PDA

View Full Version : i dont know whats wrong



Anton_eric
2014-03-07, 04:58
i have been strarting to get a lot of pop up ads lately and computer running slowly and fake anti virus ads popping up when computer is not in use.1127211273

OCD
2014-03-07, 05:02
Hi Anton_eric,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:


I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt

Anton_eric
2014-03-07, 16:48
there you go thank you for helping me so much

OCD
2014-03-07, 17:38
In future replies please do not attach files unless specifically asked to do so, just copy and paste into the reply window. I appreciate your cooperation.

---------------------------

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Mozilla Firefox 25.0.1 Firefox out of Date!
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

==================================

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-07 08:21:52
-----------------------------
08:21:52.468 OS Version: Windows x64 6.1.7601 Service Pack 1
08:21:52.468 Number of processors: 8 586 0x1E05
08:21:52.469 ComputerName: ANTON-PC UserName: Anton
08:21:53.112 Initialize success
08:33:27.228 AVAST engine defs: 14030700
08:36:19.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:36:19.987 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
08:36:19.989 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
08:36:19.991 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
08:36:20.230 Disk 0 MBR read successfully
08:36:20.232 Disk 0 MBR scan
08:36:20.235 Disk 0 Windows 7 default MBR code
08:36:20.238 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
08:36:20.359 Disk 0 scanning C:\Windows\system32\drivers
08:36:27.329 Service scanning
08:36:51.802 Modules scanning
08:36:51.807 Disk 0 trace - called modules:
08:36:51.818 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:36:51.822 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dda4790]
08:36:51.825 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800db64580]
08:36:51.829 5 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800db6a060]
08:36:52.526 AVAST engine scan C:\Windows
08:36:53.607 AVAST engine scan C:\Windows\system32
08:39:42.325 AVAST engine scan C:\Windows\system32\drivers
08:39:50.765 AVAST engine scan C:\Users\Anton
08:42:07.191 AVAST engine scan C:\ProgramData
08:42:48.646 Scan finished successfully
08:45:52.996 Disk 0 MBR has been saved successfully to "C:\Users\Anton\Desktop\MBR.dat"
08:45:53.000 The log file has been saved successfully to "C:\Users\Anton\Desktop\aswMBR.txt"

OCD
2014-03-07, 17:39
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014
Ran by Anton (administrator) on ANTON-PC on 07-03-2014 08:24:16
Running from C:\Users\Anton\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(weDownload) C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5317136 2014-02-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-772803573-4249959648-332304230-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72C32F1F38BDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254 142.165.21.5

FireFox:
========
FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\searchplugins\conduit-search.xml
FF Extension: The weDownload Manager - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014-03-05]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (The weDownload Manager) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1510896 2014-02-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3746112 2014-02-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [314048 2014-02-06] (AVG Technologies CZ, s.r.o.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [233752 2014-02-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [220952 2013-12-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [326936 2014-01-12] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [129304 2014-02-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2013-12-15] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251160 2014-01-19] (AVG Technologies CZ, s.r.o.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U3 aswMBR; \??\C:\Users\Anton\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 08:24 - 2014-03-07 08:24 - 00012755 _____ () C:\Users\Anton\Downloads\FRST.txt
2014-03-07 08:23 - 2014-03-07 08:24 - 00000000 ____D () C:\FRST
2014-03-07 08:23 - 2014-03-07 08:23 - 02156544 _____ (Farbar) C:\Users\Anton\Downloads\FRST64.exe
2014-03-07 08:21 - 2014-03-07 08:21 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe
2014-03-07 08:20 - 2014-03-07 08:20 - 00000932 _____ () C:\Users\Anton\Desktop\checkup.txt
2014-03-07 08:19 - 2014-03-07 08:19 - 00987442 _____ () C:\Users\Anton\Downloads\SecurityCheck.exe
2014-03-06 20:52 - 2014-03-06 20:53 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR.exe
2014-03-06 20:52 - 2014-03-06 20:52 - 00688992 ____R (Swearware) C:\Users\Anton\Downloads\dds.scr
2014-03-06 13:51 - 2014-03-06 13:51 - 00007454 _____ () C:\Users\Anton\Desktop\more proof of payment.txt
2014-03-06 13:49 - 2014-03-06 13:49 - 00003538 _____ () C:\Users\Anton\Desktop\Paypal proof.txt
2014-03-06 09:12 - 2014-03-06 09:12 - 836371410 _____ () C:\Windows\MEMORY.DMP
2014-03-06 09:12 - 2014-03-06 09:12 - 00291616 _____ () C:\Windows\Minidump\030614-72218-01.dmp
2014-03-06 09:12 - 2014-03-06 09:12 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-05 22:08 - 2014-03-05 22:08 - 00108056 _____ () C:\Users\Anton\Downloads\Installer.exe
2014-03-05 22:05 - 2014-03-07 08:17 - 00003136 _____ () C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00002542 _____ () C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00001548 _____ () C:\Windows\Tasks\The weDownload Manager-codedownloader.job
2014-03-05 22:05 - 2014-03-05 22:05 - 00004578 _____ () C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
2014-03-05 22:05 - 2014-03-05 22:05 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-03-05 22:04 - 2014-03-05 22:04 - 24677393 _____ () C:\Users\Anton\Downloads\vlc2.1.3win32.exe
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Users\Anton\AppData\Local\SearchProtect
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1639792578
2014-03-05 22:03 - 2014-03-05 22:03 - 00607192 _____ () C:\Users\Anton\Downloads\vlc media player setup.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00058016 _____ () C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 18:44 - 2014-03-05 18:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 18:44 - 2014-03-05 18:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 18:42 - 2014-03-05 18:43 - 34829472 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetupFull.exe
2014-03-05 16:28 - 2014-03-05 16:28 - 00000000 ____D () C:\Users\Anton\AppData\Local\Skype
2014-03-05 16:27 - 2014-03-07 08:19 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Skype
2014-03-05 16:27 - 2014-03-05 18:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 16:26 - 2014-03-05 16:26 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetup.exe
2014-03-04 16:05 - 2014-03-04 16:06 - 00321680 _____ (Right Soft) C:\Users\Anton\Downloads\the.big.bang.theory.601.hdtv-lol.mp4.exe
2014-03-04 09:04 - 2014-03-07 08:17 - 00002408 _____ () C:\Windows\setupact.log
2014-03-04 09:04 - 2014-03-04 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 17:01 - 2014-03-01 17:01 - 00016100 _____ () C:\Users\Anton\Downloads\D51E9D07C4BE063D28385346CA484416D504F56F.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1 (1).torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE.torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE (1).torrent
2014-02-26 08:57 - 2014-02-26 08:57 - 00000000 ____D () C:\Windows\Sun
2014-02-17 17:14 - 2014-02-17 17:15 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 17:14 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 17:10 - 2014-02-17 17:12 - 148896080 _____ (Apple Inc.) C:\Users\Anton\Downloads\iTunes64Setup.exe
2014-02-16 19:10 - 2014-02-16 19:10 - 00055031 _____ () C:\Users\Anton\Downloads\Enders.Game.2013.BDRip.X264-SPARKS.torrent
2014-02-13 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E.torrent
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E (1).torrent
2014-02-12 12:55 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 12:55 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:55 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:55 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:55 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:55 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:55 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:55 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:55 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:55 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:55 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:55 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:55 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:55 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:55 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008) (1).torrent
2014-02-08 10:40 - 2014-02-08 10:40 - 00008801 _____ () C:\Users\Anton\Downloads\420FFA5CB90241D398A75FA6AB314B4D7B7E1EAC.torrent
2014-02-08 10:37 - 2014-02-08 10:37 - 00017492 _____ () C:\Users\Anton\Downloads\6393195B9986C748E4F8E7CCB4F10C72F6CE7BBC.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897 (1).torrent
2014-02-06 16:33 - 2014-02-06 16:33 - 00233752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-02-06 16:33 - 2014-02-06 16:33 - 00129304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

2014-03-07 08:24 - 2014-03-07 08:24 - 00012755 _____ () C:\Users\Anton\Downloads\FRST.txt
2014-03-07 08:24 - 2014-03-07 08:23 - 00000000 ____D () C:\FRST
2014-03-07 08:23 - 2014-03-07 08:23 - 02156544 _____ (Farbar) C:\Users\Anton\Downloads\FRST64.exe
2014-03-07 08:23 - 2013-09-30 19:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-07 08:21 - 2014-03-07 08:21 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe
2014-03-07 08:20 - 2014-03-07 08:20 - 00000932 _____ () C:\Users\Anton\Desktop\checkup.txt
2014-03-07 08:19 - 2014-03-07 08:19 - 00987442 _____ () C:\Users\Anton\Downloads\SecurityCheck.exe
2014-03-07 08:19 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Skype
2014-03-07 08:19 - 2013-09-29 10:26 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 08:18 - 2013-09-29 11:09 - 01061845 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 08:17 - 2014-03-05 22:05 - 00003136 _____ () C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job
2014-03-07 08:17 - 2014-03-05 22:05 - 00002542 _____ () C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
2014-03-07 08:17 - 2014-03-05 22:05 - 00001548 _____ () C:\Windows\Tasks\The weDownload Manager-codedownloader.job
2014-03-07 08:17 - 2014-03-04 09:04 - 00002408 _____ () C:\Windows\setupact.log
2014-03-07 08:17 - 2013-11-15 21:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 08:17 - 2013-09-30 11:38 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-03-07 00:50 - 2013-09-29 10:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 20:53 - 2014-03-06 20:52 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR.exe
2014-03-06 20:52 - 2014-03-06 20:52 - 00688992 ____R (Swearware) C:\Users\Anton\Downloads\dds.scr
2014-03-06 13:51 - 2014-03-06 13:51 - 00007454 _____ () C:\Users\Anton\Desktop\more proof of payment.txt
2014-03-06 13:49 - 2014-03-06 13:49 - 00003538 _____ () C:\Users\Anton\Desktop\Paypal proof.txt
2014-03-06 09:20 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 09:20 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 09:17 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 09:12 - 2014-03-06 09:12 - 836371410 _____ () C:\Windows\MEMORY.DMP
2014-03-06 09:12 - 2014-03-06 09:12 - 00291616 _____ () C:\Windows\Minidump\030614-72218-01.dmp
2014-03-06 09:12 - 2014-03-06 09:12 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 09:12 - 2013-10-04 01:30 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 09:12 - 2013-09-29 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-06 09:12 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 08:58 - 2013-12-19 07:59 - 00000208 _____ () C:\Users\Anton\AppData\Roaming\WB.CFG
2014-03-05 22:08 - 2014-03-05 22:08 - 00108056 _____ () C:\Users\Anton\Downloads\Installer.exe
2014-03-05 22:05 - 2014-03-05 22:05 - 00004578 _____ () C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
2014-03-05 22:05 - 2014-03-05 22:05 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-03-05 22:04 - 2014-03-05 22:04 - 24677393 _____ () C:\Users\Anton\Downloads\vlc2.1.3win32.exe
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Users\Anton\AppData\Local\SearchProtect
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1639792578
2014-03-05 22:03 - 2014-03-05 22:03 - 00607192 _____ () C:\Users\Anton\Downloads\vlc media player setup.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00058016 _____ () C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 18:44 - 2014-03-05 18:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 18:44 - 2014-03-05 18:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 18:44 - 2014-03-05 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 18:43 - 2014-03-05 18:42 - 34829472 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetupFull.exe
2014-03-05 17:21 - 2013-11-07 08:50 - 00000024 _____ () C:\Users\Anton\random.dat
2014-03-05 16:28 - 2014-03-05 16:28 - 00000000 ____D () C:\Users\Anton\AppData\Local\Skype
2014-03-05 16:26 - 2014-03-05 16:26 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetup.exe
2014-03-05 15:55 - 2013-11-07 08:50 - 00000044 _____ () C:\Users\Anton\jagex_cl_runescape_LIVE.dat
2014-03-04 16:06 - 2014-03-04 16:05 - 00321680 _____ (Right Soft) C:\Users\Anton\Downloads\the.big.bang.theory.601.hdtv-lol.mp4.exe
2014-03-04 09:08 - 2013-09-29 10:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 09:04 - 2014-03-04 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-02 21:26 - 2013-12-23 14:39 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\TS3Client
2014-03-02 21:26 - 2013-10-06 09:41 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Azureus
2014-03-02 21:24 - 2013-09-29 12:06 - 00000000 ____D () C:\Windows\Panther
2014-03-01 17:01 - 2014-03-01 17:01 - 00016100 _____ () C:\Users\Anton\Downloads\D51E9D07C4BE063D28385346CA484416D504F56F.torrent
2014-03-01 02:04 - 2013-10-06 14:42 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\vlc
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1 (1).torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE.torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE (1).torrent
2014-02-26 08:57 - 2014-02-26 08:57 - 00000000 ____D () C:\Windows\Sun
2014-02-22 00:44 - 2013-09-30 19:36 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-20 22:07 - 2013-11-15 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:07 - 2013-11-15 21:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:07 - 2013-11-15 21:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 17:15 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 17:12 - 2014-02-17 17:10 - 148896080 _____ (Apple Inc.) C:\Users\Anton\Downloads\iTunes64Setup.exe
2014-02-17 03:01 - 2013-10-12 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:00 - 2013-10-12 16:50 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 19:10 - 2014-02-16 19:10 - 00055031 _____ () C:\Users\Anton\Downloads\Enders.Game.2013.BDRip.X264-SPARKS.torrent
2014-02-14 12:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 00:14 - 2013-09-29 10:26 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 00:14 - 2013-09-29 10:26 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 00:13 - 2013-09-30 11:38 - 00003232 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-02-13 03:02 - 2013-09-29 11:51 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E.torrent
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E (1).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008) (1).torrent
2014-02-08 10:40 - 2014-02-08 10:40 - 00008801 _____ () C:\Users\Anton\Downloads\420FFA5CB90241D398A75FA6AB314B4D7B7E1EAC.torrent
2014-02-08 10:37 - 2014-02-08 10:37 - 00017492 _____ () C:\Users\Anton\Downloads\6393195B9986C748E4F8E7CCB4F10C72F6CE7BBC.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897 (1).torrent
2014-02-06 16:33 - 2014-02-06 16:33 - 00233752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-02-06 16:33 - 2014-02-06 16:33 - 00129304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-02-06 06:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\Users\Anton\jagex_cl_runescape_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat
C:\Users\Anton\random.dat


Some content of TEMP:
====================
C:\Users\Anton\AppData\Local\Temp\1393859675_the_wedownload_manager.exe
C:\Users\Anton\AppData\Local\Temp\nsa3432.exe
C:\Users\Anton\AppData\Local\Temp\nsd2FBC.exe
C:\Users\Anton\AppData\Local\Temp\nsh2C7F.exe
C:\Users\Anton\AppData\Local\Temp\nsiF05C.exe
C:\Users\Anton\AppData\Local\Temp\nsmED6D.exe
C:\Users\Anton\AppData\Local\Temp\nsvEA4F.exe
C:\Users\Anton\AppData\Local\Temp\sp_downloader.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 10:15

==================== End Of Log ============================

OCD
2014-03-07, 17:40
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014
Ran by Anton at 2014-03-07 08:24:34
Running from C:\Users\Anton\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4516 - AVG Technologies)
AVG 2014 (Version: 14.0.3849 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4516 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum3) (Version: 3 - Friends in War)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.2.13 - weDownload) <==== ATTENTION
UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)

==================== Restore Points =========================

13-02-2014 09:00:28 Windows Update
17-02-2014 09:00:29 Windows Update
17-02-2014 23:13:49 Installed iTunes
26-02-2014 22:21:23 Scheduled Checkpoint
06-03-2014 00:00:08 Removed Skype™ 6.14

==================== Hosts content: ==========================

2009-07-13 20:34 - 2014-02-17 10:38 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0518CEC9-7690-4840-88CB-853842522BAC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {10EA055F-4230-4B89-8109-F54159E493AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: {20A9781B-ACEC-4C6C-A723-9385E5B5B4D4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {21B659B3-F542-4A26-8A4C-DEF2A80EC80D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {46E1574A-9508-4DB8-98C8-1126B9CFEC8C} - System32\Tasks\UpdaterEX => C:\Users\Anton\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5F2B032B-CDE6-4F14-B9EA-010D2946521A} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {71C35A47-CE0E-4817-AA81-30BDAA733243} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D3F5ACA-B849-46FC-8A9D-3C59091E1A17} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {9314D34B-F1CC-4CAD-A922-EED0001D7559} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {A2728642-4FAF-4534-B4FB-EE60AA418F09} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {BC3D24F1-2B68-4EE5-99EF-2D938BC493F0} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {C3ACA96D-714C-47D3-8C7E-48E8A116C119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Anton\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-29 11:52 - 2013-12-19 12:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-30 19:15 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-30 19:15 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-30 19:15 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-04 09:08 - 2014-03-01 20:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953


System errors:
=============
Error: (03/06/2014 01:45:32 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/06/2014 09:13:22 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2

Error: (03/06/2014 09:12:36 AM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff880019ddc14, 0xfffff88008b45d50, 0x0000000000000000)C:\Windows\MEMORY.DMP030614-72218-01

Error: (03/06/2014 09:12:20 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:09:40 AM on ‎3/‎6/‎2014 was unexpected.

Error: (03/06/2014 09:03:41 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2014 10:48:07 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:48:02 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:47:54 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:47:49 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:47:38 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 16375.12 MB
Available physical RAM: 13586.98 MB
Total Pagefile: 32748.41 MB
Available Pagefile: 29343.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:65.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1862.89 GB) (Free:1829.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1FC31FC3)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: D0BB04F3)

Partition: GPT Partition Type.

==================== End Of Log ============================

OCD
2014-03-07, 17:59
Hi Anton_eric,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) P2P - (Peer to Peer)

I see you have/had P2P software Vuze installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Vuze
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33...12AEAF07&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\searchplugins\conduit-search.xml
FF Extension: The weDownload Manager - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014-03-05]
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
CHR Extension: (The weDownload Manager) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode [2014-03-06]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
2014-03-05 22:05 - 2014-03-07 08:17 - 00003136 _____ () C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00002542 _____ () C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00001548 _____ () C:\Windows\Tasks\The weDownload Manager-codedownloader.job
2014-03-05 22:05 - 2014-03-05 22:05 - 00004578 _____ () C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
2014-03-05 22:05 - 2014-03-05 22:05 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Users\Anton\AppData\Local\SearchProtect
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1639792578
Task: {46E1574A-9508-4DB8-98C8-1126B9CFEC8C} - System32\Tasks\UpdaterEX => C:\Users\Anton\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5F2B032B-CDE6-4F14-B9EA-010D2946521A} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {7D3F5ACA-B849-46FC-8A9D-3C59091E1A17} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {BC3D24F1-2B68-4EE5-99EF-2D938BC493F0} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Anton\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

File:
C:\Users\Anton\jagex_cl_runescape_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat
C:\Users\Anton\random.dat


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a log file (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that log file in your next reply.
A copy of all log files are saved in the C:\AdwCleaner folder which was created when running the tool.

=========================

In your next post please provide the following:

Fixlog.txt
AdwCleaner[R0].txt
What symptoms are you experiencing?

Anton_eric
2014-03-07, 19:24
# AdwCleaner v3.020 - Report created 07/03/2014 at 11:21:14
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anton - ANTON-PC
# Running from : C:\Users\Anton\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Windows\System32\roboot64.exe
Folder Found C:\Program Files (x86)\Vuze
Folder Found C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found C:\Users\Anton\AppData\Roaming\UpdaterEX
Folder Found C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Found : HKCU\Software\UpdaterEX
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url
Found : keyword
Found : homepage
Found : search_url
Found : homepage
Found : search_url

*************************

AdwCleaner[R0].txt - [3057 octets] - [07/03/2014 11:21:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3117 octets] ##########




Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2014
Ran by Anton at 2014-03-07 11:20:26 Run:1
Running from C:\Users\Anton\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33...12AEAF07&SSPV=
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\searchplugins\conduit-search.xml
FF Extension: The weDownload Manager - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014-03-05]
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
CHR Extension: (The weDownload Manager) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode [2014-03-06]
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
2014-03-05 22:05 - 2014-03-07 08:17 - 00003136 _____ () C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00002542 _____ () C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00001548 _____ () C:\Windows\Tasks\The weDownload Manager-codedownloader.job
2014-03-05 22:05 - 2014-03-05 22:05 - 00004578 _____ () C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
2014-03-05 22:05 - 2014-03-05 22:05 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Users\Anton\AppData\Local\SearchProtect
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1639792578
Task: {46E1574A-9508-4DB8-98C8-1126B9CFEC8C} - System32\Tasks\UpdaterEX => C:\Users\Anton\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5F2B032B-CDE6-4F14-B9EA-010D2946521A} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {7D3F5ACA-B849-46FC-8A9D-3C59091E1A17} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {BC3D24F1-2B68-4EE5-99EF-2D938BC493F0} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Anton\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

File:
C:\Users\Anton\jagex_cl_runescape_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat
C:\Users\Anton\random.dat
*****************

"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox newtab deleted successfully.
HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com => Moved successfully.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode => Moved successfully.
CltMngSvc => Service deleted successfully.
C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job => Moved successfully.
C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job => Moved successfully.
C:\Windows\Tasks\The weDownload Manager-codedownloader.job => Moved successfully.
C:\Windows\System32\Tasks\The weDownload Manager-codedownloader => Moved successfully.
C:\Program Files (x86)\The weDownload Manager => Moved successfully.
C:\Users\Anton\AppData\Local\SearchProtect => Moved successfully.
C:\Program Files (x86)\SearchProtect1639792578 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46E1574A-9508-4DB8-98C8-1126B9CFEC8C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46E1574A-9508-4DB8-98C8-1126B9CFEC8C} => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F2B032B-CDE6-4F14-B9EA-010D2946521A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F2B032B-CDE6-4F14-B9EA-010D2946521A} => Key deleted successfully.
C:\Windows\System32\Tasks\The weDownload Manager-codedownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D3F5ACA-B849-46FC-8A9D-3C59091E1A17} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D3F5ACA-B849-46FC-8A9D-3C59091E1A17} => Key deleted successfully.
C:\Windows\System32\Tasks\The weDownload Manager-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC3D24F1-2B68-4EE5-99EF-2D938BC493F0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC3D24F1-2B68-4EE5-99EF-2D938BC493F0} => Key deleted successfully.
C:\Windows\System32\Tasks\The weDownload Manager-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The weDownload Manager-chromeinstaller => Key deleted successfully.
C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job not found.
C:\Windows\Tasks\The weDownload Manager-codedownloader.job not found.
C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job not found.
C:\Windows\Tasks\UpdaterEX.job => Moved successfully.

========================= File: ========================

"File:" not found.
====== End Of File: ======

C:\Users\Anton\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Anton\random.dat => Moved successfully.

==== End of Fixlog ====


i am still getting random pop ups coming up even when the browsers are closed.

OCD
2014-03-08, 05:08
Hi Anton_eric,

What have you decided about the P2P (Vuze) installed?


i am still getting random pop ups coming up even when the browsers are closed.
What do the pop-ups pertain to? Give as much detail as possible.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Set your default search engine in Chrome

Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Settings
In the "Search" section, select the search engine you want to use from the menu. If the search engine you want to use doesn't appear in the menu, click Manage search engines.
In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
Click the Make Default button that appears in the row.
If the search engine you want to use isn't on this list, you can first add it as a new search engine option. (http://support.google.com/chrome/bin/answer.py?answer=95653)

If the "Make Default" button doesn't appear for the search engine you've selected, you may need to edit its URL (http://support.google.com/chrome/bin/answer.py?answer=95653&expand=sc1).

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Delete cache and other browser data in Chrome

Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.

Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Autofill form data
Clear data from hosted apps
Deauthorize content licenses

Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner

It should be on your desktop

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:

AdwCleaner[S0].txt
FRST.txt
Answers about Vuze & pop-ups

Anton_eric
2014-03-09, 04:38
ill keep vuze for now pop ups seem to be gone though! but here are the other logs as per your request
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014
Ran by Anton (administrator) on ANTON-PC on 08-03-2014 20:36:01
Running from C:\Users\Anton\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5317136 2014-02-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-772803573-4249959648-332304230-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72C32F1F38BDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254 142.165.21.5

FireFox:
========
FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Google Wallet) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1510896 2014-02-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3746112 2014-02-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [314048 2014-02-06] (AVG Technologies CZ, s.r.o.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [233752 2014-02-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [220952 2013-12-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [326936 2014-01-12] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [129304 2014-02-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2013-12-15] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251160 2014-01-19] (AVG Technologies CZ, s.r.o.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 20:36 - 2014-03-08 20:36 - 00010256 _____ () C:\Users\Anton\Desktop\FRST.txt
2014-03-08 20:35 - 2014-03-08 20:35 - 00003211 _____ () C:\Users\Anton\Desktop\AdwCleaner[S0].txt
2014-03-08 09:13 - 2014-03-08 09:13 - 00002133 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-03-08 09:13 - 2014-03-08 09:13 - 00000000 ____D () C:\Users\Anton\Documents\My Games
2014-03-08 09:13 - 2014-03-08 09:13 - 00000000 ____D () C:\Program Files (x86)\Grinding Gear Games
2014-03-08 09:13 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-03-08 09:12 - 2014-03-08 09:12 - 07548928 _____ () C:\Users\Anton\Downloads\PathOfExileInstaller.msi
2014-03-07 20:56 - 2014-03-07 20:57 - 79454728 _____ () C:\Users\Anton\Downloads\vlcmediaplayer-setup (1).exe
2014-03-07 20:54 - 2014-03-07 20:55 - 79454728 _____ () C:\Users\Anton\Downloads\vlcmediaplayer-setup.exe
2014-03-07 11:21 - 2014-03-08 20:31 - 00000000 ____D () C:\AdwCleaner
2014-03-07 11:20 - 2014-03-07 11:20 - 01244192 _____ () C:\Users\Anton\Downloads\AdwCleaner.exe
2014-03-07 11:19 - 2014-03-07 11:19 - 02156544 _____ (Farbar) C:\Users\Anton\Downloads\FRST64 (1).exe
2014-03-07 08:24 - 2014-03-07 08:24 - 00043614 _____ () C:\Users\Anton\Downloads\FRST.txt
2014-03-07 08:24 - 2014-03-07 08:24 - 00019185 _____ () C:\Users\Anton\Downloads\Addition.txt
2014-03-07 08:23 - 2014-03-08 20:36 - 00000000 ____D () C:\FRST
2014-03-07 08:23 - 2014-03-07 08:23 - 02156544 _____ (Farbar) C:\Users\Anton\Desktop\FRST64.exe
2014-03-07 08:21 - 2014-03-07 08:21 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe
2014-03-07 08:19 - 2014-03-07 08:19 - 00987442 _____ () C:\Users\Anton\Downloads\SecurityCheck.exe
2014-03-06 20:52 - 2014-03-06 20:53 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR.exe
2014-03-06 20:52 - 2014-03-06 20:52 - 00688992 ____R (Swearware) C:\Users\Anton\Downloads\dds.scr
2014-03-06 09:12 - 2014-03-06 09:12 - 836371410 _____ () C:\Windows\MEMORY.DMP
2014-03-06 09:12 - 2014-03-06 09:12 - 00291616 _____ () C:\Windows\Minidump\030614-72218-01.dmp
2014-03-06 09:12 - 2014-03-06 09:12 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-05 22:08 - 2014-03-05 22:08 - 00108056 _____ () C:\Users\Anton\Downloads\Installer.exe
2014-03-05 22:04 - 2014-03-05 22:04 - 24677393 _____ () C:\Users\Anton\Downloads\vlc2.1.3win32.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00607192 _____ () C:\Users\Anton\Downloads\vlc media player setup.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00058016 _____ () C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 18:44 - 2014-03-05 18:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 18:44 - 2014-03-05 18:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 18:42 - 2014-03-05 18:43 - 34829472 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetupFull.exe
2014-03-05 16:28 - 2014-03-05 16:28 - 00000000 ____D () C:\Users\Anton\AppData\Local\Skype
2014-03-05 16:27 - 2014-03-08 20:36 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Skype
2014-03-05 16:27 - 2014-03-05 18:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 16:26 - 2014-03-05 16:26 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetup.exe
2014-03-04 16:05 - 2014-03-04 16:06 - 00321680 _____ (Right Soft) C:\Users\Anton\Downloads\the.big.bang.theory.601.hdtv-lol.mp4.exe
2014-03-04 09:04 - 2014-03-08 20:34 - 00003360 _____ () C:\Windows\setupact.log
2014-03-04 09:04 - 2014-03-04 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 17:01 - 2014-03-01 17:01 - 00016100 _____ () C:\Users\Anton\Downloads\D51E9D07C4BE063D28385346CA484416D504F56F.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1 (1).torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE.torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE (1).torrent
2014-02-26 08:57 - 2014-02-26 08:57 - 00000000 ____D () C:\Windows\Sun
2014-02-17 17:14 - 2014-02-17 17:15 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 17:14 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 17:10 - 2014-02-17 17:12 - 148896080 _____ (Apple Inc.) C:\Users\Anton\Downloads\iTunes64Setup.exe
2014-02-16 19:10 - 2014-02-16 19:10 - 00055031 _____ () C:\Users\Anton\Downloads\Enders.Game.2013.BDRip.X264-SPARKS.torrent
2014-02-13 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E.torrent
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E (1).torrent
2014-02-12 12:55 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 12:55 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:55 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:55 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:55 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:55 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:55 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:55 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:55 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:55 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:55 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:55 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:55 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:55 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:55 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008) (1).torrent
2014-02-08 10:40 - 2014-02-08 10:40 - 00008801 _____ () C:\Users\Anton\Downloads\420FFA5CB90241D398A75FA6AB314B4D7B7E1EAC.torrent
2014-02-08 10:37 - 2014-02-08 10:37 - 00017492 _____ () C:\Users\Anton\Downloads\6393195B9986C748E4F8E7CCB4F10C72F6CE7BBC.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897 (1).torrent
2014-02-06 16:33 - 2014-02-06 16:33 - 00233752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-02-06 16:33 - 2014-02-06 16:33 - 00129304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

2014-03-08 20:36 - 2014-03-08 20:36 - 00010256 _____ () C:\Users\Anton\Desktop\FRST.txt
2014-03-08 20:36 - 2014-03-07 08:23 - 00000000 ____D () C:\FRST
2014-03-08 20:36 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Skype
2014-03-08 20:35 - 2014-03-08 20:35 - 00003211 _____ () C:\Users\Anton\Desktop\AdwCleaner[S0].txt
2014-03-08 20:34 - 2014-03-04 09:04 - 00003360 _____ () C:\Windows\setupact.log
2014-03-08 20:34 - 2013-09-29 10:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 20:33 - 2013-09-29 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-08 20:33 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 20:32 - 2013-09-29 11:09 - 01082743 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 20:31 - 2014-03-07 11:21 - 00000000 ____D () C:\AdwCleaner
2014-03-08 20:19 - 2013-09-29 10:26 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 20:13 - 2013-11-15 21:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 20:01 - 2013-09-30 19:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-08 09:25 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 09:25 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 09:13 - 2014-03-08 09:13 - 00002133 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-03-08 09:13 - 2014-03-08 09:13 - 00000000 ____D () C:\Users\Anton\Documents\My Games
2014-03-08 09:13 - 2014-03-08 09:13 - 00000000 ____D () C:\Program Files (x86)\Grinding Gear Games
2014-03-08 09:12 - 2014-03-08 09:12 - 07548928 _____ () C:\Users\Anton\Downloads\PathOfExileInstaller.msi
2014-03-07 20:58 - 2013-10-06 14:41 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-07 20:57 - 2014-03-07 20:56 - 79454728 _____ () C:\Users\Anton\Downloads\vlcmediaplayer-setup (1).exe
2014-03-07 20:55 - 2014-03-07 20:54 - 79454728 _____ () C:\Users\Anton\Downloads\vlcmediaplayer-setup.exe
2014-03-07 20:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Resources
2014-03-07 11:20 - 2014-03-07 11:20 - 01244192 _____ () C:\Users\Anton\Downloads\AdwCleaner.exe
2014-03-07 11:20 - 2013-09-29 11:16 - 00000000 ____D () C:\Users\Anton
2014-03-07 11:19 - 2014-03-07 11:19 - 02156544 _____ (Farbar) C:\Users\Anton\Downloads\FRST64 (1).exe
2014-03-07 08:24 - 2014-03-07 08:24 - 00043614 _____ () C:\Users\Anton\Downloads\FRST.txt
2014-03-07 08:24 - 2014-03-07 08:24 - 00019185 _____ () C:\Users\Anton\Downloads\Addition.txt
2014-03-07 08:23 - 2014-03-07 08:23 - 02156544 _____ (Farbar) C:\Users\Anton\Desktop\FRST64.exe
2014-03-07 08:21 - 2014-03-07 08:21 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe
2014-03-07 08:19 - 2014-03-07 08:19 - 00987442 _____ () C:\Users\Anton\Downloads\SecurityCheck.exe
2014-03-06 20:53 - 2014-03-06 20:52 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR.exe
2014-03-06 20:52 - 2014-03-06 20:52 - 00688992 ____R (Swearware) C:\Users\Anton\Downloads\dds.scr
2014-03-06 09:17 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 09:12 - 2014-03-06 09:12 - 836371410 _____ () C:\Windows\MEMORY.DMP
2014-03-06 09:12 - 2014-03-06 09:12 - 00291616 _____ () C:\Windows\Minidump\030614-72218-01.dmp
2014-03-06 09:12 - 2014-03-06 09:12 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 09:12 - 2013-10-04 01:30 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 08:58 - 2013-12-19 07:59 - 00000208 _____ () C:\Users\Anton\AppData\Roaming\WB.CFG
2014-03-05 22:08 - 2014-03-05 22:08 - 00108056 _____ () C:\Users\Anton\Downloads\Installer.exe
2014-03-05 22:04 - 2014-03-05 22:04 - 24677393 _____ () C:\Users\Anton\Downloads\vlc2.1.3win32.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00607192 _____ () C:\Users\Anton\Downloads\vlc media player setup.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00058016 _____ () C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 18:44 - 2014-03-05 18:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 18:44 - 2014-03-05 18:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 18:44 - 2014-03-05 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 18:43 - 2014-03-05 18:42 - 34829472 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetupFull.exe
2014-03-05 16:28 - 2014-03-05 16:28 - 00000000 ____D () C:\Users\Anton\AppData\Local\Skype
2014-03-05 16:26 - 2014-03-05 16:26 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetup.exe
2014-03-04 16:06 - 2014-03-04 16:05 - 00321680 _____ (Right Soft) C:\Users\Anton\Downloads\the.big.bang.theory.601.hdtv-lol.mp4.exe
2014-03-04 09:08 - 2013-09-29 10:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 09:04 - 2014-03-04 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-02 21:26 - 2013-12-23 14:39 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\TS3Client
2014-03-02 21:26 - 2013-10-06 09:41 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Azureus
2014-03-02 21:24 - 2013-09-29 12:06 - 00000000 ____D () C:\Windows\Panther
2014-03-01 17:01 - 2014-03-01 17:01 - 00016100 _____ () C:\Users\Anton\Downloads\D51E9D07C4BE063D28385346CA484416D504F56F.torrent
2014-03-01 02:04 - 2013-10-06 14:42 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\vlc
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1 (1).torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE.torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE (1).torrent
2014-02-26 08:57 - 2014-02-26 08:57 - 00000000 ____D () C:\Windows\Sun
2014-02-22 00:44 - 2013-09-30 19:36 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-20 22:07 - 2013-11-15 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:07 - 2013-11-15 21:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:07 - 2013-11-15 21:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 17:15 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 17:12 - 2014-02-17 17:10 - 148896080 _____ (Apple Inc.) C:\Users\Anton\Downloads\iTunes64Setup.exe
2014-02-17 03:01 - 2013-10-12 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:00 - 2013-10-12 16:50 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 19:10 - 2014-02-16 19:10 - 00055031 _____ () C:\Users\Anton\Downloads\Enders.Game.2013.BDRip.X264-SPARKS.torrent
2014-02-14 12:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 00:14 - 2013-09-29 10:26 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 00:14 - 2013-09-29 10:26 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 03:02 - 2013-09-29 11:51 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E.torrent
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E (1).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008) (1).torrent
2014-02-08 10:40 - 2014-02-08 10:40 - 00008801 _____ () C:\Users\Anton\Downloads\420FFA5CB90241D398A75FA6AB314B4D7B7E1EAC.torrent
2014-02-08 10:37 - 2014-02-08 10:37 - 00017492 _____ () C:\Users\Anton\Downloads\6393195B9986C748E4F8E7CCB4F10C72F6CE7BBC.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897 (1).torrent
2014-02-06 16:33 - 2014-02-06 16:33 - 00233752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-02-06 16:33 - 2014-02-06 16:33 - 00129304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-02-06 06:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Anton\AppData\Local\Temp\1393859675_the_wedownload_manager.exe
C:\Users\Anton\AppData\Local\Temp\nsa3432.exe
C:\Users\Anton\AppData\Local\Temp\nsd2FBC.exe
C:\Users\Anton\AppData\Local\Temp\nsf66DD.exe
C:\Users\Anton\AppData\Local\Temp\nsh2C7F.exe
C:\Users\Anton\AppData\Local\Temp\nsiF05C.exe
C:\Users\Anton\AppData\Local\Temp\nsmED6D.exe
C:\Users\Anton\AppData\Local\Temp\nso640D.exe
C:\Users\Anton\AppData\Local\Temp\nsoAFA2.exe
C:\Users\Anton\AppData\Local\Temp\nsqB486.exe
C:\Users\Anton\AppData\Local\Temp\nsvEA4F.exe
C:\Users\Anton\AppData\Local\Temp\nsx618B.exe
C:\Users\Anton\AppData\Local\Temp\nszB204.exe
C:\Users\Anton\AppData\Local\Temp\Quarantine.exe
C:\Users\Anton\AppData\Local\Temp\sp_downloader.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-01 10:15

==================== End Of Log ============================



# AdwCleaner v3.020 - Report created 08/03/2014 at 20:31:51
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anton - ANTON-PC
# Running from : C:\Users\Anton\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
[x] Not Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Anton\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Anton\AppData\Roaming\UpdaterEX
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [3217 octets] - [07/03/2014 11:21:14]
AdwCleaner[R1].txt - [3308 octets] - [08/03/2014 20:31:09]
AdwCleaner[S0].txt - [3071 octets] - [08/03/2014 20:31:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3131 octets] ##########

OCD
2014-03-09, 04:54
Hi Anton_eric,


ill keep vuze for now pop ups seem to be gone though! :bigthumb:

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
How is the computer running at the moment?

OCD
2014-03-12, 16:23
Hi Anton_eric,

Just checking in to see if you still need help?

Anton_eric
2014-03-14, 05:54
sorry was working out of town. yes it seems to be all gone thanks again guys you are awesome

OCD
2014-03-14, 07:43
Hi Anton_eric,

It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :bigthumb:

OCD
2014-03-16, 16:17
Hi Anton_eric,

Just checking in to see if you still need help?

OCD
2014-03-18, 17:29
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.

If you still require help, please start a new topic and include fresh DDS and aswMBR logs, along with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.