2013-04-09 12:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-06-02 21:29 - 2013-04-09 12:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-06-02 21:29 - 2013-04-09 12:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-06-02 21:29 - 2013-04-09 12:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-06-02 21:29 - 2013-04-09 12:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-06-02 21:29 - 2013-04-09 12:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-02 21:29 - 2013-04-09 12:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-06-02 21:29 - 2013-04-09 12:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-02 21:29 - 2013-04-09 12:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-06-02 21:29 - 2013-04-09 10:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-02 21:29 - 2013-04-09 10:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-06-02 21:29 - 2013-04-09 10:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-02 21:29 - 2013-04-09 10:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-02 21:29 - 2013-04-09 10:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-06-02 21:29 - 2013-04-09 10:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-06-02 21:29 - 2013-04-09 10:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-06-02 21:29 - 2013-04-09 10:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-06-02 21:29 - 2013-04-09 10:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-06-02 21:29 - 2013-04-09 07:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-06-02 21:29 - 2013-04-09 07:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-06-02 21:29 - 2013-04-09 07:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-06-02 21:29 - 2013-04-09 07:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-06-02 21:29 - 2013-04-09 05:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-06-02 21:29 - 2013-04-09 05:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-06-02 21:29 - 2013-04-09 05:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-02 21:29 - 2013-04-09 05:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-06-02 21:29 - 2013-04-09 05:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-06-02 21:29 - 2013-04-09 05:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-06-02 21:29 - 2013-04-09 05:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-02 21:29 - 2013-04-09 05:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-06-02 21:29 - 2013-04-09 05:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-06-02 21:29 - 2013-04-05 07:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-06-02 21:29 - 2013-04-03 06:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-02 21:29 - 2013-03-31 02:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-06-02 21:29 - 2013-03-31 02:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-06-02 21:29 - 2013-03-29 06:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-06-02 21:29 - 2013-03-29 06:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-06-02 21:29 - 2013-03-16 06:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-06-02 21:29 - 2013-03-16 06:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-06-02 21:29 - 2012-12-13 12:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-06-02 21:29 - 2012-12-13 11:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-18 17:05 - 2013-06-05 22:54 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
2013-05-17 12:52 - 2013-04-10 07:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 12:52 - 2013-04-10 07:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 12:52 - 2013-04-10 07:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 12:52 - 2013-04-10 07:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-17 12:52 - 2013-04-10 07:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 12:52 - 2013-04-10 07:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-17 12:52 - 2013-04-10 07:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 12:52 - 2013-04-10 07:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 12:52 - 2013-04-10 07:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 12:52 - 2013-04-10 07:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 12:52 - 2013-04-10 06:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 12:52 - 2013-04-10 06:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 12:52 - 2013-04-10 06:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 12:52 - 2013-04-10 06:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 12:52 - 2013-04-10 06:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 12:52 - 2013-04-10 06:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 12:52 - 2013-04-10 06:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 12:52 - 2013-04-10 06:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 12:52 - 2013-02-12 09:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-05-17 12:52 - 2013-02-12 08:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-05-17 12:51 - 2013-04-16 10:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 12:51 - 2013-04-11 14:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-17 12:51 - 2013-03-22 11:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-17 12:51 - 2013-03-22 06:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-17 12:51 - 2013-03-15 08:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-17 12:51 - 2013-03-06 15:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-17 12:51 - 2013-03-06 14:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 12:51 - 2013-03-06 14:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-17 12:51 - 2013-03-06 14:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-17 12:51 - 2013-03-06 13:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-17 12:51 - 2013-03-06 13:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-17 12:49 - 2013-05-17 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-05-16 20:55 - 2013-05-16 20:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
2013-05-11 11:29 - 2013-05-11 11:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
2013-05-11 11:28 - 2013-06-08 18:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-11 11:28 - 2013-05-11 11:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-11 11:23 - 2013-06-08 18:22 - 00000000 ____D C:\ProgramData\Adobe
2013-05-11 01:37 - 2013-05-11 01:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

2013-06-09 20:49 - 2013-06-09 20:49 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2013-06-09 12:50 - 2012-07-26 15:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-09 12:50 - 2012-07-26 01:10 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-09 12:26 - 2012-07-26 15:21 - 00018914 ____A C:\Windows\setupact.log
2013-06-09 12:23 - 2012-07-26 01:10 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-09 12:16 - 2013-04-20 15:06 - 01322167 ____A C:\Windows\WindowsUpdate.log
2013-06-09 12:00 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-09 11:54 - 2012-07-26 15:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-09 11:47 - 2012-07-26 13:26 - 00524288 __ASH C:\Windows\System32\config\BBI
2013-06-09 11:46 - 2013-06-09 11:46 - 00000000 ____D C:\_OTL
2013-06-09 11:22 - 2013-04-20 15:44 - 00000000 ____D C:\Users\Vivek\AppData\Local\Avg2013
2013-06-09 11:22 - 2013-04-20 15:44 - 00000000 ____D C:\ProgramData\MFAData
2013-06-09 11:17 - 2013-06-09 11:17 - 00104712 ____A C:\Users\Vivek\Desktop\OTL.Txt
2013-06-09 11:17 - 2013-06-09 11:17 - 00046738 ____A C:\Users\Vivek\Desktop\Extras.Txt
2013-06-09 11:14 - 2013-06-09 11:14 - 00602112 ____A (OldTimer Tools) C:\Users\Vivek\Desktop\OTL.exe
2013-06-09 11:08 - 2013-06-09 11:08 - 00000620 ____A C:\Users\Vivek\Desktop\JRT.txt
2013-06-09 11:07 - 2013-06-09 11:07 - 00000000 ____D C:\Windows\ERUNT
2013-06-09 11:07 - 2013-06-09 11:06 - 00000000 ____D C:\JRT
2013-06-09 11:06 - 2013-06-09 11:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Vivek\Desktop\JRT.exe
2013-06-09 11:02 - 2013-06-09 11:02 - 00001071 ____A C:\Users\Vivek\Desktop\AdwCleaner[S1].txt
2013-06-09 11:01 - 2013-06-09 11:00 - 00001071 ____A C:\AdwCleaner[S1].txt
2013-06-09 11:01 - 2012-07-26 00:46 - 01342768 ____A C:\Windows\PFRO.log
2013-06-09 10:59 - 2013-06-09 10:58 - 00648201 ____A C:\Users\Vivek\Desktop\adwcleaner.exe
2013-06-08 18:22 - 2013-06-07 18:21 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-08 18:22 - 2013-05-11 11:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-08 18:22 - 2013-05-11 11:23 - 00000000 ____D C:\ProgramData\Adobe
2013-06-08 18:22 - 2013-05-07 12:23 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\ICAClient
2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\Users\Vivek\AppData\Local\Citrix
2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\ProgramData\Citrix
2013-06-08 18:22 - 2013-05-07 12:22 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-06-08 18:22 - 2013-05-07 12:17 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-06-08 18:22 - 2013-05-07 12:16 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-08 18:22 - 2013-04-21 13:31 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\vlc
2013-06-08 18:22 - 2013-04-21 13:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-08 18:22 - 2013-04-21 12:52 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\uTorrent
2013-06-08 18:22 - 2013-04-20 15:10 - 00000000 ____D C:\Users\Vivek\AppData\Local\Google
2013-06-08 18:22 - 2013-04-20 15:06 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Adobe
2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\registration
2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-06-08 18:22 - 2012-07-26 16:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-06-08 18:22 - 2012-07-26 13:37 - 00000000 ____D C:\Windows\servicing
2013-06-08 16:24 - 2012-07-26 01:10 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-08 12:59 - 2013-06-08 12:10 - 00000000 ____D C:\FRST
2013-06-08 12:13 - 2013-06-08 11:02 - 00000000 ____D C:\Users\Vivek\Desktop\Virus
2013-06-08 12:11 - 2013-06-08 12:58 - 00039162 ____A C:\Users\Vivek\Desktop\FRST.txt
2013-06-08 12:11 - 2013-06-08 12:58 - 00012924 ____A C:\Users\Vivek\Desktop\Addition.txt
2013-06-08 12:07 - 2013-06-08 12:58 - 01919218 ____A (Farbar) C:\Users\Vivek\Desktop\FRST64.exe
2013-06-08 11:20 - 2013-06-08 11:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Malwarebytes
2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-08 10:26 - 2013-06-08 10:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 10:23 - 2013-06-08 10:23 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-08 10:23 - 2013-06-08 10:23 - 00281640 ____A C:\Windows\Minidump\060813-9906-01.dmp
2013-06-08 10:23 - 2013-05-07 01:46 - 380871978 ____A C:\Windows\MEMORY.DMP
2013-06-08 10:23 - 2013-05-07 01:46 - 00000000 ____D C:\Windows\Minidump
2013-06-08 10:23 - 2013-04-20 15:06 - 00000000 ____D C:\users\Vivek
2013-06-05 22:54 - 2013-05-18 17:05 - 00011674 ____A C:\Users\Vivek\Desktop\CarComparison.xlsx
2013-06-04 16:14 - 2013-04-21 18:21 - 00000000 ____D C:\Users\Vivek\Documents\Outlook Files
2013-06-04 09:04 - 2013-04-20 15:06 - 00000000 ____D C:\Users\Vivek\AppData\Local\VirtualStore
2013-06-04 09:01 - 2013-06-04 09:01 - 00000000 ____D C:\ProgramData\Macrovision
2013-06-04 09:00 - 2012-07-26 01:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-04 08:56 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\rescache
2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\WinStore
2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2013-06-04 08:19 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\System32\en-GB
2013-06-03 00:12 - 2013-04-20 15:50 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-03 00:12 - 2012-07-26 13:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-02 21:37 - 2012-07-26 16:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-05-17 13:33 - 2013-04-21 15:21 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-17 12:49 - 2013-05-17 12:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2013-05-17 12:49 - 2013-04-21 13:11 - 00000000 ____D C:\Users\Vivek\AppData\Roaming\Apple Computer
2013-05-16 20:55 - 2013-05-16 20:55 - 00561048 ____A C:\Windows\Minidump\051613-11109-01.dmp
2013-05-11 11:29 - 2013-05-11 11:29 - 00000000 ____D C:\Users\Vivek\AppData\Local\Adobe
2013-05-11 11:28 - 2013-05-11 11:28 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-11 01:37 - 2013-05-11 01:37 - 00679352 ____A C:\Windows\Minidump\051113-11062-01.dmp
2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-05-10 10:24 - 2013-05-10 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-03 00:20

==================== End Of Log ============================

 

[Broni]

Very good

Please re-run MBAM, RogueKiller and MBAR (in that order).

 

[vekky]

MBAM Log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.07.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
Vivek :: VIVEKDESKTOP [administrator]

Protection: Disabled

9/06/2013 12:57:50 PM
mbam-log-2013-06-09 (12-57-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211675
Time elapsed: 1 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[vekky]

RogueKiller Log

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Vivek [Admin rights]
Mode : Remove -- Date : 06/09/2013 13:01:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
--- User ---
[MBR] 4b54ccd594ac755973a297ef29013769
[BSP] bdb89f7a832e32e143bfd97417e0a99b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 114121 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST1000DM003-1CH162 +++++
--- User ---
[MBR] f4f2ba52264772206c3d7a60c5cab9d4
[BSP] bc5903bd79df211ff7449cf8503ec114 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: USB 2.0 Flash Drive USB Device +++++
--- User ---
[MBR] ea5847b14abd1d47895cb72e10dc4b49
[BSP] 5fcd8e5f3be24752631b410508e92be7 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2552 | Size: 961 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06092013_02d1301.txt >>
RKreport[1]_S_06092013_02d1300.txt ; RKreport[2]_D_06092013_02d1301.txt

 

[vekky]

MBAR Log

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.08.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
Vivek :: VIVEKDESKTOP [administrator]

9/06/2013 1:03:55 PM
-log-2013-06-09 (13-03-55).txt

Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUP
Objects scanned: 0
Time elapsed:

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[vekky]

System Log - I pasted from todays log as it seems that the file has all the logs. I searched by date.

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16580

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.410000 GHz
Memory total: 8537436160, free: 6368460800

Downloaded database version: v2013.06.08.01
Downloaded database version: v2013.06.08.02
Downloaded database version: v2013.06.08.03
Downloaded database version: v2013.06.08.04
Downloaded database version: v2013.06.08.05
Downloaded database version: v2013.06.08.06
Initializing...
------------ Kernel report ------------
06/09/2013 13:03:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\avgfwd6a.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\Drivers\exfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\system32\drivers\IOMap64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800a8c1060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000049\
Lower Device Object: 0xfffffa800a8c5b00
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008d10060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003c\
Lower Device Object: 0xfffffa8006dd6060
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8008d11060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003b\
Lower Device Object: 0xfffffa8006dd8060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008d11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008d11b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008d11060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006dfe400, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006dd8060, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F20632BD

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 233719808

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008d10060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008d10b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008d10060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8006b8de40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006dd6060, DeviceName: \Device\0000003c\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2E24DA9

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800a8c1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a8c2640, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a8c1060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800a8c5b00, DeviceName: \Device\00000049\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 509AB85B

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2552 Numsec = 1969672
Partition file system is exFAT
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1009778688 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\programdata\avg2013\chjw\b03890d938909fc0.dat:86e26470-da5e-4535-9a1c-5c005a007668" is sparse (flags = 32768)
Read File: File "c:\programdata\avg2013\chjw\b03890d938909fc0.dat:d581b65a-11ae-4862-8659-b902571c171d" is sparse (flags = 32768)
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_2_0_2552_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...
Removal finished

 

[Broni]

Very good

It's bed time here so this is going to be my last reply for tonight.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[vekky]

No worries, I will follow the steps. Thank you for your help. Speak tomorrow

 

[vekky]

Checkup.txt

Results of screen317's Security Check version 0.99.64
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2013
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Reader XI
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[vekky]

FSS Log

Farbar Service Scanner Version: 31-05-2013 01
Ran by Vivek (administrator) on 09-06-2013 at 13:21:12
Running from "C:\Users\Vivek\Desktop"
Windows 8 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-21 15:18] - [2013-03-02 17:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2013-06-02 21:29] - [2013-04-09 12:51] - 0099840 ____A (Microsoft Corporation) 012CFE7F0F95266F554EE3B91EE2128A

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-21 15:18] - [2013-03-02 10:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-04-21 15:11] - [2013-01-29 07:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-04-21 15:11] - [2013-01-29 09:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[vekky]

TFC Screen Caps

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Vivek
->Temp folder emptied: 1775028 bytes
->Temporary Internet Files folder emptied: 102198 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 125236421 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1894237 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 1109 bytes
Process complete!

Total Files Cleaned = 123.00 mb

 

[vekky]

ESET Result

Scanned Files: 196653
Infected Files: 0
Cleaned Files: 0
Total Scan Time: 00:43:18
Scan Status: Finished

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[vekky]

Thank you very much for your help Broni. I'll definitely be recommending you and this site and will make a donation.

One last quick question. What free antivirus would you recommend? I have been using AVG but am thinking if I should change to something else.

 

[Broni]

If you read #13 you'll see it really doesn't matter which AV program you use.
There is no perfect security program and it's always about your computing habits.

 

[Broni]

The issue seems to be resolved.

 

[vekky]

Yes this issue has been resolved. Thank you for your help. The computer is doing well now and no signs of the trojan horse.

 

[Broni]