i dont know whats wrong

**Anton_eric** · 2014-03-07, 03:58

i have been strarting to get a lot of pop up ads lately and computer running slowly and fake anti virus ads popping up when computer is not in use.dds.txt attach.txt

**OCD** · 2014-03-07, 04:02

Hi Anton_eric,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt

**Anton_eric** · 2014-03-07, 15:48

there you go thank you for helping me so much

**OCD** · 2014-03-07, 16:38

In future replies please do not attach files unless specifically asked to do so, just copy and paste into the reply window. I appreciate your cooperation.

---------------------------

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Mozilla Firefox 25.0.1 Firefox out of Date!
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

==================================

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-07 08:21:52
-----------------------------
08:21:52.468 OS Version: Windows x64 6.1.7601 Service Pack 1
08:21:52.468 Number of processors: 8 586 0x1E05
08:21:52.469 ComputerName: ANTON-PC UserName: Anton
08:21:53.112 Initialize success
08:33:27.228 AVAST engine defs: 14030700
08:36:19.986 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:36:19.987 Disk 0 Vendor: Hitachi_HDS721616PLA380 P22OABEA Size: 152627MB BusType: 3
08:36:19.989 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
08:36:19.991 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
08:36:20.230 Disk 0 MBR read successfully
08:36:20.232 Disk 0 MBR scan
08:36:20.235 Disk 0 Windows 7 default MBR code
08:36:20.238 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
08:36:20.359 Disk 0 scanning C:\Windows\system32\drivers
08:36:27.329 Service scanning
08:36:51.802 Modules scanning
08:36:51.807 Disk 0 trace - called modules:
08:36:51.818 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:36:51.822 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dda4790]
08:36:51.825 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800db64580]
08:36:51.829 5 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800db6a060]
08:36:52.526 AVAST engine scan C:\Windows
08:36:53.607 AVAST engine scan C:\Windows\system32
08:39:42.325 AVAST engine scan C:\Windows\system32\drivers
08:39:50.765 AVAST engine scan C:\Users\Anton
08:42:07.191 AVAST engine scan C:\ProgramData
08:42:48.646 Scan finished successfully
08:45:52.996 Disk 0 MBR has been saved successfully to "C:\Users\Anton\Desktop\MBR.dat"
08:45:53.000 The log file has been saved successfully to "C:\Users\Anton\Desktop\aswMBR.txt"

**OCD** · 2014-03-07, 16:39

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014
Ran by Anton (administrator) on ANTON-PC on 07-03-2014 08:24:16
Running from C:\Users\Anton\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(weDownload) C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5317136 2014-02-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-772803573-4249959648-332304230-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33...12AEAF07&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72C32F1F38BDCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254 142.165.21.5

FireFox:
========
FF ProfilePath: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\searchplugins\conduit-search.xml
FF Extension: The weDownload Manager - C:\Users\Anton\AppData\Roaming\Mozilla\Firefox\Profiles\2hxjrxom.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com [2014-03-05]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&SSPV=
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP7F511950-C5C1-42F4-813D-6A7C12AEAF07&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR Extension: (The weDownload Manager) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1510896 2014-02-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3746112 2014-02-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [314048 2014-02-06] (AVG Technologies CZ, s.r.o.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [233752 2014-02-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [220952 2013-12-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [326936 2014-01-12] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [129304 2014-02-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2013-12-15] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251160 2014-01-19] (AVG Technologies CZ, s.r.o.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U3 aswMBR; \??\C:\Users\Anton\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-07 08:24 - 2014-03-07 08:24 - 00012755 _____ () C:\Users\Anton\Downloads\FRST.txt
2014-03-07 08:23 - 2014-03-07 08:24 - 00000000 ____D () C:\FRST
2014-03-07 08:23 - 2014-03-07 08:23 - 02156544 _____ (Farbar) C:\Users\Anton\Downloads\FRST64.exe
2014-03-07 08:21 - 2014-03-07 08:21 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe
2014-03-07 08:20 - 2014-03-07 08:20 - 00000932 _____ () C:\Users\Anton\Desktop\checkup.txt
2014-03-07 08:19 - 2014-03-07 08:19 - 00987442 _____ () C:\Users\Anton\Downloads\SecurityCheck.exe
2014-03-06 20:52 - 2014-03-06 20:53 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR.exe
2014-03-06 20:52 - 2014-03-06 20:52 - 00688992 ____R (Swearware) C:\Users\Anton\Downloads\dds.scr
2014-03-06 13:51 - 2014-03-06 13:51 - 00007454 _____ () C:\Users\Anton\Desktop\more proof of payment.txt
2014-03-06 13:49 - 2014-03-06 13:49 - 00003538 _____ () C:\Users\Anton\Desktop\Paypal proof.txt
2014-03-06 09:12 - 2014-03-06 09:12 - 836371410 _____ () C:\Windows\MEMORY.DMP
2014-03-06 09:12 - 2014-03-06 09:12 - 00291616 _____ () C:\Windows\Minidump\030614-72218-01.dmp
2014-03-06 09:12 - 2014-03-06 09:12 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-05 22:08 - 2014-03-05 22:08 - 00108056 _____ () C:\Users\Anton\Downloads\Installer.exe
2014-03-05 22:05 - 2014-03-07 08:17 - 00003136 _____ () C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00002542 _____ () C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
2014-03-05 22:05 - 2014-03-07 08:17 - 00001548 _____ () C:\Windows\Tasks\The weDownload Manager-codedownloader.job
2014-03-05 22:05 - 2014-03-05 22:05 - 00004578 _____ () C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
2014-03-05 22:05 - 2014-03-05 22:05 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-03-05 22:04 - 2014-03-05 22:04 - 24677393 _____ () C:\Users\Anton\Downloads\vlc2.1.3win32.exe
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Users\Anton\AppData\Local\SearchProtect
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1639792578
2014-03-05 22:03 - 2014-03-05 22:03 - 00607192 _____ () C:\Users\Anton\Downloads\vlc media player setup.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00058016 _____ () C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 18:44 - 2014-03-05 18:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 18:44 - 2014-03-05 18:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 18:42 - 2014-03-05 18:43 - 34829472 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetupFull.exe
2014-03-05 16:28 - 2014-03-05 16:28 - 00000000 ____D () C:\Users\Anton\AppData\Local\Skype
2014-03-05 16:27 - 2014-03-07 08:19 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Skype
2014-03-05 16:27 - 2014-03-05 18:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 16:26 - 2014-03-05 16:26 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetup.exe
2014-03-04 16:05 - 2014-03-04 16:06 - 00321680 _____ (Right Soft) C:\Users\Anton\Downloads\the.big.bang.theory.601.hdtv-lol.mp4.exe
2014-03-04 09:04 - 2014-03-07 08:17 - 00002408 _____ () C:\Windows\setupact.log
2014-03-04 09:04 - 2014-03-04 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 17:01 - 2014-03-01 17:01 - 00016100 _____ () C:\Users\Anton\Downloads\D51E9D07C4BE063D28385346CA484416D504F56F.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1 (1).torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE.torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE (1).torrent
2014-02-26 08:57 - 2014-02-26 08:57 - 00000000 ____D () C:\Windows\Sun
2014-02-17 17:14 - 2014-02-17 17:15 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 17:14 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 17:10 - 2014-02-17 17:12 - 148896080 _____ (Apple Inc.) C:\Users\Anton\Downloads\iTunes64Setup.exe
2014-02-16 19:10 - 2014-02-16 19:10 - 00055031 _____ () C:\Users\Anton\Downloads\Enders.Game.2013.BDRip.X264-SPARKS.torrent
2014-02-13 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E.torrent
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E (1).torrent
2014-02-12 12:55 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 12:55 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:55 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:55 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:55 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:55 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:55 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:55 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:55 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:55 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:55 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:55 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:55 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:55 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:55 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:55 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:55 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:55 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:55 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008) (1).torrent
2014-02-08 10:40 - 2014-02-08 10:40 - 00008801 _____ () C:\Users\Anton\Downloads\420FFA5CB90241D398A75FA6AB314B4D7B7E1EAC.torrent
2014-02-08 10:37 - 2014-02-08 10:37 - 00017492 _____ () C:\Users\Anton\Downloads\6393195B9986C748E4F8E7CCB4F10C72F6CE7BBC.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897 (1).torrent
2014-02-06 16:33 - 2014-02-06 16:33 - 00233752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-02-06 16:33 - 2014-02-06 16:33 - 00129304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified Files and Folders =======

2014-03-07 08:24 - 2014-03-07 08:24 - 00012755 _____ () C:\Users\Anton\Downloads\FRST.txt
2014-03-07 08:24 - 2014-03-07 08:23 - 00000000 ____D () C:\FRST
2014-03-07 08:23 - 2014-03-07 08:23 - 02156544 _____ (Farbar) C:\Users\Anton\Downloads\FRST64.exe
2014-03-07 08:23 - 2013-09-30 19:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-07 08:21 - 2014-03-07 08:21 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR (1).exe
2014-03-07 08:20 - 2014-03-07 08:20 - 00000932 _____ () C:\Users\Anton\Desktop\checkup.txt
2014-03-07 08:19 - 2014-03-07 08:19 - 00987442 _____ () C:\Users\Anton\Downloads\SecurityCheck.exe
2014-03-07 08:19 - 2014-03-05 16:27 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Skype
2014-03-07 08:19 - 2013-09-29 10:26 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 08:18 - 2013-09-29 11:09 - 01061845 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 08:17 - 2014-03-05 22:05 - 00003136 _____ () C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job
2014-03-07 08:17 - 2014-03-05 22:05 - 00002542 _____ () C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
2014-03-07 08:17 - 2014-03-05 22:05 - 00001548 _____ () C:\Windows\Tasks\The weDownload Manager-codedownloader.job
2014-03-07 08:17 - 2014-03-04 09:04 - 00002408 _____ () C:\Windows\setupact.log
2014-03-07 08:17 - 2013-11-15 21:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 08:17 - 2013-09-30 11:38 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-03-07 00:50 - 2013-09-29 10:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 20:53 - 2014-03-06 20:52 - 04745728 _____ (AVAST Software) C:\Users\Anton\Downloads\aswMBR.exe
2014-03-06 20:52 - 2014-03-06 20:52 - 00688992 ____R (Swearware) C:\Users\Anton\Downloads\dds.scr
2014-03-06 13:51 - 2014-03-06 13:51 - 00007454 _____ () C:\Users\Anton\Desktop\more proof of payment.txt
2014-03-06 13:49 - 2014-03-06 13:49 - 00003538 _____ () C:\Users\Anton\Desktop\Paypal proof.txt
2014-03-06 09:20 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 09:20 - 2009-07-13 22:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 09:17 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 09:12 - 2014-03-06 09:12 - 836371410 _____ () C:\Windows\MEMORY.DMP
2014-03-06 09:12 - 2014-03-06 09:12 - 00291616 _____ () C:\Windows\Minidump\030614-72218-01.dmp
2014-03-06 09:12 - 2014-03-06 09:12 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 09:12 - 2013-10-04 01:30 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 09:12 - 2013-09-29 11:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-06 09:12 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 08:58 - 2013-12-19 07:59 - 00000208 _____ () C:\Users\Anton\AppData\Roaming\WB.CFG
2014-03-05 22:08 - 2014-03-05 22:08 - 00108056 _____ () C:\Users\Anton\Downloads\Installer.exe
2014-03-05 22:05 - 2014-03-05 22:05 - 00004578 _____ () C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
2014-03-05 22:05 - 2014-03-05 22:05 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
2014-03-05 22:04 - 2014-03-05 22:04 - 24677393 _____ () C:\Users\Anton\Downloads\vlc2.1.3win32.exe
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Users\Anton\AppData\Local\SearchProtect
2014-03-05 22:04 - 2014-03-05 22:04 - 00000000 ____D () C:\Program Files (x86)\SearchProtect1639792578
2014-03-05 22:03 - 2014-03-05 22:03 - 00607192 _____ () C:\Users\Anton\Downloads\vlc media player setup.exe
2014-03-05 22:03 - 2014-03-05 22:03 - 00058016 _____ () C:\Users\Anton\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 18:44 - 2014-03-05 18:44 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 18:44 - 2014-03-05 18:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 18:44 - 2014-03-05 16:27 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 18:43 - 2014-03-05 18:42 - 34829472 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetupFull.exe
2014-03-05 17:21 - 2013-11-07 08:50 - 00000024 _____ () C:\Users\Anton\random.dat
2014-03-05 16:28 - 2014-03-05 16:28 - 00000000 ____D () C:\Users\Anton\AppData\Local\Skype
2014-03-05 16:26 - 2014-03-05 16:26 - 01678496 _____ (Skype Technologies S.A.) C:\Users\Anton\Downloads\SkypeSetup.exe
2014-03-05 15:55 - 2013-11-07 08:50 - 00000044 _____ () C:\Users\Anton\jagex_cl_runescape_LIVE.dat
2014-03-04 16:06 - 2014-03-04 16:05 - 00321680 _____ (Right Soft) C:\Users\Anton\Downloads\the.big.bang.theory.601.hdtv-lol.mp4.exe
2014-03-04 09:08 - 2013-09-29 10:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 09:04 - 2014-03-04 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-02 21:26 - 2013-12-23 14:39 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\TS3Client
2014-03-02 21:26 - 2013-10-06 09:41 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Azureus
2014-03-02 21:24 - 2013-09-29 12:06 - 00000000 ____D () C:\Windows\Panther
2014-03-01 17:01 - 2014-03-01 17:01 - 00016100 _____ () C:\Users\Anton\Downloads\D51E9D07C4BE063D28385346CA484416D504F56F.torrent
2014-03-01 02:04 - 2013-10-06 14:42 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\vlc
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1.torrent
2014-02-28 20:42 - 2014-02-28 20:42 - 00015284 _____ () C:\Users\Anton\Downloads\158CEBE2E6C9FA4D8E12CB29DB9196EF67F8E5D1 (1).torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE.torrent
2014-02-28 20:38 - 2014-02-28 20:38 - 00095532 _____ () C:\Users\Anton\Downloads\3E7F80279F341AD94C0D7FA8BF0D8CFD1E56F6FE (1).torrent
2014-02-26 08:57 - 2014-02-26 08:57 - 00000000 ____D () C:\Windows\Sun
2014-02-22 00:44 - 2013-09-30 19:36 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-20 22:07 - 2013-11-15 21:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:07 - 2013-11-15 21:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:07 - 2013-11-15 21:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-17 17:15 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Roaming\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 17:14 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Users\Anton\AppData\Local\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 17:13 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 17:12 - 2014-02-17 17:10 - 148896080 _____ (Apple Inc.) C:\Users\Anton\Downloads\iTunes64Setup.exe
2014-02-17 03:01 - 2013-10-12 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 03:00 - 2013-10-12 16:50 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 19:10 - 2014-02-16 19:10 - 00055031 _____ () C:\Users\Anton\Downloads\Enders.Game.2013.BDRip.X264-SPARKS.torrent
2014-02-14 12:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-14 00:14 - 2013-09-29 10:26 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 00:14 - 2013-09-29 10:26 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 00:13 - 2013-09-30 11:38 - 00003232 _____ () C:\Windows\System32\Tasks\UpdaterEX
2014-02-13 03:02 - 2013-09-29 11:51 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E.torrent
2014-02-12 22:16 - 2014-02-12 22:16 - 00001929 _____ () C:\Users\Anton\Downloads\FD4B6C82328DFFB707D2CBD30818AD05C377F83E (1).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008).torrent
2014-02-08 20:35 - 2014-02-08 20:35 - 00008811 _____ () C:\Users\Anton\Downloads\Punisher.War.Zone.(2008) (1).torrent
2014-02-08 10:40 - 2014-02-08 10:40 - 00008801 _____ () C:\Users\Anton\Downloads\420FFA5CB90241D398A75FA6AB314B4D7B7E1EAC.torrent
2014-02-08 10:37 - 2014-02-08 10:37 - 00017492 _____ () C:\Users\Anton\Downloads\6393195B9986C748E4F8E7CCB4F10C72F6CE7BBC.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897.torrent
2014-02-08 09:17 - 2014-02-08 09:17 - 00057807 _____ () C:\Users\Anton\Downloads\FFB09AFEFDB29CFF7188D9697E8CCC3698089897 (1).torrent
2014-02-06 16:33 - 2014-02-06 16:33 - 00233752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-02-06 16:33 - 2014-02-06 16:33 - 00129304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-02-06 06:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\Users\Anton\jagex_cl_runescape_LIVE.dat
C:\Users\Anton\jagex_cl_runescape_LIVE1.dat
C:\Users\Anton\random.dat

Some content of TEMP:
====================
C:\Users\Anton\AppData\Local\Temp\1393859675_the_wedownload_manager.exe
C:\Users\Anton\AppData\Local\Temp\nsa3432.exe
C:\Users\Anton\AppData\Local\Temp\nsd2FBC.exe
C:\Users\Anton\AppData\Local\Temp\nsh2C7F.exe
C:\Users\Anton\AppData\Local\Temp\nsiF05C.exe
C:\Users\Anton\AppData\Local\Temp\nsmED6D.exe
C:\Users\Anton\AppData\Local\Temp\nsvEA4F.exe
C:\Users\Anton\AppData\Local\Temp\sp_downloader.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-01 10:15

==================== End Of Log ============================

**OCD** · 2014-03-07, 16:40

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014
Ran by Anton at 2014-03-07 08:24:34
Running from C:\Users\Anton\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4516 - AVG Technologies)
AVG 2014 (Version: 14.0.3849 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4516 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 en-US)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum3) (Version: 3 - Friends in War)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.2.13 - weDownload) <==== ATTENTION
UpdaterEX (HKCU\...\UpdaterEX) (Version: - UpdaterEX)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)

==================== Restore Points =========================

13-02-2014 09:00:28 Windows Update
17-02-2014 09:00:29 Windows Update
17-02-2014 23:13:49 Installed iTunes
26-02-2014 22:21:23 Scheduled Checkpoint
06-03-2014 00:00:08 Removed Skype™ 6.14

==================== Hosts content: ==========================

2009-07-13 20:34 - 2014-02-17 10:38 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {0518CEC9-7690-4840-88CB-853842522BAC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {10EA055F-4230-4B89-8109-F54159E493AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: {20A9781B-ACEC-4C6C-A723-9385E5B5B4D4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {21B659B3-F542-4A26-8A4C-DEF2A80EC80D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {46E1574A-9508-4DB8-98C8-1126B9CFEC8C} - System32\Tasks\UpdaterEX => C:\Users\Anton\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5F2B032B-CDE6-4F14-B9EA-010D2946521A} - System32\Tasks\The weDownload Manager-codedownloader => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {71C35A47-CE0E-4817-AA81-30BDAA733243} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D3F5ACA-B849-46FC-8A9D-3C59091E1A17} - System32\Tasks\The weDownload Manager-firefoxinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {9314D34B-F1CC-4CAD-A922-EED0001D7559} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {A2728642-4FAF-4534-B4FB-EE60AA418F09} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {BC3D24F1-2B68-4EE5-99EF-2D938BC493F0} - System32\Tasks\The weDownload Manager-chromeinstaller => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe [2014-03-05] (weDownload) <==== ATTENTION
Task: {C3ACA96D-714C-47D3-8C7E-48E8A116C119} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\The weDownload Manager-chromeinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-codedownloader.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job => C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Anton\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-29 11:52 - 2013-12-19 12:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-30 19:15 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-30 19:15 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-30 19:15 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-04 09:08 - 2014-03-01 20:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 09:08 - 2014-03-01 20:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

System errors:
=============
Error: (03/06/2014 01:45:32 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/06/2014 09:13:22 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error:
%%2

Error: (03/06/2014 09:12:36 AM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff880019ddc14, 0xfffff88008b45d50, 0x0000000000000000)C:\Windows\MEMORY.DMP030614-72218-01

Error: (03/06/2014 09:12:20 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:09:40 AM on ‎3/‎6/‎2014 was unexpected.

Error: (03/06/2014 09:03:41 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/05/2014 10:48:07 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:48:02 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:47:54 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:47:49 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/05/2014 10:47:38 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7812

Error: (03/07/2014 01:24:07 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5859

Error: (03/07/2014 01:24:05 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3906

Error: (03/07/2014 01:24:03 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2014 01:24:01 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 16375.12 MB
Available physical RAM: 13586.98 MB
Total Pagefile: 32748.41 MB
Available Pagefile: 29343.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:65.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1862.89 GB) (Free:1829.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1FC31FC3)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: D0BB04F3)

Partition: GPT Partition Type.

==================== End Of Log ============================

Thread: i dont know whats wrong

Thread Tools

Display

Hybrid View

i dont know whats wrong

Posting Permissions