Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Danger of idp trojan e13f31c


  • Please log in to reply
26 replies to this topic

#1 draculamolecula

draculamolecula

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 18 February 2014 - 10:48 AM

Hey guys, Much respect for what you are doing,you've helped me once ,was some time ago,since then I was very careful about computer. But today I downloaded what seems to be Trojan,and a nasty one idp trojan e13f31c , my notebook is very slow now,atleast AVG antivirus reduced the effects of infection-the 100% cpu usage,so I can use my computer at all. It deleted the files,the downloaded file and rundll32.exe. But,after a while it popped up right back again and so 100% cpu :( Please help people

Here is my DDS scan result:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by John Doe at 17:28:21 on 2014-02-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.371.1033.18.2989.489 [GMT 2:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EslWire\service\WireHelperSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\EslWire\wire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\AsScrPro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [uTorrent] "C:\Users\John Doe\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [AdobeBridge] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &??????? ? Microsoft Excel - <no file>
TCP: NameServer = 192.168.1.1 213.110.77.2 213.110.93.2
TCP: Interfaces\{BF0C21F1-77B5-4E75-9567-F45F6797E5B9} : DHCPNameServer = 192.168.1.1 213.110.77.2 213.110.93.2
TCP: Interfaces\{C94AD3D4-589E-4FF9-BDC2-CD539C63CFD0} : DHCPNameServer = 84.245.224.84 84.245.224.82
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Doe\AppData\Roaming\Mozilla\Firefox\Profiles\tpu79qvq.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-02-18 13:55:25    --------    d-----w-    C:\Users\John Doe\AppData\Roaming\AVG2014
2014-02-18 13:54:12    --------    d-----w-    C:\Users\John Doe\AppData\Local\AVG Nation toolbar
2014-02-18 13:53:52    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-02-18 13:53:45    --------    d-----w-    C:\ProgramData\AVG Nation toolbar
2014-02-18 13:53:44    --------    d-----w-    C:\Program Files (x86)\Common Files\AVG Secure Search
2014-02-18 13:53:43    --------    d-----w-    C:\Program Files (x86)\AVG Nation toolbar
2014-02-18 13:52:38    --------    d--h--w-    C:\$AVG
2014-02-18 13:52:37    --------    d-----w-    C:\ProgramData\AVG2014
2014-02-18 13:51:41    --------    d-----w-    C:\Program Files (x86)\AVG
2014-02-18 13:41:59    --------    d-----w-    C:\Users\John Doe\AppData\Local\Avg2014
2014-02-18 13:38:47    --------    d-----w-    C:\Users\John Doe\AppData\Local\MFAData
2014-02-18 13:38:47    --------    d-----w-    C:\Users\John Doe\AppData\Local\Avg2013
2014-02-18 13:38:47    --------    d-----w-    C:\ProgramData\MFAData
2014-02-18 12:53:24    --------    d-----w-    C:\Users\John Doe\AppData\Roaming\Ultra Fractal 5
2014-02-18 12:53:24    --------    d-----w-    C:\Program Files (x86)\Ultra Fractal 5
2014-02-16 11:50:56    --------    d-----w-    C:\Users\John Doe\AppData\Local\ESL Wire Game Client
2014-02-16 11:50:51    --------    d-----w-    C:\ProgramData\ESL Wire
2014-02-16 11:50:51    --------    d-----w-    C:\Program Files\EslWire
2014-02-12 21:03:12    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-12 21:03:11    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-12 10:35:32    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-11 20:12:09    --------    d-----w-    C:\Users\John Doe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-11 20:10:31    --------    d-----w-    C:\Users\John Doe\AppData\Local\Adobe Tool
2014-02-11 19:57:44    --------    d-----w-    C:\ProgramData\ALM
2014-02-11 11:47:32    --------    d-----w-    C:\Users\John Doe\AppData\Local\VS Revo Group
2014-02-11 11:47:28    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-02-11 11:47:27    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-02-11 11:47:25    --------    d-----w-    C:\Program Files\VS Revo Group
2014-02-11 11:47:14    --------    d-----w-    C:\Users\John Doe\AppData\Local\Programs
2014-02-06 19:06:22    --------    d-----w-    C:\Users\John Doe\AppData\Local\Diagnostics
2014-01-30 18:09:50    --------    d-----w-    C:\Users\John Doe\AppData\Roaming\TS3Client
2014-01-29 13:59:41    --------    d-----w-    C:\Users\John Doe\AppData\Local\PTC
2014-01-29 13:14:22    --------    d-----w-    C:\ProgramData\PTC
2014-01-29 13:13:09    24416    ----a-r-    C:\Windows\System32\AdobePDFUI.dll
2014-01-29 13:03:28    --------    d-----w-    C:\Program Files (x86)\PTC
2014-01-29 13:03:27    --------    d-----w-    C:\Program Files\PTC
2014-01-26 09:03:18    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 09:03:18    --------    d-----w-    C:\Program Files\iPod
2014-01-26 09:03:17    --------    d-----w-    C:\Program Files\iTunes
2014-01-26 09:03:17    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-01-24 21:19:48    --------    d-----w-    C:\Program Files (x86)\Overwolf
2014-01-24 21:19:10    --------    d-----w-    C:\Users\John Doe\AppData\Local\Overwolf
2014-01-24 21:18:09    --------    d-----w-    C:\Program Files (x86)\TeamSpeak 3 Client
2014-01-21 13:16:18    --------    d-----w-    C:\Users\John Doe\AppData\Roaming\Mobipocket
2014-01-21 13:16:10    --------    d-----w-    C:\Program Files (x86)\Mobipocket.com
2014-01-21 13:05:24    --------    d-----w-    C:\ProgramData\Protexis64
2014-01-21 13:01:54    --------    d-----w-    C:\Program Files (x86)\Common Files\Intel
2014-01-21 13:00:30    --------    d-----w-    C:\Program Files\Common Files\Protexis
2014-01-21 13:00:27    --------    d-----w-    C:\ProgramData\Corel
2014-01-21 12:48:46    --------    d-----w-    C:\ProgramData\CorelDRAW Technical Suite X6
.
==================== Find3M  ====================
.
2014-02-18 12:33:05    281152    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2014-02-18 12:33:05    281152    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-02-17 14:26:26    281152    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-04 19:52:22    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 19:52:22    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-06 17:02:59    8192    ----a-w-    C:\Windows\SysWow64\srvany.exe
2014-01-06 16:55:26    231960    ----a-w-    C:\Windows\RegBootClean64.exe
2014-01-06 16:40:31    21528    ----a-w-    C:\Windows\DCEBoot64.exe
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-12 12:33:10    49    ----a-w-    C:\Users\John Doe\AppData\Roaming\sp_data.sys
2013-12-11 17:45:05    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-12-11 17:44:37    840264    ----a-w-    C:\Windows\SysWow64\pbsvc.exe
2013-12-11 10:37:55    520192    ----a-w-    C:\Windows\SysWow64\K_Series_ScreenSaver_EN.scr
2013-12-11 10:37:45    3054136    ----a-w-    C:\Windows\AsScrPro.exe
2013-12-11 10:36:28    35384    ----a-w-    C:\Windows\System32\drivers\AsDsm.sys
2013-12-11 10:29:10    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-11-25 19:47:22    196376    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-11-25 19:47:20    243480    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-25 19:47:20    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
.
============= FINISH: 17:37:49,73 ===============

 



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 21 February 2014 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 draculamolecula

draculamolecula
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 23 February 2014 - 07:10 AM

Hey Nasdaq,great to see you here. Recently I scanned my notebook,and AVG antivirus did not find anything,but still browsing is really slow,I have fast internet and it took 5 minutes to download Adwcleaner,plus videos on youtube are unreal to watch. Oh yes when the computer is shutting down it blinks with message saying that Task host is executing background programs,im unable to tell what those are,but it is really strange,never happened,so i think this virus has adopted to my AVG security.Regards.

AdwCleaner R0:
# AdwCleaner v3.019 - Report created 23/02/2014 at 13:15:16
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : John Doe - ROBO
# Running from : C:\Users\John Doe\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\Components\AskHPRFF.js
File Found : C:\Program Files (x86)\Mozilla Firefox\Components\AskSearch.js
Folder Found : C:\Users\John Doe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\AVG Nation toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\ProgramData\AVG Nation toolbar
Folder Found C:\Users\John Doe\AppData\Local\AVG Nation toolbar
Folder Found C:\Users\John Doe\AppData\LocalLow\AVG Nation toolbar
Folder Found C:\Users\John Doe\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Nation toolbar
Key Found : [x64] HKCU\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (lv)

[ File : C:\Users\John Doe\AppData\Roaming\Mozilla\Firefox\Profiles\tpu79qvq.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\John Doe\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4947 octets] - [23/02/2014 13:15:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5007 octets] ##########

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by John Doe on 2014.02.23. at 13:29:16,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\John Doe\AppData\Roaming\mozilla\firefox\profiles\tpu79qvq.default\minidumps [138 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014.02.23. at 13:44:23,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by John Doe (administrator) on ROBO on 23-02-2014 13:58:13
Running from C:\Users\John Doe\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [13351304 2010-09-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [uTorrent] - C:\Users\John Doe\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-01-23] (BitTorrent Inc.)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [ESL Wire] - C:\Program Files\EslWire\wire.exe [4253696 2013-12-09] (Turtle Entertainment GmbH)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\MountPoints2: G - G:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA7CE6AC5FF6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lv
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 84.245.224.84 84.245.224.82

FireFox:
========
FF ProfilePath: C:\Users\John Doe\AppData\Roaming\Mozilla\Firefox\Profiles\tpu79qvq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dict-enlv.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\salidzinilv.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sslv.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]

Chrome:
=======
CHR HomePage: hxxp://avg.nation.com/avgtbavg/search/home?cid={16DDDE1E-C7FE-4195-A512-9EF1E2E75D01}&mid=1861a376546947d39a926de78334b64b-be9abacd2b0d8fb17fa5dd2bb9608f781b54a8ba&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2014-02-18 15:53:57&v=17.0.0.12&pid=nation&sg=&sap=hp
CHR DefaultSearchKeyword: avg.nation.com
CHR DefaultSearchProvider: AVG Nation Search
CHR DefaultSearchURL: http://avg.nation.com/avgtbavg/search/web?cid={16DDDE1E-C7FE-4195-A512-9EF1E2E75D01}&mid=1861a376546947d39a926de78334b64b-be9abacd2b0d8fb17fa5dd2bb9608f781b54a8ba&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2014-02-18 15:53:57&v=17.0.0.12&pid=nation&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: https://avg.nation.com/chroment?espv=2&cid={FB437AC5-A04C-44A0-9A95-78A444223A7A}&mid=47ad457d35f547d18d0c3120d333f7f2-d26972f2474d96f629251e8ef57ec76cce5ba971&lang=en&ds=gh011&coid=avgtbdisgh&pr=sa&d=2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg=
CHR Extension: (AVG Nation Toolbar) - C:\Users\John Doe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-02-19]
CHR Extension: (Google Wallet) - C:\Users\John Doe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-06-11] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-11] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-02-18] (AVG Technologies)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U2 TMAgent;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-23 13:58 - 2014-02-23 13:58 - 00013959 _____ () C:\Users\John Doe\Desktop\FRST.txt
2014-02-23 13:57 - 2014-02-23 13:58 - 00000000 ____D () C:\FRST
2014-02-23 13:57 - 2014-02-23 13:57 - 02154496 _____ (Farbar) C:\Users\John Doe\Desktop\FRST64.exe
2014-02-23 13:44 - 2014-02-23 13:44 - 00000762 _____ () C:\Users\John Doe\Desktop\JRT.txt
2014-02-23 13:29 - 2014-02-23 13:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-23 13:28 - 2014-02-23 13:28 - 01037734 _____ (Thisisu) C:\Users\John Doe\Desktop\JRT.exe
2014-02-23 13:15 - 2014-02-23 13:23 - 00000000 ____D () C:\AdwCleaner
2014-02-23 13:13 - 2014-02-23 13:14 - 01241834 _____ () C:\Users\John Doe\Desktop\adwcleaner.exe
2014-02-22 23:45 - 2014-02-18 21:18 - 00000000 ____D () C:\Users\John Doe\Desktop\The_Noisy_Freaks-Straight_Life-(TR009)-2014
2014-02-21 13:41 - 2014-02-21 16:52 - 00000000 ____D () C:\Users\John Doe\Downloads\8MM (Score)
2014-02-21 13:40 - 2014-02-21 13:58 - 00000000 ____D () C:\Users\John Doe\Downloads\2004 - Collateral - soundtrack
2014-02-19 17:08 - 2014-02-22 16:20 - 00000000 ____D () C:\Program Files (x86)\Ultra Fractal 5
2014-02-18 17:38 - 2014-02-18 17:38 - 00007576 _____ () C:\Users\John Doe\Desktop\attach.txt
2014-02-18 17:38 - 2014-02-18 17:37 - 00018776 _____ () C:\Users\John Doe\Desktop\dds.txt
2014-02-18 17:27 - 2014-02-18 17:27 - 00688992 ____R (Swearware) C:\Users\John Doe\Downloads\dds.com
2014-02-18 15:55 - 2014-02-18 15:55 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\AVG2014
2014-02-18 15:54 - 2014-02-18 15:54 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-18 15:53 - 2014-02-18 15:53 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-18 15:52 - 2014-02-18 15:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-18 15:52 - 2014-02-18 15:52 - 00000000 ___HD () C:\$AVG
2014-02-18 15:51 - 2014-02-18 15:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-18 15:41 - 2014-02-18 16:06 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2014
2014-02-18 15:38 - 2014-02-23 12:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\MFAData
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2013
2014-02-18 15:26 - 2014-02-18 15:27 - 00000000 ____D () C:\Users\John Doe\Downloads\AVG 2013 Final
2014-02-18 15:16 - 2014-02-18 15:16 - 00000000 ____D () C:\Users\John Doe\Downloads\Ultra Fractal 5.01 Animation Edition
2014-02-18 15:13 - 2014-02-18 23:12 - 2748546861 ____R () C:\Users\John Doe\Downloads\Bluscenes.The.Fractal.Plane.2011.1080p.mkv
2014-02-18 14:53 - 2014-02-19 17:11 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Ultra Fractal 5
2014-02-18 14:53 - 2014-02-18 14:53 - 00000000 ____D () C:\Users\John Doe\Desktop\Ultra Fractal v5.02 - Animation Edition
2014-02-16 13:50 - 2014-02-23 13:21 - 00000000 ____D () C:\Users\John Doe\AppData\Local\ESL Wire Game Client
2014-02-16 13:50 - 2014-02-16 13:50 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files\EslWire
2014-02-15 18:16 - 2014-02-15 18:20 - 00000000 ____D () C:\Users\John Doe\Downloads\Perekrestok.Millera.1990.TRIPLE.HDTVRip.XviD.AC3.-Ermac
2014-02-14 12:49 - 2014-02-14 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 23:25 - 2014-02-13 23:42 - 00000000 ____D () C:\Users\John Doe\Downloads\7.Boxes.2012.SUBBED.HDRip.XviD.MP3-RARBG
2014-02-13 13:47 - 2014-02-13 13:50 - 162140916 _____ () C:\Users\John Doe\Desktop\Karl Denson's Tiny Universe - New Ammo (2014) (320).rar
2014-02-13 12:27 - 2014-02-17 16:10 - 00000000 ____D () C:\Users\John Doe\Desktop\Oddisee-Tangible_Dream-2013-FrB
2014-02-12 23:03 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 23:03 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 23:02 - 2014-02-06 14:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 23:02 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 23:02 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 23:02 - 2014-02-06 13:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 23:02 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 23:02 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 23:02 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 23:02 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 23:02 - 2014-02-06 12:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 23:02 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 23:02 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 23:02 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 23:02 - 2014-02-06 12:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 23:02 - 2014-02-06 12:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 23:02 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 23:02 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 23:02 - 2014-02-06 12:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 23:02 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 23:02 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 23:02 - 2014-02-06 11:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 23:02 - 2014-02-06 11:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 23:02 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 23:02 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 23:02 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 23:02 - 2014-02-06 11:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 23:02 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 23:02 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 23:02 - 2014-02-06 11:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 23:02 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 23:02 - 2014-02-06 11:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 23:02 - 2014-02-06 11:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 23:02 - 2014-02-06 11:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 23:02 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 23:02 - 2014-02-06 11:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 23:02 - 2014-02-06 10:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 23:02 - 2014-02-06 10:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 23:02 - 2014-02-06 10:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 23:02 - 2014-02-06 10:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 23:02 - 2014-02-06 10:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:41 - 2014-02-13 15:48 - 00197270 _____ () C:\Users\John Doe\Desktop\IMG1.ai
2014-02-12 12:35 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 12:35 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:35 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:35 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:35 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:35 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:35 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:35 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:35 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:35 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:35 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:35 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:35 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:35 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:35 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:35 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:35 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:35 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:35 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:35 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:35 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:35 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:12 - 2014-02-11 22:12 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-11 22:10 - 2014-02-11 22:11 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Adobe Tool
2014-02-11 22:08 - 2014-02-11 22:08 - 00000000 ____D () C:\Users\John Doe\Downloads\Adobe Tool 3.7
2014-02-11 21:57 - 2014-02-11 21:57 - 00000000 ____D () C:\ProgramData\ALM
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-11 13:47 - 2014-02-11 13:47 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\Users\John Doe\AppData\Local\VS Revo Group
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-11 13:47 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-02-11 13:46 - 2014-02-11 13:46 - 10619688 _____ (VS Revo Group ) C:\Users\John Doe\Downloads\RevoUninProSetup.exe
2014-02-05 15:00 - 2014-02-05 15:00 - 00036844 _____ () C:\Users\John Doe\Desktop\ReadmeServer.txt
2014-02-03 22:30 - 2014-02-03 22:30 - 00006163 _____ () C:\Users\John Doe\AppData\Roaming\ContactSheetII.log
2014-02-03 22:30 - 2014-02-03 22:30 - 00000645 _____ () C:\Users\John Doe\AppData\Roaming\Contact Sheet II.xml
2014-02-03 21:43 - 2014-02-03 21:44 - 158099492 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload
2014-02-03 21:43 - 2014-02-03 21:44 - 00001943 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload.aamd
2014-02-02 19:50 - 2014-02-02 19:51 - 00003168 _____ () C:\Windows\System32\Tasks\{FEA659FF-EC09-4A52-BC17-D44CEA15C8D9}
2014-02-01 20:57 - 2014-02-01 21:00 - 00000000 ____D () C:\Users\John Doe\Downloads\The.Pyramid.Code
2014-02-01 20:57 - 2011-07-18 17:52 - 626923520 _____ () C:\Users\John Doe\Downloads\Athenes_Theory_of_Everything_720x400.avi
2014-02-01 19:49 - 2014-02-01 20:04 - 1460499588 _____ () C:\Users\John Doe\Downloads\Golfklub.1980.XviD.HDRip.avi
2014-01-30 20:09 - 2014-02-22 20:37 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\TS3Client
2014-01-29 15:59 - 2014-01-29 16:02 - 00000000 ____D () C:\Users\John Doe\AppData\Local\PTC
2014-01-29 15:16 - 2014-01-29 15:16 - 00001070 _____ () C:\Users\Public\Desktop\PTC Mathcad Prime 3.0.lnk
2014-01-29 15:14 - 2014-01-29 15:17 - 00000000 ____D () C:\ProgramData\PTC
2014-01-29 15:13 - 2008-04-07 05:38 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2014-01-29 15:08 - 2014-02-12 23:14 - 01611328 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-29 15:03 - 2014-01-29 15:15 - 00000000 ____D () C:\Program Files\PTC
2014-01-29 15:03 - 2014-01-29 15:14 - 00000000 ____D () C:\Program Files (x86)\PTC
2014-01-29 15:02 - 2014-01-29 15:21 - 00015218 _____ () C:\Users\John Doe\Documents\pim_installmgr.log
2014-01-29 14:36 - 2014-01-29 14:36 - 00000000 ____D () C:\Users\John Doe\Downloads\PTC_Mathcad_Prime_3.0_F000_SSQ
2014-01-29 14:30 - 2014-01-29 14:30 - 01903457 _____ () C:\Users\John Doe\Downloads\w104.apk
2014-01-27 17:33 - 2014-01-27 17:33 - 00199728 _____ (DIESoft) C:\Users\John Doe\Desktop\DIEClicker.exe
2014-01-26 20:22 - 2014-01-27 23:55 - 42770325 _____ () C:\Users\John Doe\Desktop\DSCN2171.psd
2014-01-26 17:27 - 2014-02-02 15:34 - 00001456 _____ () C:\Users\John Doe\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-26 11:04 - 2014-01-26 11:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 01:22 - 2014-01-26 01:25 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe PNG Format CC Prefs
2014-01-26 01:14 - 2014-01-26 20:57 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe GIF Format CC Prefs
2014-01-26 01:07 - 2014-01-26 01:19 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe BMP Format CC Prefs
2014-01-24 23:19 - 2014-01-24 23:39 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-01-24 23:19 - 2014-01-24 23:20 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Overwolf
2014-01-24 23:18 - 2014-01-24 23:18 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-01-24 23:18 - 2014-01-24 23:18 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-01-24 23:17 - 2014-01-24 23:17 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\John Doe\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe

==================== One Month Modified Files and Folders =======

2014-02-23 13:58 - 2014-02-23 13:58 - 00013959 _____ () C:\Users\John Doe\Desktop\FRST.txt
2014-02-23 13:58 - 2014-02-23 13:57 - 00000000 ____D () C:\FRST
2014-02-23 13:57 - 2014-02-23 13:57 - 02154496 _____ (Farbar) C:\Users\John Doe\Desktop\FRST64.exe
2014-02-23 13:56 - 2013-12-11 13:33 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 13:52 - 2013-12-11 13:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 13:47 - 2013-12-11 11:27 - 01464587 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 13:44 - 2014-02-23 13:44 - 00000762 _____ () C:\Users\John Doe\Desktop\JRT.txt
2014-02-23 13:29 - 2014-02-23 13:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-23 13:28 - 2014-02-23 13:28 - 01037734 _____ (Thisisu) C:\Users\John Doe\Desktop\JRT.exe
2014-02-23 13:27 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 13:27 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 13:23 - 2014-02-23 13:15 - 00000000 ____D () C:\AdwCleaner
2014-02-23 13:22 - 2013-12-11 12:38 - 00000870 _____ () C:\dpi.txt
2014-02-23 13:21 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\John Doe\AppData\Local\ESL Wire Game Client
2014-02-23 13:21 - 2013-12-11 13:48 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\uTorrent
2014-02-23 13:21 - 2013-12-11 13:01 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Skype
2014-02-23 13:20 - 2013-12-11 12:30 - 00000000 ____D () C:\Program Files\P4G
2014-02-23 13:19 - 2013-12-11 13:33 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 13:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 13:18 - 2009-07-14 06:51 - 00069549 _____ () C:\Windows\setupact.log
2014-02-23 13:14 - 2014-02-23 13:13 - 01241834 _____ () C:\Users\John Doe\Desktop\adwcleaner.exe
2014-02-23 12:45 - 2013-12-11 13:33 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\skypePM
2014-02-23 12:25 - 2014-02-18 15:38 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-23 11:49 - 2013-12-11 20:57 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\vlc
2014-02-22 20:37 - 2014-01-30 20:09 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\TS3Client
2014-02-22 20:37 - 2013-12-12 10:52 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-02-22 20:37 - 2013-12-11 19:45 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-22 19:16 - 2013-12-11 19:45 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-22 18:42 - 2014-02-22 17:15 - 461657167 ____R () C:\Users\John Doe\Downloads\cocked_callie_big.mp4
2014-02-22 16:20 - 2014-02-19 17:08 - 00000000 ____D () C:\Program Files (x86)\Ultra Fractal 5
2014-02-22 03:03 - 2013-12-11 13:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 16:52 - 2014-02-21 13:41 - 00000000 ____D () C:\Users\John Doe\Downloads\8MM (Score)
2014-02-21 13:58 - 2014-02-21 13:40 - 00000000 ____D () C:\Users\John Doe\Downloads\2004 - Collateral - soundtrack
2014-02-20 22:52 - 2013-12-11 13:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:52 - 2013-12-11 13:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:52 - 2013-12-11 13:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 21:01 - 2013-12-11 12:31 - 00001290 _____ () C:\Windows\system32\ServiceFilter.ini
2014-02-19 13:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:12 - 2014-02-18 15:13 - 2748546861 ____R () C:\Users\John Doe\Downloads\Bluscenes.The.Fractal.Plane.2011.1080p.mkv
2014-02-18 22:15 - 2013-12-11 12:31 - 00001770 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-02-18 21:18 - 2014-02-22 23:45 - 00000000 ____D () C:\Users\John Doe\Desktop\The_Noisy_Freaks-Straight_Life-(TR009)-2014
2014-02-18 17:38 - 2014-02-18 17:38 - 00007576 _____ () C:\Users\John Doe\Desktop\attach.txt
2014-02-18 17:37 - 2014-02-18 17:38 - 00018776 _____ () C:\Users\John Doe\Desktop\dds.txt
2014-02-18 17:36 - 2013-12-11 16:51 - 00000000 ____D () C:\Users\John Doe\Downloads\vv7lxe
2014-02-18 17:27 - 2014-02-18 17:27 - 00688992 ____R (Swearware) C:\Users\John Doe\Downloads\dds.com
2014-02-18 16:06 - 2014-02-18 15:41 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2014
2014-02-18 15:57 - 2014-02-18 15:52 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-18 15:55 - 2014-02-18 15:55 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\AVG2014
2014-02-18 15:54 - 2014-02-18 15:54 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-18 15:54 - 2013-12-11 13:53 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\TuneUp Software
2014-02-18 15:53 - 2014-02-18 15:53 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-18 15:52 - 2014-02-18 15:52 - 00000000 ___HD () C:\$AVG
2014-02-18 15:51 - 2014-02-18 15:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\MFAData
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2013
2014-02-18 15:27 - 2014-02-18 15:26 - 00000000 ____D () C:\Users\John Doe\Downloads\AVG 2013 Final
2014-02-17 23:51 - 2013-12-11 13:33 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 23:51 - 2013-12-11 13:33 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 17:08 - 2013-12-11 18:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 17:06 - 2013-12-11 18:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 16:45 - 2013-12-11 19:25 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-17 16:10 - 2014-02-13 12:27 - 00000000 ____D () C:\Users\John Doe\Desktop\Oddisee-Tangible_Dream-2013-FrB
2014-02-16 13:50 - 2014-02-16 13:50 - 00000779 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files\EslWire
2014-02-15 18:23 - 2014-02-15 18:20 - 1561948160 _____ () C:\Users\John Doe\Downloads\Ohotniki.Za.Golovami.2011.PROPER.DUB.HDRip.XviD.AC3.-Vaippp.avi
2014-02-15 18:20 - 2014-02-15 18:16 - 00000000 ____D () C:\Users\John Doe\Downloads\Perekrestok.Millera.1990.TRIPLE.HDTVRip.XviD.AC3.-Ermac
2014-02-14 15:27 - 2013-12-11 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 12:49 - 2014-02-14 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 23:42 - 2014-02-13 23:25 - 00000000 ____D () C:\Users\John Doe\Downloads\7.Boxes.2012.SUBBED.HDRip.XviD.MP3-RARBG
2014-02-13 15:48 - 2014-02-12 15:41 - 00197270 _____ () C:\Users\John Doe\Desktop\IMG1.ai
2014-02-13 15:38 - 2014-01-19 19:44 - 00000000 ____D () C:\Users\John Doe\Desktop\desktop2
2014-02-13 13:50 - 2014-02-13 13:47 - 162140916 _____ () C:\Users\John Doe\Desktop\Karl Denson's Tiny Universe - New Ammo (2014) (320).rar
2014-02-12 23:14 - 2014-01-29 15:08 - 01611328 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 23:14 - 2014-01-09 12:03 - 00714144 _____ () C:\Windows\system32\perfh019.dat
2014-02-12 23:14 - 2014-01-09 12:03 - 00149186 _____ () C:\Windows\system32\perfc019.dat
2014-02-12 23:14 - 2009-07-14 07:13 - 01611328 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 22:53 - 2009-07-14 06:45 - 05131672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 22:12 - 2014-02-11 22:12 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-11 22:12 - 2013-12-11 12:39 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Adobe
2014-02-11 22:12 - 2013-12-11 12:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-11 22:11 - 2014-02-11 22:10 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Adobe Tool
2014-02-11 22:11 - 2013-12-11 12:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Adobe
2014-02-11 22:11 - 2013-12-11 12:16 - 00110000 _____ () C:\Users\John Doe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 22:08 - 2014-02-11 22:08 - 00000000 ____D () C:\Users\John Doe\Downloads\Adobe Tool 3.7
2014-02-11 21:58 - 2013-12-27 17:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-11 21:57 - 2014-02-11 21:57 - 00000000 ____D () C:\ProgramData\ALM
2014-02-11 21:57 - 2013-12-27 17:54 - 00000000 ____D () C:\Program Files\Adobe
2014-02-11 21:57 - 2013-12-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-11 21:56 - 2013-12-11 12:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-11 21:54 - 2013-12-27 17:45 - 00001522 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-02-11 13:52 - 2013-12-11 12:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-11 13:47 - 2014-02-11 13:47 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\Users\John Doe\AppData\Local\VS Revo Group
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-11 13:46 - 2014-02-11 13:46 - 10619688 _____ (VS Revo Group ) C:\Users\John Doe\Downloads\RevoUninProSetup.exe
2014-02-06 21:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-06 14:16 - 2014-02-12 23:02 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 13:30 - 2014-02-12 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 13:30 - 2014-02-12 23:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 13:12 - 2014-02-12 23:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 13:07 - 2014-02-12 23:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 13:06 - 2014-02-12 23:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 12:57 - 2014-02-12 23:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 12:56 - 2014-02-12 23:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 12:52 - 2014-02-12 23:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 12:49 - 2014-02-12 23:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 12:48 - 2014-02-12 23:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 12:48 - 2014-02-12 23:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 12:38 - 2014-02-12 23:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 12:32 - 2014-02-12 23:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 12:20 - 2014-02-12 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 12:17 - 2014-02-12 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 12:11 - 2014-02-12 23:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 12:01 - 2014-02-12 23:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 12:00 - 2014-02-12 23:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 23:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 11:57 - 2014-02-12 23:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 11:52 - 2014-02-12 23:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 11:52 - 2014-02-12 23:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 11:50 - 2014-02-12 23:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 11:49 - 2014-02-12 23:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 11:47 - 2014-02-12 23:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 11:46 - 2014-02-12 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 11:25 - 2014-02-12 23:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 11:25 - 2014-02-12 23:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 11:24 - 2014-02-12 23:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 11:22 - 2014-02-12 23:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 11:13 - 2014-02-12 23:02 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 11:09 - 2014-02-12 23:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 11:03 - 2014-02-12 23:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 10:55 - 2014-02-12 23:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 10:41 - 2014-02-12 23:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 10:40 - 2014-02-12 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 10:36 - 2014-02-12 23:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 10:34 - 2014-02-12 23:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 15:00 - 2014-02-05 15:00 - 00036844 _____ () C:\Users\John Doe\Desktop\ReadmeServer.txt
2014-02-03 22:30 - 2014-02-03 22:30 - 00006163 _____ () C:\Users\John Doe\AppData\Roaming\ContactSheetII.log
2014-02-03 22:30 - 2014-02-03 22:30 - 00000645 _____ () C:\Users\John Doe\AppData\Roaming\Contact Sheet II.xml
2014-02-03 21:44 - 2014-02-03 21:43 - 158099492 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload
2014-02-03 21:44 - 2014-02-03 21:43 - 00001943 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload.aamd
2014-02-02 21:54 - 2013-12-12 10:45 - 00000000 ____D () C:\Users\John Doe\Documents\Battlefield 2
2014-02-02 19:51 - 2014-02-02 19:50 - 00003168 _____ () C:\Windows\System32\Tasks\{FEA659FF-EC09-4A52-BC17-D44CEA15C8D9}
2014-02-02 15:34 - 2014-01-26 17:27 - 00001456 _____ () C:\Users\John Doe\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-02-02 12:52 - 2014-01-04 19:26 - 00112640 ___SH () C:\Users\John Doe\Thumbs.db
2014-02-02 12:52 - 2013-12-11 11:45 - 00000000 ____D () C:\Users\John Doe
2014-02-01 21:00 - 2014-02-01 20:57 - 00000000 ____D () C:\Users\John Doe\Downloads\The.Pyramid.Code
2014-02-01 20:04 - 2014-02-01 19:49 - 1460499588 _____ () C:\Users\John Doe\Downloads\Golfklub.1980.XviD.HDRip.avi
2014-01-30 00:02 - 2009-07-14 07:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 16:02 - 2014-01-29 15:59 - 00000000 ____D () C:\Users\John Doe\AppData\Local\PTC
2014-01-29 16:02 - 2013-12-11 11:46 - 00000000 ____D () C:\Users\John Doe\AppData\Local\VirtualStore
2014-01-29 15:21 - 2014-01-29 15:02 - 00015218 _____ () C:\Users\John Doe\Documents\pim_installmgr.log
2014-01-29 15:17 - 2014-01-29 15:14 - 00000000 ____D () C:\ProgramData\PTC
2014-01-29 15:16 - 2014-01-29 15:16 - 00001070 _____ () C:\Users\Public\Desktop\PTC Mathcad Prime 3.0.lnk
2014-01-29 15:15 - 2014-01-29 15:03 - 00000000 ____D () C:\Program Files\PTC
2014-01-29 15:14 - 2014-01-29 15:03 - 00000000 ____D () C:\Program Files (x86)\PTC
2014-01-29 14:36 - 2014-01-29 14:36 - 00000000 ____D () C:\Users\John Doe\Downloads\PTC_Mathcad_Prime_3.0_F000_SSQ
2014-01-29 14:30 - 2014-01-29 14:30 - 01903457 _____ () C:\Users\John Doe\Downloads\w104.apk
2014-01-27 23:55 - 2014-01-26 20:22 - 42770325 _____ () C:\Users\John Doe\Desktop\DSCN2171.psd
2014-01-27 17:33 - 2014-01-27 17:33 - 00199728 _____ (DIESoft) C:\Users\John Doe\Desktop\DIEClicker.exe
2014-01-26 20:57 - 2014-01-26 01:14 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe GIF Format CC Prefs
2014-01-26 11:04 - 2014-01-26 11:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 11:03 - 2014-01-26 11:03 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 10:59 - 2014-01-04 14:24 - 00000000 ____D () C:\ProgramData\Apple
2014-01-26 01:25 - 2014-01-26 01:22 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe PNG Format CC Prefs
2014-01-26 01:19 - 2014-01-26 01:07 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe BMP Format CC Prefs
2014-01-24 23:39 - 2014-01-24 23:19 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-01-24 23:20 - 2014-01-24 23:19 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Overwolf
2014-01-24 23:18 - 2014-01-24 23:18 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-01-24 23:18 - 2014-01-24 23:18 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-01-24 23:17 - 2014-01-24 23:17 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\John Doe\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe

Some content of TEMP:
====================
C:\Users\John Doe\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\John Doe\AppData\Local\Temp\atl80.dll
C:\Users\John Doe\AppData\Local\Temp\DIFxAPI.dll
C:\Users\John Doe\AppData\Local\Temp\EslWireSetup-1.17.3.7769-x64.exe
C:\Users\John Doe\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\John Doe\AppData\Local\Temp\libexpat.dll
C:\Users\John Doe\AppData\Local\Temp\mfc80.dll
C:\Users\John Doe\AppData\Local\Temp\mfc80u.dll
C:\Users\John Doe\AppData\Local\Temp\mfcm80.dll
C:\Users\John Doe\AppData\Local\Temp\mfcm80u.dll
C:\Users\John Doe\AppData\Local\Temp\msvcm80.dll
C:\Users\John Doe\AppData\Local\Temp\msvcp80.dll
C:\Users\John Doe\AppData\Local\Temp\msvcr80.dll
C:\Users\John Doe\AppData\Local\Temp\nlsdl.dll
C:\Users\John Doe\AppData\Local\Temp\nsc5968.tmp.exe
C:\Users\John Doe\AppData\Local\Temp\oi_{0319D87D-4676-48C2-B13C-7C975C342B73}.exe
C:\Users\John Doe\AppData\Local\Temp\safeguard.exe
C:\Users\John Doe\AppData\Local\Temp\tmdbg64.dll
C:\Users\John Doe\AppData\Local\Temp\vcredist_x64.exe
C:\Users\John Doe\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\John Doe\AppData\Local\Temp\_isD557.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 13:30

==================== End Of Log ============================
 

Attached Files


Edited by draculamolecula, 23 February 2014 - 07:12 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 23 February 2014 - 10:18 AM

Your log from the AdwCleaner shows # Option : Scan
Did you clean the system before running the Farbar Tool?
If not please do.
Then restart the computer normally.
===
 

Waiting for Task Host Windows in Windows 7 when shutting down


A few suggestions have been submitted in this topic.

http://social.technet.microsoft.com/Forums/windows/en-US/085b13da-6161-4a63-9f78-8dd437c3b37e/waiting-for-task-host-windows-in-windows-7-when-shutting-down?forum=w7itproperf

First try this clean Startup fix which is suggested.
Performing a Clean Startup
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

Follow the instructions on the link.
===

You can try the other suggestions on the first page I gave you.

If all fails then try The download fix.

Before you do I suggest you create a new Restore point in case something goes wrong.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
===

If all fails you can Remove the AVG using their uninstaller

Please download the AVG Remover tools and Save it to your Desktop.
Select the tool that meets your operating system ( 32 or 64 bit) and the version of your AVG version installed.
  • Close all programs and double-click AVG removal tool then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if asked.
  • Then delete AVG Removal tool from your desktop.
Restart the computer normally after the removal.

Keep me posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 01 March 2014 - 09:17 AM

Are you still with me?

#6 draculamolecula

draculamolecula
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 01 March 2014 - 01:49 PM

yeah im here,just lately i have been on something. AdwCleaner was my first program nasdaq. I did everything and clean up too. The proceses at startup and shutting down are suspiciously slow.. I will try clean startup and backup my computer


Edited by draculamolecula, 01 March 2014 - 01:50 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 01 March 2014 - 02:11 PM

Try this before re-installing.

Perform a Clean Startup
Follow the instructions on this page.
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

#8 draculamolecula

draculamolecula
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 03 March 2014 - 06:00 AM

I tried to perform clean startup as you told me,but it didnt seem to help(browsing is still uber slow,plus cant download things on frist try,they just stop,same thing with youtube videos). Although while clean startup my computer didnt have problem to shut down,as it is on regular basis,with task manager closing some proceses after shutting down screen appears. I think my laptop is still corrupt. I cant open Adobe manager,to update the flash palyer(my suspicion why youtube videos are so slow). Well I dont know anymore ,AVG removal tool-why I have to delete my AVG antivirus?..Oh and i dont know if my rundll32 is healed..how to check it? Maybe it is slowing my computer down


Edited by draculamolecula, 03 March 2014 - 07:41 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 03 March 2014 - 09:22 AM

AVG is not the only security software causing slow browsing.
They all do at some point.

I suggest your Remove it as previously requested.
At least we will know that something else is causing this.

#10 draculamolecula

draculamolecula
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 03 March 2014 - 10:08 AM

Removed the AVG antivirus ,but first Ive done a log in safe-mod of AVG scan. Now I try to watch some videos on youtube and again - even low resolution gives little positive change,still video cant load fully,google taking forever,and my opened windows very often gives "not responding" status. Plus very strange thing,I deleted program that was popping up ,and it still does after restart.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 03 March 2014 - 02:00 PM

Run the AdwCleaner tool and when prompted to update please do.

Run the new version and post the log.
===

Run the FRST tool one more time and post a fresh log.
Let me know what program pop-ups when you start the computer

#12 draculamolecula

draculamolecula
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 04 March 2014 - 05:09 AM

AdwCleaner:
# AdwCleaner v3.020 - Report created 04/03/2014 at 11:45:37
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : John Doe - ROBO
# Running from : C:\Users\John Doe\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\John Doe\AppData\Roaming\Mozilla\Firefox\Profiles\tpu79qvq.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\John Doe\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5111 octets] - [23/02/2014 13:15:16]
AdwCleaner[R1].txt - [1144 octets] - [23/02/2014 13:22:31]
AdwCleaner[R2].txt - [1080 octets] - [26/02/2014 22:20:33]
AdwCleaner[R3].txt - [1203 octets] - [04/03/2014 11:41:59]
AdwCleaner[S0].txt - [5236 octets] - [23/02/2014 13:17:19]
AdwCleaner[S1].txt - [1142 octets] - [26/02/2014 22:21:23]
AdwCleaner[S2].txt - [1125 octets] - [04/03/2014 11:45:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1185 octets] ##########

auto-update on FRST tool gives me error box "..is not valid win32 application"
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 04 March 2014 - 08:47 AM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates

  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Can you now run the FRST tool and post a log?

#14 draculamolecula

draculamolecula
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 04 March 2014 - 11:36 AM

FRST tool is working now:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by John Doe (administrator) on ROBO on 04-03-2014 18:21:20
Running from C:\Users\John Doe\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(BitTorrent Inc.) C:\Users\John Doe\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Windows\AsScrPro.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [uTorrent] - C:\Users\John Doe\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-01-23] (BitTorrent Inc.)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [13351304 2010-09-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\MountPoints2: G - G:\SegaClassics.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBA7CE6AC5FF6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lv
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 84.245.224.84 84.245.224.82

FireFox:
========
FF ProfilePath: C:\Users\John Doe\AppData\Roaming\Mozilla\Firefox\Profiles\tpu79qvq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dict-enlv.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\salidzinilv.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sslv.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]

Chrome:
=======
CHR HomePage: hxxp://avg.nation.com/avgtbavg/search/home?cid={16DDDE1E-C7FE-4195-A512-9EF1E2E75D01}&mid=1861a376546947d39a926de78334b64b-be9abacd2b0d8fb17fa5dd2bb9608f781b54a8ba&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2014-02-18 15:53:57&v=17.0.0.12&pid=nation&sg=&sap=hp
CHR DefaultSearchKeyword: avg.nation.com
CHR DefaultSearchProvider: AVG Nation Search
CHR DefaultSearchURL: http://avg.nation.com/avgtbavg/search/web?cid={16DDDE1E-C7FE-4195-A512-9EF1E2E75D01}&mid=1861a376546947d39a926de78334b64b-be9abacd2b0d8fb17fa5dd2bb9608f781b54a8ba&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2014-02-18 15:53:57&v=17.0.0.12&pid=nation&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: https://avg.nation.com/chroment?espv=2&cid={FB437AC5-A04C-44A0-9A95-78A444223A7A}&mid=47ad457d35f547d18d0c3120d333f7f2-d26972f2474d96f629251e8ef57ec76cce5ba971&lang=en&ds=gh011&coid=avgtbdisgh&pr=sa&d=2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg=
CHR Extension: (Google Wallet) - C:\Users\John Doe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-12]

==================== Services (Whitelisted) =================

S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-01-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-11] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-02-18] (AVG Technologies)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
U2 TMAgent;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 18:21 - 2014-03-04 18:21 - 00011532 _____ () C:\Users\John Doe\Desktop\FRST.txt
2014-03-04 17:51 - 2014-03-04 18:11 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-04 17:48 - 2014-03-04 17:48 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ROBO-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-03-04 17:47 - 2014-03-04 17:47 - 00000000 ____D () C:\RegBackup
2014-03-04 17:40 - 2014-03-04 17:46 - 00000000 ____D () C:\Users\John Doe\Desktop\Tweaking.com - Windows Repair
2014-03-04 11:57 - 2014-03-04 18:21 - 00000000 ____D () C:\Users\John Doe\Desktop\FRST-OlderVersion
2014-03-03 15:31 - 2014-03-03 16:30 - 00031431 _____ () C:\Users\John Doe\Desktop\avgrep.txt
2014-03-03 14:15 - 2014-03-03 21:55 - 264728557 ____R () C:\Users\John Doe\Downloads\chastitylynn-wmvFullLow-1.wmv
2014-03-03 13:44 - 2014-03-03 21:52 - 1074791914 ____R () C:\Users\John Doe\Downloads\BLK-137.avi
2014-03-03 13:44 - 2014-03-03 21:42 - 1106735334 ____R () C:\Users\John Doe\Downloads\SDDE-339.mp4
2014-03-03 12:34 - 2014-03-03 13:31 - 158105199 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_1_351.zip.aamdownload
2014-03-03 12:34 - 2014-03-03 13:31 - 00001943 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_1_351.zip.aamdownload.aamd
2014-03-02 21:17 - 2014-03-03 12:13 - 777547776 ____R () C:\Users\John Doe\Downloads\Fall.Time.1995.dvdrip_[745]_[teko].avi
2014-03-02 19:22 - 2014-03-02 19:22 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-02 19:22 - 2014-03-02 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-02 19:07 - 2014-03-02 19:07 - 00282840 _____ (Mozilla) C:\Users\John Doe\Downloads\Firefox Setup Stub 27.0.1.exe
 AC3-FWOLF
2014-03-02 00:51 - 2014-03-02 23:09 - 781762560 ____R () C:\Users\John Doe\Downloads\Once.in.the.Life.2000.dvdrip_[745]_[teko].avi
2014-03-02 00:45 - 2014-03-04 13:43 - 4225819300 _____ () C:\Users\John Doe\Downloads\ЖАЖДА СМЕРТИ (DVO+MVO+AVO+SUB).1974.720p.HDTV.x264-lord_i_74.mkv
2014-03-02 00:33 - 2014-03-02 00:38 - 00000000 ____D () C:\Users\John Doe\Downloads\Invasion.of.the.Body.Snatchers.1956.BDRip.MVO.Eng.Sub.ALLFILMS.RG
2014-03-01 00:10 - 2014-03-01 00:10 - 07262613 ____R () C:\Users\John Doe\Downloads\epsxe170_.zip
2014-02-28 22:57 - 2014-02-28 23:42 - 2787292800 ____R () C:\Users\John Doe\Downloads\State.of.Grace.1990.DVDRip.x264.aac.tRuAVC.mkv
2014-02-28 00:18 - 2014-02-28 00:18 - 00002104 _____ () C:\Users\Public\Desktop\Real War.lnk
2014-02-27 20:53 - 2014-02-28 00:10 - 2027415804 ____R () C:\Users\John Doe\Downloads\Real_War_2.0_Final.exe
2014-02-26 22:43 - 2014-02-26 23:09 - 00000000 ____D () C:\Users\John Doe\Downloads\Гленгарри Глен Росс (Американцы)
2014-02-26 22:42 - 2014-02-27 00:44 - 2345463808 ____R () C:\Users\John Doe\Downloads\Firma.1993.RUS.BDRip.XviD.AC3.-AllFilms.avi
2014-02-26 22:36 - 2014-02-27 12:05 - 1429180416 ____R () C:\Users\John Doe\Downloads\Parni chto nado.avi
2014-02-26 15:01 - 2014-02-26 15:04 - 00000000 ____D () C:\Users\John Doe\Downloads\Isaac Hayes
2014-02-25 19:06 - 2014-02-25 19:06 - 00000000 ____D () C:\Users\John Doe\Documents\ESL Match Media
2014-02-25 13:19 - 2014-02-25 13:23 - 1572427776 _____ () C:\Users\John Doe\Downloads\22 Пули (DUB RenTV+MVO ORT) BDRip-lord_i_74.avi
2014-02-25 00:08 - 2014-02-25 00:09 - 08911614 _____ () C:\Users\John Doe\Documents\final cat1.psd
2014-02-24 21:26 - 2014-02-24 21:26 - 08409756 _____ () C:\Users\John Doe\Documents\cat1.psd
2014-02-24 21:07 - 2014-02-24 21:08 - 00000000 ____D () C:\Users\John Doe\Downloads\Кровавый алмаз_2006-BDRip-AVC
2014-02-23 14:13 - 2014-02-23 14:13 - 00000056 _____ () C:\Windows\SysWOW64\ezsidmv.dat
2014-02-23 13:57 - 2014-03-04 18:21 - 02156544 _____ (Farbar) C:\Users\John Doe\Desktop\FRST64.exe
2014-02-23 13:57 - 2014-03-04 18:21 - 00000000 ____D () C:\FRST
2014-02-23 13:29 - 2014-02-23 13:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-23 13:15 - 2014-03-04 11:45 - 00000000 ____D () C:\AdwCleaner
2014-02-19 17:08 - 2014-02-22 16:20 - 00000000 ____D () C:\Program Files (x86)\Ultra Fractal 5
2014-02-19 17:08 - 2014-02-19 17:08 - 00001968 _____ () C:\Users\John Doe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultra Fractal Server 5.01.lnk
2014-02-19 17:08 - 2014-02-19 17:08 - 00001943 _____ () C:\Users\John Doe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultra Fractal 5.01.lnk
2014-02-19 17:08 - 2014-02-19 17:08 - 00001913 _____ () C:\Users\John Doe\Desktop\Ultra Fractal 5.01.lnk
2014-02-19 17:08 - 2014-02-19 17:08 - 00000000 ____D () C:\Users\John Doe\Documents\Ultra Fractal 5
2014-02-18 17:27 - 2014-02-18 17:27 - 00688992 ____R (Swearware) C:\Users\John Doe\Downloads\dds.com
2014-02-18 15:55 - 2014-02-18 15:55 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\AVG2014
2014-02-18 15:53 - 2014-02-18 15:53 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-18 15:52 - 2014-03-03 16:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-02-18 15:52 - 2014-03-03 16:55 - 00000000 ____D () C:\$AVG
2014-02-18 15:41 - 2014-03-03 16:56 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2014
2014-02-18 15:38 - 2014-03-03 16:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\MFAData
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2013
2014-02-18 15:26 - 2014-02-18 15:27 - 00000000 ____D () C:\Users\John Doe\Downloads\AVG 2013 Final
2014-02-18 15:16 - 2014-02-18 15:16 - 00000000 ____D () C:\Users\John Doe\Downloads\Ultra Fractal 5.01 Animation Edition
2014-02-18 15:13 - 2014-02-18 23:12 - 2748546861 ____R () C:\Users\John Doe\Downloads\Bluscenes.The.Fractal.Plane.2011.1080p.mkv
2014-02-18 14:53 - 2014-02-19 17:11 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Ultra Fractal 5
2014-02-16 13:50 - 2014-02-28 02:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\ESL Wire Game Client
2014-02-16 13:50 - 2014-02-28 01:37 - 00000000 ____D () C:\Program Files\EslWire
2014-02-15 18:20 - 2014-02-15 18:23 - 1561948160 _____ () C:\Users\John Doe\Downloads\Ohotniki.Za.Golovami.2011.PROPER.DUB.HDRip.XviD.AC3.-Vaippp.avi
2014-02-15 18:16 - 2014-02-15 18:20 - 00000000 ____D () C:\Users\John Doe\Downloads\Perekrestok.Millera.1990.TRIPLE.HDTVRip.XviD.AC3.-Ermac
2014-02-14 12:49 - 2014-03-02 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 23:25 - 2014-02-13 23:42 - 00000000 ____D () C:\Users\John Doe\Downloads\7.Boxes.2012.SUBBED.HDRip.XviD.MP3-RARBG
2014-02-13 12:26 - 2014-02-13 12:27 - 00000000 ____D () C:\Users\John Doe\Downloads\Madlib - Madlib Medicine Show - Pill Jar (2013)
2014-02-12 23:03 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 23:03 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 23:02 - 2014-02-06 14:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 23:02 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 23:02 - 2014-02-06 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 23:02 - 2014-02-06 13:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 23:02 - 2014-02-06 13:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 23:02 - 2014-02-06 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 23:02 - 2014-02-06 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 23:02 - 2014-02-06 12:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 23:02 - 2014-02-06 12:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 23:02 - 2014-02-06 12:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 23:02 - 2014-02-06 12:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 23:02 - 2014-02-06 12:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 23:02 - 2014-02-06 12:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 23:02 - 2014-02-06 12:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 23:02 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 23:02 - 2014-02-06 12:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 23:02 - 2014-02-06 12:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 23:02 - 2014-02-06 12:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 23:02 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 23:02 - 2014-02-06 11:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 23:02 - 2014-02-06 11:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 23:02 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 23:02 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 23:02 - 2014-02-06 11:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 23:02 - 2014-02-06 11:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 23:02 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 23:02 - 2014-02-06 11:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 23:02 - 2014-02-06 11:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 23:02 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 23:02 - 2014-02-06 11:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 23:02 - 2014-02-06 11:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 23:02 - 2014-02-06 11:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 23:02 - 2014-02-06 11:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 23:02 - 2014-02-06 11:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 23:02 - 2014-02-06 10:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 23:02 - 2014-02-06 10:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 23:02 - 2014-02-06 10:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 23:02 - 2014-02-06 10:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 23:02 - 2014-02-06 10:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 12:35 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 12:35 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:35 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:35 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:35 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:35 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:35 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:35 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:35 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:35 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:35 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:35 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:35 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:35 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:35 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:35 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:35 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:35 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:35 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:35 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:35 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:35 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:12 - 2014-02-11 22:12 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-11 22:10 - 2014-02-11 22:11 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Adobe Tool
2014-02-11 22:08 - 2014-02-11 22:08 - 00000000 ____D () C:\Users\John Doe\Downloads\Adobe Tool 3.7
2014-02-11 21:57 - 2014-02-11 21:57 - 00000000 ____D () C:\ProgramData\ALM
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-11 15:01 - 2012-04-28 20:01 - 00000000 ____D () C:\Users\John Doe\Downloads\Adobe Illustrator CS6
2014-02-11 14:46 - 2014-02-11 14:53 - 2178978586 _____ () C:\Users\John Doe\Downloads\Adobe Illustrator CS6.exe
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\Users\John Doe\AppData\Local\VS Revo Group
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-03 22:30 - 2014-02-03 22:30 - 00006163 _____ () C:\Users\John Doe\AppData\Roaming\ContactSheetII.log
2014-02-03 22:30 - 2014-02-03 22:30 - 00000645 _____ () C:\Users\John Doe\AppData\Roaming\Contact Sheet II.xml
2014-02-03 21:43 - 2014-02-03 21:44 - 158099492 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload
2014-02-03 21:43 - 2014-02-03 21:44 - 00001943 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload.aamd
2014-02-02 19:50 - 2014-02-02 19:51 - 00003168 _____ () C:\Windows\System32\Tasks\{FEA659FF-EC09-4A52-BC17-D44CEA15C8D9}

==================== One Month Modified Files and Folders =======

2014-03-04 18:22 - 2014-03-04 18:21 - 00011532 _____ () C:\Users\John Doe\Desktop\FRST.txt
2014-03-04 18:21 - 2014-03-04 11:57 - 00000000 ____D () C:\Users\John Doe\Desktop\FRST-OlderVersion
2014-03-04 18:21 - 2014-02-23 13:57 - 02156544 _____ (Farbar) C:\Users\John Doe\Desktop\FRST64.exe
2014-03-04 18:21 - 2014-02-23 13:57 - 00000000 ____D () C:\FRST
2014-03-04 18:21 - 2013-12-11 13:48 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\uTorrent
2014-03-04 18:20 - 2014-01-09 12:03 - 00712934 _____ () C:\Windows\system32\perfh019.dat
2014-03-04 18:20 - 2014-01-09 12:03 - 00147240 _____ () C:\Windows\system32\perfc019.dat
2014-03-04 18:20 - 2009-07-14 07:13 - 01649730 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 18:19 - 2013-12-11 13:01 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Skype
2014-03-04 18:16 - 2013-12-11 13:33 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-04 18:16 - 2013-12-11 13:33 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\skypePM
2014-03-04 18:15 - 2013-12-11 12:30 - 00000000 ____D () C:\Program Files\P4G
2014-03-04 18:15 - 2013-12-11 12:16 - 00110000 _____ () C:\Users\John Doe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-04 18:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 18:15 - 2009-07-14 06:45 - 05131672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 18:14 - 2009-07-14 06:51 - 00075687 _____ () C:\Windows\setupact.log
2014-03-04 18:13 - 2013-12-11 13:05 - 01794958 _____ () C:\Windows\PFRO.log
2014-03-04 18:11 - 2014-03-04 17:51 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-03-04 18:09 - 2009-07-14 04:34 - 00000514 _____ () C:\Windows\win.ini
2014-03-04 18:04 - 2013-12-11 11:27 - 01901175 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 17:56 - 2013-12-11 13:33 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-04 17:52 - 2013-12-11 13:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 17:50 - 2009-07-14 06:45 - 00021248 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:50 - 2009-07-14 06:45 - 00021248 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:48 - 2014-03-04 17:48 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ROBO-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-03-04 17:47 - 2014-03-04 17:47 - 00000000 ____D () C:\RegBackup
2014-03-04 17:46 - 2014-03-04 17:40 - 00000000 ____D () C:\Users\John Doe\Desktop\Tweaking.com - Windows Repair
2014-03-04 17:34 - 2013-12-13 22:10 - 00007628 _____ () C:\Users\John Doe\AppData\Local\Resmon.ResmonCfg
2014-03-04 17:25 - 2013-12-12 10:52 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-03-04 17:25 - 2013-12-11 19:45 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-03-04 17:23 - 2014-01-19 19:44 - 00000000 ____D () C:\Users\John Doe\Desktop\desktop2
2014-03-04 13:43 - 2014-03-02 00:45 - 4225819300 _____ () C:\Users\John Doe\Downloads\ЖАЖДА СМЕРТИ (DVO+MVO+AVO+SUB).1974.720p.HDTV.x264-lord_i_74.mkv
2014-03-04 12:07 - 2013-12-11 13:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 11:45 - 2014-02-23 13:15 - 00000000 ____D () C:\AdwCleaner
2014-03-04 00:00 - 2013-12-11 20:57 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\vlc
2014-03-03 21:55 - 2014-03-03 14:15 - 264728557 ____R () C:\Users\John Doe\Downloads\chastitylynn-wmvFullLow-1.wmv
2014-03-03 21:52 - 2014-03-03 13:44 - 1074791914 ____R () C:\Users\John Doe\Downloads\BLK-137.avi
2014-03-03 21:42 - 2014-03-03 13:44 - 1106735334 ____R () C:\Users\John Doe\Downloads\SDDE-339.mp4
2014-03-03 19:55 - 2013-12-11 19:45 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-03-03 19:32 - 2014-01-04 19:26 - 00112640 ___SH () C:\Users\John Doe\Thumbs.db
2014-03-03 19:30 - 2014-01-30 20:09 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\TS3Client
2014-03-03 16:57 - 2014-02-18 15:38 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-03 16:56 - 2014-02-18 15:41 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2014
2014-03-03 16:55 - 2014-02-18 15:52 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-03 16:55 - 2014-02-18 15:52 - 00000000 ____D () C:\$AVG
2014-03-03 16:49 - 2013-12-11 12:30 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-03-03 16:41 - 2013-12-11 12:38 - 00001045 _____ () C:\dpi.txt
2014-03-03 16:30 - 2014-03-03 15:31 - 00031431 _____ () C:\Users\John Doe\Desktop\avgrep.txt
2014-03-03 15:27 - 2013-12-11 12:21 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-03-03 15:24 - 2013-12-11 12:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Adobe
2014-03-03 13:31 - 2014-03-03 12:34 - 158105199 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_1_351.zip.aamdownload
2014-03-03 13:31 - 2014-03-03 12:34 - 00001943 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_1_351.zip.aamdownload.aamd
2014-03-03 12:41 - 2014-03-02 14:42 - 00000000 ____D () C:\Windows\pss
2014-03-03 12:13 - 2014-03-02 21:17 - 777547776 ____R () C:\Users\John Doe\Downloads\Fall.Time.1995.dvdrip_[745]_[teko].avi
2014-03-03 00:42 - 2014-03-02 00:55 - 2198104064 ____R () C:\Users\John Doe\Downloads\Gangster.1997.XviD.DVDRip.avi
2014-03-02 23:43 - 2014-03-02 16:48 - 1560743936 ____R () C:\Users\John Doe\Downloads\Casualties.of.War.HDTVRip.avi
2014-03-02 23:09 - 2014-03-02 00:51 - 781762560 ____R () C:\Users\John Doe\Downloads\Once.in.the.Life.2000.dvdrip_[745]_[teko].avi
2014-03-02 22:21 - 2014-03-02 12:34 - 00000000 ____D () C:\Users\John Doe\Downloads\The Colony (2013) BRRIP XviD AC3-FWOLF
2014-03-02 21:41 - 2014-01-26 17:27 - 00001456 _____ () C:\Users\John Doe\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-02 19:22 - 2014-03-02 19:22 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-02 19:22 - 2014-03-02 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-02 19:22 - 2014-02-14 12:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-02 19:07 - 2014-03-02 19:07 - 00282840 _____ (Mozilla) C:\Users\John Doe\Downloads\Firefox Setup Stub 27.0.1.exe
2014-03-02 16:41 - 2009-07-14 07:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-02 00:58 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\John Doe\Downloads\1974 Cornbread, Earl And Me. rus + eng
2014-03-02 00:42 - 2014-03-02 00:39 - 00000000 ____D () C:\Users\John Doe\Downloads\Hannibal.S02E01.Kaiseki.1080p.WEB-DL.DD5.1.H.264-NTb [PublicHD]
2014-03-02 00:38 - 2014-03-02 00:33 - 00000000 ____D () C:\Users\John Doe\Downloads\Invasion.of.the.Body.Snatchers.1956.BDRip.MVO.Eng.Sub.ALLFILMS.RG
2014-03-01 00:14 - 2014-03-01 00:13 - 00000000 ____D () C:\Users\John Doe\Downloads\epsxe 1.8.0
2014-03-01 00:11 - 2014-03-01 00:11 - 16398993 _____ () C:\Users\John Doe\Downloads\epsxe 1.9.0 For PC +Bios  +plugins Complete.rar
2014-03-01 00:10 - 2014-03-01 00:10 - 07262613 ____R () C:\Users\John Doe\Downloads\epsxe170_.zip
2014-02-28 23:42 - 2014-02-28 22:57 - 2787292800 ____R () C:\Users\John Doe\Downloads\State.of.Grace.1990.DVDRip.x264.aac.tRuAVC.mkv
2014-02-28 02:38 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\John Doe\AppData\Local\ESL Wire Game Client
2014-02-28 01:37 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files\EslWire
2014-02-28 00:18 - 2014-02-28 00:18 - 00002104 _____ () C:\Users\Public\Desktop\Real War.lnk
2014-02-28 00:10 - 2014-02-27 20:53 - 2027415804 ____R () C:\Users\John Doe\Downloads\Real_War_2.0_Final.exe
2014-02-27 12:41 - 2014-02-27 00:46 - 1567780864 ____R () C:\Users\John Doe\Downloads\Chistilshchik.2007.XviD.BDRip.AVO[Gavrilov].avi
2014-02-27 12:18 - 2014-02-27 11:23 - 00000000 ____D () C:\Users\John Doe\Downloads\Buffalo Soldiers
2014-02-27 12:15 - 2014-02-27 00:44 - 2344187904 ____R () C:\Users\John Doe\Downloads\The.Rock.1996.Dub.BDRip.2,18Gb.XviD.AC3.avi
2014-02-27 12:05 - 2014-02-26 22:36 - 1429180416 ____R () C:\Users\John Doe\Downloads\Parni chto nado.avi
2014-02-27 00:44 - 2014-02-26 22:42 - 2345463808 ____R () C:\Users\John Doe\Downloads\Firma.1993.RUS.BDRip.XviD.AC3.-AllFilms.avi
2014-02-26 23:09 - 2014-02-26 22:43 - 00000000 ____D () C:\Users\John Doe\Downloads\Гленгарри Глен Росс (Американцы)
2014-02-26 22:51 - 2014-02-26 22:46 - 00000000 ____D () C:\Users\John Doe\Downloads\Just.Cause.1995.BDRip.Dub.RTR.Gavrilov.ALLFILMS.RG
2014-02-26 22:09 - 2014-01-29 15:08 - 01615638 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 20:33 - 2014-01-26 01:14 - 00000132 _____ () C:\Users\John Doe\AppData\Roaming\Adobe GIF Format CC Prefs
2014-02-26 15:04 - 2014-02-26 15:01 - 00000000 ____D () C:\Users\John Doe\Downloads\Isaac Hayes
2014-02-25 19:06 - 2014-02-25 19:06 - 00000000 ____D () C:\Users\John Doe\Documents\ESL Match Media
2014-02-25 16:26 - 2014-02-21 13:40 - 00000000 ____D () C:\Users\John Doe\Downloads\2004 - Collateral - soundtrack
2014-02-25 16:24 - 2014-02-21 13:41 - 00000000 ____D () C:\Users\John Doe\Downloads\8MM (Score)
2014-02-25 13:23 - 2014-02-25 13:19 - 1572427776 _____ () C:\Users\John Doe\Downloads\22 Пули (DUB RenTV+MVO ORT) BDRip-lord_i_74.avi
2014-02-25 00:09 - 2014-02-25 00:08 - 08911614 _____ () C:\Users\John Doe\Documents\final cat1.psd
2014-02-24 21:26 - 2014-02-24 21:26 - 08409756 _____ () C:\Users\John Doe\Documents\cat1.psd
2014-02-24 21:21 - 2014-02-24 21:05 - 2358604505 _____ () C:\Users\John Doe\Downloads\The Recruit.2003.BDRip-AVC.AVO.Esarev.mkv
2014-02-24 21:13 - 2014-02-24 21:01 - 2198732800 ____R () C:\Users\John Doe\Downloads\Po.volchim.zakonam.2010.2100MB.Rus.Eng.xGhost.avi
2014-02-24 21:08 - 2014-02-24 21:07 - 00000000 ____D () C:\Users\John Doe\Downloads\Кровавый алмаз_2006-BDRip-AVC
2014-02-24 13:24 - 2014-02-22 22:37 - 00000000 ____D () C:\Users\John Doe\Downloads\Isley Brothers
2014-02-23 18:13 - 2013-12-20 16:55 - 00000840 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-02-23 14:13 - 2014-02-23 14:13 - 00000056 _____ () C:\Windows\SysWOW64\ezsidmv.dat
2014-02-23 13:29 - 2014-02-23 13:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-22 16:20 - 2014-02-19 17:08 - 00000000 ____D () C:\Program Files (x86)\Ultra Fractal 5
2014-02-21 13:47 - 2014-02-21 13:37 - 00000000 ____D () C:\Users\John Doe\Downloads\VA - The Secret Life of Walter Mitty - OST (2013) [AAC]
2014-02-20 22:52 - 2013-12-11 13:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 22:52 - 2013-12-11 13:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 22:52 - 2013-12-11 13:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-19 21:01 - 2013-12-11 12:31 - 00001290 _____ () C:\Windows\system32\ServiceFilter.ini
2014-02-19 17:11 - 2014-02-18 14:53 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Ultra Fractal 5
2014-02-19 17:08 - 2014-02-19 17:08 - 00001968 _____ () C:\Users\John Doe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultra Fractal Server 5.01.lnk
2014-02-19 17:08 - 2014-02-19 17:08 - 00001943 _____ () C:\Users\John Doe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultra Fractal 5.01.lnk
2014-02-19 17:08 - 2014-02-19 17:08 - 00001913 _____ () C:\Users\John Doe\Desktop\Ultra Fractal 5.01.lnk
2014-02-19 17:08 - 2014-02-19 17:08 - 00000000 ____D () C:\Users\John Doe\Documents\Ultra Fractal 5
2014-02-19 13:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-02-18 23:12 - 2014-02-18 15:13 - 2748546861 ____R () C:\Users\John Doe\Downloads\Bluscenes.The.Fractal.Plane.2011.1080p.mkv
2014-02-18 22:15 - 2013-12-11 12:31 - 00001770 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-02-18 17:36 - 2013-12-11 16:51 - 00000000 ____D () C:\Users\John Doe\Downloads\vv7lxe
2014-02-18 17:27 - 2014-02-18 17:27 - 00688992 ____R (Swearware) C:\Users\John Doe\Downloads\dds.com
2014-02-18 15:55 - 2014-02-18 15:55 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\AVG2014
2014-02-18 15:54 - 2013-12-11 13:53 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\TuneUp Software
2014-02-18 15:53 - 2014-02-18 15:53 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\MFAData
2014-02-18 15:38 - 2014-02-18 15:38 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Avg2013
2014-02-18 15:27 - 2014-02-18 15:26 - 00000000 ____D () C:\Users\John Doe\Downloads\AVG 2013 Final
2014-02-18 15:16 - 2014-02-18 15:16 - 00000000 ____D () C:\Users\John Doe\Downloads\Ultra Fractal 5.01 Animation Edition
2014-02-17 23:51 - 2013-12-11 13:33 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 23:51 - 2013-12-11 13:33 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 17:08 - 2013-12-11 18:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 17:06 - 2013-12-11 18:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 16:45 - 2013-12-11 19:25 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-15 18:23 - 2014-02-15 18:20 - 1561948160 _____ () C:\Users\John Doe\Downloads\Ohotniki.Za.Golovami.2011.PROPER.DUB.HDRip.XviD.AC3.-Vaippp.avi
2014-02-15 18:20 - 2014-02-15 18:16 - 00000000 ____D () C:\Users\John Doe\Downloads\Perekrestok.Millera.1990.TRIPLE.HDTVRip.XviD.AC3.-Ermac
2014-02-13 23:42 - 2014-02-13 23:25 - 00000000 ____D () C:\Users\John Doe\Downloads\7.Boxes.2012.SUBBED.HDRip.XviD.MP3-RARBG
2014-02-13 12:27 - 2014-02-13 12:26 - 00000000 ____D () C:\Users\John Doe\Downloads\Madlib - Madlib Medicine Show - Pill Jar (2013)
2014-02-11 22:12 - 2014-02-11 22:12 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-02-11 22:12 - 2013-12-11 12:39 - 00000000 ____D () C:\Users\John Doe\AppData\Roaming\Adobe
2014-02-11 22:12 - 2013-12-11 12:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-11 22:11 - 2014-02-11 22:10 - 00000000 ____D () C:\Users\John Doe\AppData\Local\Adobe Tool
2014-02-11 22:08 - 2014-02-11 22:08 - 00000000 ____D () C:\Users\John Doe\Downloads\Adobe Tool 3.7
2014-02-11 21:58 - 2013-12-27 17:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-11 21:57 - 2014-02-11 21:57 - 00000000 ____D () C:\ProgramData\ALM
2014-02-11 21:57 - 2013-12-27 17:54 - 00000000 ____D () C:\Program Files\Adobe
2014-02-11 21:57 - 2013-12-27 17:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-11 21:56 - 2013-12-11 12:38 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-02-11 21:55 - 2014-02-11 21:55 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-02-11 21:54 - 2013-12-27 17:45 - 00001522 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2014-02-11 14:53 - 2014-02-11 14:46 - 2178978586 _____ () C:\Users\John Doe\Downloads\Adobe Illustrator CS6.exe
2014-02-11 14:05 - 2014-01-21 14:48 - 00000000 ____D () C:\ProgramData\CorelDRAW Technical Suite X6
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\Users\John Doe\AppData\Local\VS Revo Group
2014-02-11 13:47 - 2014-02-11 13:47 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-02-06 21:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-06 14:16 - 2014-02-12 23:02 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 13:30 - 2014-02-12 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 13:30 - 2014-02-12 23:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 13:12 - 2014-02-12 23:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 13:07 - 2014-02-12 23:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 13:06 - 2014-02-12 23:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 12:57 - 2014-02-12 23:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 12:56 - 2014-02-12 23:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 12:52 - 2014-02-12 23:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 12:49 - 2014-02-12 23:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 12:48 - 2014-02-12 23:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 12:48 - 2014-02-12 23:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 12:38 - 2014-02-12 23:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 12:32 - 2014-02-12 23:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 12:20 - 2014-02-12 23:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 12:17 - 2014-02-12 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 12:11 - 2014-02-12 23:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 12:01 - 2014-02-12 23:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 12:00 - 2014-02-12 23:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 23:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 11:57 - 2014-02-12 23:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 11:52 - 2014-02-12 23:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 11:52 - 2014-02-12 23:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 11:50 - 2014-02-12 23:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 11:49 - 2014-02-12 23:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 11:47 - 2014-02-12 23:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 11:46 - 2014-02-12 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 11:25 - 2014-02-12 23:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 11:25 - 2014-02-12 23:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 11:24 - 2014-02-12 23:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 11:22 - 2014-02-12 23:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 11:13 - 2014-02-12 23:02 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 11:09 - 2014-02-12 23:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 11:03 - 2014-02-12 23:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 10:55 - 2014-02-12 23:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 10:41 - 2014-02-12 23:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 10:40 - 2014-02-12 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 10:36 - 2014-02-12 23:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 10:34 - 2014-02-12 23:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 22:30 - 2014-02-03 22:30 - 00006163 _____ () C:\Users\John Doe\AppData\Roaming\ContactSheetII.log
2014-02-03 22:30 - 2014-02-03 22:30 - 00000645 _____ () C:\Users\John Doe\AppData\Roaming\Contact Sheet II.xml
2014-02-03 21:44 - 2014-02-03 21:43 - 158099492 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload
2014-02-03 21:44 - 2014-02-03 21:43 - 00001943 _____ () C:\Users\John Doe\AppData\Local\ACCCx2_4_0_348.zip.aamdownload.aamd
2014-02-02 21:54 - 2013-12-12 10:45 - 00000000 ____D () C:\Users\John Doe\Documents\Battlefield 2
2014-02-02 19:51 - 2014-02-02 19:50 - 00003168 _____ () C:\Windows\System32\Tasks\{FEA659FF-EC09-4A52-BC17-D44CEA15C8D9}
2014-02-02 12:52 - 2013-12-11 11:45 - 00000000 ____D () C:\Users\John Doe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 13:30

==================== End Of Log ============================



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:10 PM

Posted 04 March 2014 - 02:10 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-1024731270-2302543644-2352994229-1000\...\Run: [AdobeBridge] - [X]
CHR HomePage: hxxp://avg.nation.com/avgtbavg/search/home?cid={16DDDE1E-C7FE-4195-A512-9EF1E2E75D01}&mid=1861a376546947d39a926de78334b64b-be9abacd2b0d8fb17fa5dd2bb9608f781b54a8ba&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2014-02-18 15:53:57&v=17.0.0.12&pid=nation&sg=&sap=hp
CHR DefaultSearchKeyword: avg.nation.com
CHR DefaultSearchProvider: AVG Nation Search
CHR DefaultSearchURL: http://avg.nation.com/avgtbavg/search/web?cid={16DDDE1E-C7FE-4195-A512-9EF1E2E75D01}&mid=1861a376546947d39a926de78334b64b-be9abacd2b0d8fb17fa5dd2bb9608f781b54a8ba&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2014-02-18 15:53:57&v=17.0.0.12&pid=nation&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: https://avg.nation.com/chroment?espv=2&cid={FB437AC5-A04C-44A0-9A95-78A444223A7A}&mid=47ad457d35f547d18d0c3120d333f7f2-d26972f2474d96f629251e8ef57ec76cce5ba971&lang=en&ds=gh011&coid=avgtbdisgh&pr=sa&d=2013-10-28 11:49:58&v=17.1.2.0&pid=avg&sg=
U2 TMAgent;
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

If you still have some issues with this computer please execute the Windows repair I suggested in my previous post.

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users