Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't remove IST Cleaner Pro that comes up right after I login


  • This topic is locked This topic is locked
8 replies to this topic

#1 D'Inky

D'Inky

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 11 March 2014 - 02:09 AM

Hi There!

This is first time for me to post my request.

I have recently broken up with my tech savvy boyfriend and now have to resolve everything by myself.

Your website helped me a lot to remove all the kind of infected files, viruses, and so on. Thank you so much!

However I can't remove this thing called IST Cleaner Pro at start up.

 

I have followed your article of 

"How to remove Vista Security Cleaner Pro"  (in Safe Mode with Networking)

But I still have the same issue (Although it fixed web browser redirecting and other annoying popup windows). 

 

I have also run "Windows-KB890830-x64-V5.9.exe" (in Safe Mode with Networking). But it didn't find anything.

 

So, now I have run dds.com ( in Safe Mode with Networking) to ask for your help.

Please take a look at my situation and let me know how to remove this software.

I have attached the images of IST Cleaner Pro pop-up windows and attach.txt.

 

Thank you so much for helping me in advance!

 

 

 

 

 

 

Attached File  IST-1.jpg   196.08KB   0 downloadsAttached File  IST-2.jpg   220.79KB   0 downloadsAttached File  attach.txt   3.27KB   1 downloads

 

----------------------------------------------------------------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 1.6.0_17
Run by Emi at 23:17:53 on 2014-03-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.3068 [GMT -7:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
mWinlogon: Userinit = userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO: The Amazon 1Button App for IE: {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [PlantSenseSysAgent] "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Google Update] "C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Touro Cloud Backup] C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe /delayed
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Dopus TR] C:\Program Files\GPSoftware\Directory Opus\DopusTR.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: CopyFileBufferedSynchronousIo = dword:1
IE: {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~2\FLASHS~1\save.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.147.1
TCP: Interfaces\{CCDF6A57-2921-41CF-AA7F-3FA3EF239CE9} : DHCPNameServer = 192.168.147.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
x64-mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll
x64-BHO: The Amazon 1Button App for IE: {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll
x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2524319&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Emi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: !HIDDEN! 2009-12-09 22:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-7-5 54480]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-16 50976]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
S1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-30 606672]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2014-2-10 282712]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2014-2-10 397848]
S2 .AVQWindowsMonitorService;Fix-It Utilities Process Monitor;C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [2014-2-17 249192]
S2 3d-io License Server v2.0;3d-io License Server v2.0;C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2011-3-31 34816]
S2 AQFileRestoreSrv;AQFileRestoreSrv;C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [2014-2-17 82816]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-10-23 1432080]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-10 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-10 701512]
S2 MediaDevSrv;MediaDevSrv;C:\ProgramData\MediaDev\1394066413\mediadev.exe [2014-3-5 368960]
S2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-3-10 65536]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-2-10 1444120]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
S2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-10-17 6438264]
S2 Touro Cloud Backup Crawler;Touro Cloud Backup Crawler;C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe [2012-10-18 3671176]
S2 VCOMCloudAgent;VCOM Cloud Agent;C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [2014-2-17 133504]
S2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-4 1759768]
S2 WinDevSrv;WinDevSrv;C:\Users\Emi\AppData\Roaming\UpdateServ\UpdaterService.exe [2014-2-28 368960]
S3 AQFileRestore;AQFileRestore;C:\Windows\System32\drivers\AQFileRestore.sys [2014-2-17 21584]
S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2008-7-5 432256]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-7-5 403968]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2008-11-22 1436424]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-2-21 327704]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2009-3-15 50072]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-2-21 6379288]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-10 25928]
S3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2014-2-17 12904]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-7-25 316312]
S3 Spyder2;ColorVision Spyder2;C:\Windows\System32\drivers\Spyder2.sys [2007-2-13 15360]
S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2008-3-19 15360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser64;Neato Robotics USB Driver;C:\Windows\System32\drivers\usbser.sys [2013-12-21 32768]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-10-17 13312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-30 89920]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-04 21:55:31 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-02-21 01:12:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 01:12:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-10 19:35:40 316312 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2014-02-05 10:19:13 17849344 ----a-w- C:\Windows\System32\mshtml.dll
2014-02-05 10:02:21 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2014-02-05 10:00:21 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-05 09:54:37 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-05 09:52:37 237056 ----a-w- C:\Windows\System32\url.dll
2014-02-05 09:52:29 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2014-02-05 09:51:59 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-05 09:51:47 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2014-02-05 09:51:43 816640 ----a-w- C:\Windows\System32\jscript.dll
2014-02-05 09:51:34 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2014-02-05 09:50:50 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-05 09:50:05 248320 ----a-w- C:\Windows\System32\ieui.dll
2014-02-05 08:58:27 12345344 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-02-05 08:56:17 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-05 08:53:14 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-02-05 08:51:01 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-05 08:49:14 231936 ----a-w- C:\Windows\SysWow64\url.dll
2014-02-05 08:48:56 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-02-05 08:48:40 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-05 08:48:08 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2014-02-05 08:48:02 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-02-05 08:47:57 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-02-05 08:47:22 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-02-05 08:47:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-05 08:46:50 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-02-05 02:09:36 88567024 ----a-w- C:\Windows\System32\mrt.exe
2014-01-22 01:28:54 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-12-13 19:31:48 21584 ------w- C:\Windows\System32\drivers\AQFileRestore.sys
.
============= FINISH: 23:19:04.04 ===============
 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 11 March 2014 - 03:08 AM

Hi there,

I'll try my best to replace your ex-boyfriend.. Well, only to get rid of this annoying IST cleaner of course.. ;)
Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by aharonov, 11 March 2014 - 03:09 AM.


#3 D'Inky

D'Inky
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 11 March 2014 - 04:04 AM

Thank you so much for your fast response! I was expecting 5 days or more. It is so amazing that you guys provide help without getting paid.

What a wonderful community!

 

I have run FRST ( in NON-safe mode) with my login with Administrator privileges. Hope this was fine.

 

Here is the logs. I can finally see "istcleaner" in these logs, although I don't know what to do. 

 

By the way, I can't sign in to the forum from Firefox. Would you know why?

 

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Emi (administrator) on DINKY-PC on 11-03-2014 01:33:35
Running from C:\Users\Emi\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
(3d-io GmbH) C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\ProgramData\MediaDev\1394066413\mediadev.exe
() C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
(Avanquest Software North America) C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
(Media Corporation) C:\Users\Emi\AppData\Roaming\UpdateServ\UpdaterService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
() C:\Windows\MHotKey.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Creative) C:\Windows\CNYHKey.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Chicony) C:\Windows\ModLedKey.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Dropbox, Inc.) C:\Users\Emi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-04-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2008-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Dopus TR] - C:\Program Files\GPSoftware\Directory Opus\DopusTR.exe
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2552856 2014-03-04] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [PlantSenseSysAgent] - "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [Google Update] - C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-22] (Google Inc.)
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [Touro Cloud Backup] - C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe [1324544 2012-10-18] ()
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\MountPoints2: {04072e6f-aed1-11dd-85f5-001fe23b3876} - L:\LaunchU3.exe -a
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\MountPoints2: {418535a6-aefb-11dd-984b-001fe23b3876} - V:\Autorun.exe
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\MountPoints2: {c8674e27-d54c-11df-9044-001fe23b3876} - L:\LaunchU3.exe -a
HKU\S-1-5-21-209272363-2446646531-3981651877-1001\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [155456 2013-12-15] ()
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL [138048 2013-12-15] ()
Startup: C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Emi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {96AA78CD-44F5-4449-887C-AED55FEEA0F4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.147.1
 
FireFox:
========
FF ProfilePath: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default
FF user.js: detected! => C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\user.js
FF SearchEngineOrder.1: Amazon 
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Emi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Emi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\yahoo_ff.xml
FF Extension: We-Care App - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\wecarereminder@bryan [2013-12-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-28]
FF Extension: DownloadHelper - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: Amazon 1Button App for Firefox - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\abb@amazon.com.xpi [2014-01-31]
FF Extension: Download Statusbar - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://search.yahoo.com/?type=586383&fr=spigot-yhp-ch
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Emi\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Emi\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Emi\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-31]
 
==================== Services (Whitelisted) =================
 
R2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249192 2013-12-13] (Avanquest Software)
R2 3d-io License Server v2.0; C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [34816 2011-03-31] (3d-io GmbH)
R2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-12-13] (Avanquest Software)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2008-12-20] (Autodesk)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2013-12-13] (Avanquest Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MediaDevSrv; C:\ProgramData\MediaDev\1394066413\mediadev.exe [368960 2014-03-05] ()
R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-10] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
S2 RoxLiveShare; C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [233472 2006-01-20] (Sonic Solutions)
S3 RoxMediaDB; C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [864256 2006-01-20] (Sonic Solutions)
R2 RoxWatch; C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [155648 2006-01-20] (Sonic Solutions)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 Touro Cloud Backup Crawler; C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe [3671176 2012-10-18] ()
R2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [133504 2013-12-13] (Avanquest Software North America)
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-04] (AVG Secure Search)
R2 WinDevSrv; C:\Users\Emi\AppData\Roaming\UpdateServ\UpdaterService.exe [368960 2014-02-28] (Media Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [81096 2007-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [81096 2007-02-15] (SlySoft, Inc.)
R3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21584 2013-12-13] ()
R3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD64.sys [432256 2007-04-10] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-04] (AVG Technologies)
S1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [344064 2005-10-22] (Sonic Solutions)
S3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [33792 2005-10-22] (Sonic Solutions)
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [453632 2008-11-23] (Aladdin Knowledge Systems)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [32768 2005-10-22] (Sonic Solutions)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2013-10-24] (UVNC BVBA)
S1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [128512 2005-10-22] (Sonic Solutions)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [20032 2001-06-21] (Rainbow Technologies Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [860656 2008-11-10] ()
S3 Spyder2; C:\Windows\System32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2007-12-12] ()
S3 usbser64; C:\Windows\System32\DRIVERS\usbser.sys [32768 2013-08-29] (Microsoft Corporation)
U3 asjr3uxh; C:\Windows\System32\Drivers\asjr3uxh.sys [0 ] (Microsoft Corporation)
S2 DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-11 01:33 - 2014-03-11 01:34 - 00030424 _____ () C:\Users\Emi\Desktop\FRST.txt
2014-03-11 01:33 - 2014-03-11 01:33 - 00000000 ____D () C:\FRST
2014-03-11 01:29 - 2014-03-11 01:30 - 02157056 _____ (Farbar) C:\Users\Emi\Desktop\FRST64.exe
2014-03-11 00:31 - 2014-03-11 00:31 - 00001401 _____ () C:\Users\Emi\Desktop\Notepad - Shortcut.lnk
2014-03-10 23:21 - 2014-03-10 23:21 - 00003344 _____ () C:\Users\Emi\Desktop\attach.txt
2014-03-10 23:21 - 2014-03-10 23:19 - 00019951 _____ () C:\Users\Emi\Desktop\dds.txt
2014-03-10 23:17 - 2014-03-11 00:52 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-10 23:17 - 2014-03-10 23:17 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-10 23:13 - 2014-03-10 23:13 - 00688992 ____R (Swearware) C:\Users\Emi\Desktop\dds.com
2014-03-10 17:55 - 2014-03-10 17:55 - 25640672 _____ (Microsoft Corporation) C:\Users\Emi\Desktop\Windows-KB890830-x64-V5.9.exe
2014-03-10 01:05 - 2014-03-10 01:05 - 00000959 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 01:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-10 01:04 - 2014-03-10 01:04 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Emi\Desktop\mbam-setup.exe
2014-03-10 00:45 - 2014-03-10 00:45 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Emi\Desktop\iexplore.com
2014-03-10 00:36 - 2014-03-10 00:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Emi\Desktop\rkill.com
2014-03-06 13:32 - 2014-03-07 02:58 - 00000000 ____D () C:\Users\Emi\Downloads\movies
2014-03-06 01:34 - 2014-03-06 01:34 - 00000000 _____ () C:\END
2014-03-06 01:32 - 2014-03-06 01:32 - 00772528 _____ () C:\Users\Emi\Downloads\uplayermediaplayer-setup.exe
2014-03-05 17:40 - 2014-03-05 17:40 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-05 17:35 - 2014-03-05 17:35 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-05 17:34 - 2014-03-05 17:35 - 00000378 _____ () C:\Windows\Tasks\APSnotifierCA.job
2014-03-05 17:34 - 2014-03-05 17:34 - 00003162 _____ () C:\Windows\System32\Tasks\APSnotifierCA
2014-03-05 17:33 - 2014-03-05 17:32 - 01122960 _____ (AnyProtect.com) C:\Users\Emi\AppData\Local\nssB18A.tmp
2014-03-05 17:31 - 2014-03-11 00:17 - 00000396 _____ () C:\Windows\Tasks\istcleaner Task.job
2014-03-05 17:31 - 2014-03-05 17:32 - 00002818 _____ () C:\Windows\System32\Tasks\istcleaner Task
2014-03-05 17:31 - 2014-03-05 17:32 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\istcleaner
2014-03-05 17:31 - 2014-03-05 17:31 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-05 17:26 - 2014-03-10 02:52 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\UpdateServ
2014-03-05 17:26 - 2014-03-05 17:40 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-03-05 17:18 - 2014-03-05 17:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\OpenCandy
2014-03-05 17:18 - 2013-11-13 20:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-03-05 17:06 - 2014-03-08 17:56 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\BitTorrent
2014-03-05 17:06 - 2014-03-05 17:06 - 01853528 _____ (BitTorrent Inc.) C:\Users\Emi\Downloads\BitTorrent.exe
2014-03-04 14:56 - 2014-03-04 17:22 - 00000000 ____D () C:\Users\Emi\AppData\Local\AVG Secure Search
2014-03-04 14:55 - 2014-03-04 14:56 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-04 14:55 - 2014-03-04 14:56 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-02-26 17:48 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avanquest
2014-02-26 17:32 - 2014-03-06 13:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-26 17:32 - 2014-03-06 13:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-26 17:32 - 2014-03-06 13:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2014-02-26 17:32 - 2013-12-21 21:17 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-02-26 17:32 - 2013-06-30 09:12 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2014-02-26 17:32 - 2011-10-01 23:54 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Trusteer
2014-02-26 17:32 - 2011-08-28 14:09 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Trusteer
2014-02-26 17:32 - 2011-07-25 23:18 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-02-19 20:08 - 2014-02-19 20:08 - 01898284 _____ (Sergey Serkov ) C:\Users\Emi\Downloads\tagscan5.1.647setup.exe
2014-02-18 00:45 - 2014-02-18 00:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 22:18 - 2014-02-18 00:57 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple Computer
2014-02-17 22:18 - 2014-02-17 22:18 - 00001705 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 22:16 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 22:16 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 22:16 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 22:15 - 2014-02-17 22:15 - 00001865 _____ () C:\Users\Emi\Desktop\Fix-It Utilities Professional (2).lnk
2014-02-17 22:15 - 2014-02-17 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 22:07 - 2014-02-17 22:08 - 148896080 _____ (Apple Inc.) C:\Users\Emi\Downloads\iTunes64Setup.exe
2014-02-17 21:40 - 2014-02-17 21:40 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\SampleView
2014-02-17 20:21 - 2014-02-17 20:21 - 00000000 _RSHD () C:\_Backup.RC
2014-02-17 20:19 - 2013-12-13 12:31 - 00021584 ____N () C:\Windows\system32\Drivers\AQFileRestore.sys
2014-02-17 20:19 - 2012-02-09 13:58 - 00035000 _____ () C:\Windows\system32\mxntdfg.exe
2014-02-17 20:18 - 2014-02-17 20:20 - 00000000 ____D () C:\ProgramData\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2014-02-17 20:18 - 2013-10-24 15:03 - 00027240 _____ (UVNC BVBA) C:\Windows\system32\mv2.dll
2014-02-17 20:18 - 2013-10-24 15:03 - 00012904 _____ (UVNC BVBA) C:\Windows\system32\Drivers\mv2.sys
2014-02-17 20:16 - 2014-02-17 20:16 - 00428338 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI37F3.txt
2014-02-17 20:16 - 2014-02-17 20:16 - 00018522 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI37F3.txt
2014-02-17 20:15 - 2014-02-17 20:16 - 00432560 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI3756.txt
2014-02-17 20:15 - 2014-02-17 20:16 - 00018474 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI3756.txt
2014-02-17 20:12 - 2014-03-11 00:41 - 00000000 ____D () C:\_Backup
2014-02-17 19:44 - 2014-02-17 19:47 - 73332576 _____ (Avanquest) C:\Users\Emi\Downloads\Fix-It_Professional_ENU_signed.exe
2014-02-17 19:26 - 2014-03-10 17:19 - 00000000 ____D () C:\Users\Emi\AppData\Local\Adobe
2014-02-17 19:10 - 2014-02-17 19:22 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-17 19:10 - 2014-02-17 19:21 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\systweak
2014-02-17 19:10 - 2014-01-21 18:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\ParetoLogic
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\DriverCure
2014-02-17 18:50 - 2014-02-17 19:25 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-17 17:46 - 2014-02-17 17:46 - 00000000 ____D () C:\Users\Emi\AppData\Local\Macromedia
2014-02-17 17:25 - 2014-02-26 23:58 - 00751766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-17 16:28 - 2014-02-05 02:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 16:28 - 2014-02-05 02:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 16:28 - 2014-02-05 02:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 16:28 - 2014-02-05 02:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 16:28 - 2014-02-05 02:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 16:28 - 2014-02-05 02:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-17 16:28 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-17 16:28 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-17 16:28 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 16:28 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-17 16:28 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-17 16:28 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-17 16:28 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-17 16:27 - 2014-02-05 03:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 16:27 - 2014-02-05 03:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 16:27 - 2014-02-05 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 16:27 - 2014-02-05 02:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 16:27 - 2014-02-05 02:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 16:27 - 2014-02-05 02:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 16:27 - 2014-02-05 02:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-17 16:27 - 2014-02-05 02:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-17 16:27 - 2014-02-05 02:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 16:27 - 2014-02-05 02:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-17 16:27 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-17 16:27 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-17 16:27 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-17 16:27 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-17 16:27 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-17 16:27 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-17 16:27 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-17 16:27 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-17 16:27 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-17 16:02 - 2013-12-04 21:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 16:02 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-16 17:41 - 2014-02-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:37 - 2014-02-14 22:37 - 00000911 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-14 12:24 - 2014-02-14 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG
2014-02-14 11:59 - 2014-02-14 11:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2013
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2013
2014-02-14 11:56 - 2014-02-14 11:56 - 00093168 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 11:56 - 2014-02-14 11:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Panasonic
2014-02-14 11:55 - 2014-02-14 11:55 - 00000990 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000985 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000960 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-02-14 11:54 - 2014-02-14 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-02-14 11:54 - 2014-02-14 11:55 - 00000926 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WTablet
2014-02-14 11:52 - 2014-02-14 11:55 - 00000000 ____D () C:\Users\Guest
2014-02-14 11:52 - 2014-02-14 11:52 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-02-14 11:52 - 2013-12-21 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-02-14 11:52 - 2013-06-30 09:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-02-14 11:52 - 2011-10-01 23:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Trusteer
2014-02-14 11:52 - 2011-08-28 14:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Trusteer
2014-02-14 11:52 - 2011-07-25 23:18 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-02-14 11:52 - 2008-07-05 18:00 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2014-02-14 11:52 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-14 11:52 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-11 19:33 - 2014-02-11 19:53 - 00000000 ____D () C:\Users\Emi\Documents\TVshows from Danie
 
==================== One Month Modified Files and Folders =======
 
2014-03-11 01:34 - 2014-03-11 01:33 - 00030424 _____ () C:\Users\Emi\Desktop\FRST.txt
2014-03-11 01:33 - 2014-03-11 01:33 - 00000000 ____D () C:\FRST
2014-03-11 01:30 - 2014-03-11 01:29 - 02157056 _____ (Farbar) C:\Users\Emi\Desktop\FRST64.exe
2014-03-11 01:25 - 2010-09-28 00:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 01:12 - 2012-06-24 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 01:07 - 2013-06-16 14:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-11 01:01 - 2011-09-10 23:11 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Dropbox
2014-03-11 00:52 - 2014-03-10 23:17 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 00:52 - 2011-09-10 23:13 - 00000000 ___RD () C:\Users\Emi\Dropbox
2014-03-11 00:49 - 2012-01-22 15:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000UA.job
2014-03-11 00:41 - 2014-02-17 20:12 - 00000000 ____D () C:\_Backup
2014-03-11 00:34 - 2008-07-05 17:44 - 01080640 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 00:31 - 2014-03-11 00:31 - 00001401 _____ () C:\Users\Emi\Desktop\Notepad - Shortcut.lnk
2014-03-11 00:24 - 2006-11-02 05:46 - 00758822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 00:17 - 2014-03-05 17:31 - 00000396 _____ () C:\Windows\Tasks\istcleaner Task.job
2014-03-11 00:16 - 2010-09-28 00:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 00:14 - 2008-07-06 08:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 00:14 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 00:14 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 00:14 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 23:21 - 2014-03-10 23:21 - 00003344 _____ () C:\Users\Emi\Desktop\attach.txt
2014-03-10 23:19 - 2014-03-10 23:21 - 00019951 _____ () C:\Users\Emi\Desktop\dds.txt
2014-03-10 23:17 - 2014-03-10 23:17 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-10 23:13 - 2014-03-10 23:13 - 00688992 ____R (Swearware) C:\Users\Emi\Desktop\dds.com
2014-03-10 17:55 - 2014-03-10 17:55 - 25640672 _____ (Microsoft Corporation) C:\Users\Emi\Desktop\Windows-KB890830-x64-V5.9.exe
2014-03-10 17:36 - 2008-01-20 20:26 - 00696640 _____ () C:\Windows\PFRO.log
2014-03-10 17:32 - 2006-11-02 08:42 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-10 17:19 - 2014-02-17 19:26 - 00000000 ____D () C:\Users\Emi\AppData\Local\Adobe
2014-03-10 02:52 - 2014-03-05 17:26 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\UpdateServ
2014-03-10 01:05 - 2014-03-10 01:05 - 00000959 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 01:04 - 2014-03-10 01:04 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Emi\Desktop\mbam-setup.exe
2014-03-10 00:45 - 2014-03-10 00:45 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Emi\Desktop\iexplore.com
2014-03-10 00:36 - 2014-03-10 00:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Emi\Desktop\rkill.com
2014-03-08 17:56 - 2014-03-05 17:06 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\BitTorrent
2014-03-08 17:48 - 2012-01-22 15:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000Core.job
2014-03-08 15:48 - 2008-11-12 19:46 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Canon
2014-03-08 02:38 - 2008-11-10 14:48 - 00060928 _____ () C:\Users\Emi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-07 02:58 - 2014-03-06 13:32 - 00000000 ____D () C:\Users\Emi\Downloads\movies
2014-03-06 21:31 - 2010-10-12 11:54 - 00000000 ____D () C:\Users\Emi\dwhelper
2014-03-06 21:20 - 2013-06-02 13:38 - 00000000 ____D () C:\Users\Emi\Documents\Clay_docs
2014-03-06 20:34 - 2008-11-11 12:32 - 00000000 ____D () C:\Users\Tazz
2014-03-06 20:26 - 2008-12-05 17:37 - 00000000 ____D () C:\Projects
2014-03-06 19:42 - 2013-11-25 00:44 - 00000000 ____D () C:\Users\Emi\Documents\Emi_demoReel_material
2014-03-06 19:33 - 2010-04-03 19:49 - 00000000 ____D () C:\Users\Emi\Documents\DigitalTutors
2014-03-06 14:45 - 2010-02-21 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 14:44 - 2010-02-21 20:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 14:35 - 2011-04-24 22:57 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\MP3Rocket
2014-03-06 14:34 - 2011-04-24 22:58 - 00000000 ____D () C:\Users\Emi\Incomplete
2014-03-06 13:52 - 2014-02-26 17:32 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-06 13:52 - 2014-02-26 17:32 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-06 13:52 - 2014-02-26 17:32 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2014-03-06 01:34 - 2014-03-06 01:34 - 00000000 _____ () C:\END
2014-03-06 01:33 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\Resources
2014-03-06 01:32 - 2014-03-06 01:32 - 00772528 _____ () C:\Users\Emi\Downloads\uplayermediaplayer-setup.exe
2014-03-05 17:40 - 2014-03-05 17:40 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-05 17:40 - 2014-03-05 17:26 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-03-05 17:35 - 2014-03-05 17:35 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-05 17:35 - 2014-03-05 17:34 - 00000378 _____ () C:\Windows\Tasks\APSnotifierCA.job
2014-03-05 17:34 - 2014-03-05 17:34 - 00003162 _____ () C:\Windows\System32\Tasks\APSnotifierCA
2014-03-05 17:32 - 2014-03-05 17:33 - 01122960 _____ (AnyProtect.com) C:\Users\Emi\AppData\Local\nssB18A.tmp
2014-03-05 17:32 - 2014-03-05 17:31 - 00002818 _____ () C:\Windows\System32\Tasks\istcleaner Task
2014-03-05 17:32 - 2014-03-05 17:31 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\istcleaner
2014-03-05 17:31 - 2014-03-05 17:31 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-05 17:18 - 2014-03-05 17:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\OpenCandy
2014-03-05 17:06 - 2014-03-05 17:06 - 01853528 _____ (BitTorrent Inc.) C:\Users\Emi\Downloads\BitTorrent.exe
2014-03-04 17:22 - 2014-03-04 14:56 - 00000000 ____D () C:\Users\Emi\AppData\Local\AVG Secure Search
2014-03-04 14:56 - 2014-03-04 14:55 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-04 14:56 - 2014-03-04 14:55 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-04 14:55 - 2013-06-16 14:36 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-26 23:58 - 2014-02-17 17:25 - 00751766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-02-26 17:48 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avanquest
2014-02-20 18:12 - 2012-06-24 15:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 18:12 - 2012-06-24 15:18 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 18:12 - 2011-09-03 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 20:09 - 2013-01-31 01:34 - 00000864 _____ () C:\Users\Emi\Desktop\TagScanner.lnk
2014-02-19 20:09 - 2013-01-31 01:34 - 00000000 ____D () C:\Program Files (x86)\TagScanner
2014-02-19 20:08 - 2014-02-19 20:08 - 01898284 _____ (Sergey Serkov ) C:\Users\Emi\Downloads\tagscan5.1.647setup.exe
2014-02-18 00:57 - 2014-02-17 22:18 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple Computer
2014-02-18 00:46 - 2014-02-18 00:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 22:18 - 2014-02-17 22:18 - 00001705 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 22:17 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 22:17 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 22:16 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 22:16 - 2008-11-10 15:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 22:15 - 2014-02-17 22:15 - 00001865 _____ () C:\Users\Emi\Desktop\Fix-It Utilities Professional (2).lnk
2014-02-17 22:15 - 2014-02-17 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 22:13 - 2008-11-09 19:53 - 00000000 ____D () C:\Users\Emi
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 22:10 - 2008-11-10 15:02 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 22:08 - 2014-02-17 22:07 - 148896080 _____ (Apple Inc.) C:\Users\Emi\Downloads\iTunes64Setup.exe
2014-02-17 21:40 - 2014-02-17 21:40 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\SampleView
2014-02-17 20:21 - 2014-02-17 20:21 - 00000000 _RSHD () C:\_Backup.RC
2014-02-17 20:20 - 2014-02-17 20:18 - 00000000 ____D () C:\ProgramData\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2014-02-17 20:18 - 2008-07-05 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 20:16 - 2014-02-17 20:16 - 00428338 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI37F3.txt
2014-02-17 20:16 - 2014-02-17 20:16 - 00018522 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI37F3.txt
2014-02-17 20:16 - 2014-02-17 20:15 - 00432560 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI3756.txt
2014-02-17 20:16 - 2014-02-17 20:15 - 00018474 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI3756.txt
2014-02-17 20:03 - 2013-06-16 14:32 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-17 19:47 - 2014-02-17 19:44 - 73332576 _____ (Avanquest) C:\Users\Emi\Downloads\Fix-It_Professional_ENU_signed.exe
2014-02-17 19:36 - 2011-07-25 19:01 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-02-17 19:25 - 2014-02-17 18:50 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-17 19:22 - 2014-02-17 19:10 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-17 19:21 - 2014-02-17 19:10 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\systweak
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\ParetoLogic
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\DriverCure
2014-02-17 18:04 - 2011-09-17 19:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-17 17:46 - 2014-02-17 17:46 - 00000000 ____D () C:\Users\Emi\AppData\Local\Macromedia
2014-02-17 16:39 - 2013-12-21 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 16:25 - 2008-07-05 18:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 15:29 - 2012-05-28 00:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 18:56 - 2010-09-28 00:15 - 00000000 ____D () C:\Users\Emi\AppData\Local\Google
2014-02-16 17:41 - 2014-02-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:37 - 2014-02-14 22:37 - 00000911 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-14 12:24 - 2014-02-14 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG
2014-02-14 12:24 - 2014-02-14 11:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-02-14 12:20 - 2010-09-28 00:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 12:20 - 2010-09-28 00:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 11:59 - 2014-02-14 11:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2013
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2013
2014-02-14 11:56 - 2014-02-14 11:56 - 00093168 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 11:56 - 2014-02-14 11:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Panasonic
2014-02-14 11:55 - 2014-02-14 11:55 - 00000990 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000985 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000960 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-02-14 11:55 - 2014-02-14 11:54 - 00000926 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-14 11:55 - 2014-02-14 11:52 - 00000000 ____D () C:\Users\Guest
2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WTablet
2014-02-14 11:52 - 2014-02-14 11:52 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-02-12 17:43 - 2012-01-22 15:28 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000UA
2014-02-12 17:43 - 2012-01-22 15:28 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000Core
2014-02-11 19:53 - 2014-02-11 19:33 - 00000000 ____D () C:\Users\Emi\Documents\TVshows from Danie
2014-02-10 12:35 - 2011-07-25 19:24 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
 
Files to move or delete:
====================
C:\Users\Emi\key.dat
C:\Users\Emi\key_caps.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 00:50
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Emi at 2014-03-11 01:35:07
Running from C:\Users\Emi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 2.1 64-bit (HKLM\...\{ABEA8057-9ECE-4B37-8EA4-D859BBB8A905}) (Version: 2.1 - Adobe)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Autodesk 3ds Max Design 2009 64-bit (HKLM\...\{EC2280DF-BBAF-0409-9359-BCCD15545FFB}) (Version: 11.0 - Autodesk)
Autodesk DirectConnect 2009 (64-bit) (HKLM\...\{EC4EBC45-30AF-4F3C-B2B5-2FAF3FF9A1D1}) (Version: 3.0.2758.0 - Autodesk)
Autodesk Maya 2011 64-bit (HKLM\...\{887CB4A1-5DB4-4924-A2C6-CDCB72376CC7}) (Version: 13.00.0000 - Autodesk)
Autopano Pro (HKLM\...\Autopano Pro) (Version: V1.4.2 - Kolor)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3462 - AVG Technologies)
AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
DragToDisc64Install (Version: 1.00.0000 - Roxio, Inc.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
FBX Plugin 2009.0 for Max 2009 64 (HKLM\...\FBX Plugin 2009.0 for Max 2009 64) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mari 1.3v2 (HKLM\...\Mari 1.3v2_is1) (Version:  - The Foundry)
Maya 2009 (64-bit) (HKLM\...\{227B4E66-B95F-46B8-8E86-740D5CBFC65C}) (Version: 10.00.0000 - Autodesk)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PamFax (novaPDF Server OEM 6.3  printer) (HKLM\...\PamFax_is1) (Version:  - Softland)
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Rapport (Version: 3.5.1205.18 - Trusteer) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version:  - )
Touro Cloud Backup 2.0.5 (HKLM\...\Touro Cloud Backup) (Version: 2.0.5 - Touro Cloud Backup)
VC80_CRT_x86_x64 (HKLM\...\{5B07B750-0477-4EC6-92ED-885D76AA96F9}) (Version: 1.0.0 - kolor)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)
Windows Driver Package - Neato Robotics, Inc. (usbser64) Ports  (08/08/2009 1.0.0.0) (HKLM\...\02AF1A75FA8A484C4B36225C5CE9770ECD2C3F04) (Version: 08/08/2009 1.0.0.0 - Neato Robotics, Inc.)
 
==================== Restore Points  =========================
 
17-02-2014 00:12:59 Scheduled Checkpoint
17-02-2014 21:08:22 Scheduled Checkpoint
17-02-2014 22:01:16 Removed iTunes
17-02-2014 22:07:16 Removed Apple Software Update
17-02-2014 22:12:12 Removed Apple Mobile Device Support
17-02-2014 22:15:10 Removed Apple Mobile Device Support
17-02-2014 22:16:55 Removed Apple Mobile Device Support
17-02-2014 22:17:15 Removed Apple Mobile Device Support
17-02-2014 22:18:56 Removed Bonjour
17-02-2014 22:20:01 Removed Apple Application Support
17-02-2014 22:54:35 Removed Apple Mobile Device Support
17-02-2014 23:02:52 Windows Update
18-02-2014 00:12:52 Windows Update
18-02-2014 00:58:53 Removed QuickTime
18-02-2014 02:15:12 RegClean Pro Mon, Feb 17, 14  18:15
18-02-2014 03:01:18 Removed AVG PC TuneUp
18-02-2014 03:03:18 Removed AVG PC TuneUp Language Pack (en-US)
18-02-2014 03:19:42 Device Driver Package Install: UVNC BVBA Display adapters
18-02-2014 05:11:46 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
18-02-2014 05:12:49 Device Driver Package Install: Apple Network adapters
18-02-2014 05:15:23 Installed iTunes
19-02-2014 00:00:31 Scheduled Checkpoint
20-02-2014 04:35:33 Scheduled Checkpoint
21-02-2014 01:45:03 Scheduled Checkpoint
22-02-2014 02:11:59 Installed Rapport
22-02-2014 23:42:10 Installed Rapport
24-02-2014 08:00:00 Scheduled Checkpoint
25-02-2014 22:39:22 Scheduled Checkpoint
27-02-2014 06:52:32 Windows Update
28-02-2014 04:46:14 Scheduled Checkpoint
28-02-2014 19:01:42 Scheduled Checkpoint
01-03-2014 22:37:20 Scheduled Checkpoint
03-03-2014 23:38:10 Scheduled Checkpoint
06-03-2014 21:02:40 Removed Directory Opus
06-03-2014 21:42:57 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 05:34 - 2010-04-04 22:16 - 00000797 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       activate.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {08003355-11F5-437A-ABCF-F527EE0043F7} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1695DFB5-40D7-4BC0-BE11-9EE9543C425C} - System32\Tasks\istcleaner Task => C:\Users\Emi\AppData\Roaming\UpdateServ\ISTCleaner.exe [2014-01-10] (istcleaner.com)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {236EDD1A-551C-45BF-B42F-CDD57A7D37C4} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3505AFD5-BFA2-49CD-B8C4-E72E1781E8DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
Task: {56001CB0-E015-4696-9F9C-E8E4A83A5844} - System32\Tasks\Sun Microsystems online update program => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11] (Sun Microsystems, Inc.)
Task: {58CAFE24-D37F-4ED7-9CD3-DDD138D24908} - System32\Tasks\RunAsStdUser Task => C:\Program Files\GPSoftware\Directory Opus\dopus.exe <==== ATTENTION
Task: {5963CD02-6D36-4C75-9D9A-FF650DF76FA3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5BE8FA63-4C50-4EC5-9053-A5F325E860D0} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {684973C3-31B2-4986-BD9E-6E8510E7C847} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {79962CC3-2453-4CEA-AEDE-B71877C71AE8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000Core => C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22] (Google Inc.)
Task: {7AF0BC5F-6557-4B6D-80EF-E7C66EFC90DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000UA => C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {89DD352E-F994-4828-8CAC-46BB86F7763F} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {93D09DFA-E86A-4137-86B7-211102CCE6A8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9C9D5B95-0A86-4D60-A354-465CB9567EE5} - System32\Tasks\{67A7DF92-E02E-41F1-BBAF-65698C22A5FF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {CA60928D-E642-4F89-A072-68AE493E56DF} - System32\Tasks\Google Updater and Installer => C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-22] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EF623487-EB7B-4994-8366-F87ACAF7B8AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000Core.job => C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000UA.job => C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\istcleaner Task.job => C:\Users\Emi\AppData\Roaming\UpdateServ\ISTCleaner.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-05 17:40 - 2014-03-05 17:40 - 00368960 _____ () C:\ProgramData\MediaDev\1394066413\mediadev.exe
2008-03-10 01:08 - 2008-03-10 01:08 - 00065536 _____ () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
2011-10-17 10:29 - 2011-06-06 14:23 - 01183096 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-10-18 10:44 - 2012-10-18 10:44 - 03671176 _____ () C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
2014-03-04 14:55 - 2014-03-04 14:55 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
2008-07-05 17:54 - 2008-05-30 10:50 - 00581120 _____ () C:\Windows\MHotKey.exe
2008-11-14 23:54 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2012-10-18 10:41 - 2012-10-18 10:41 - 01324544 _____ () C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
2008-11-14 23:54 - 2006-09-19 17:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2014-03-04 14:55 - 2014-03-04 14:56 - 02552856 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2012-05-03 23:30 - 2014-02-04 12:49 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-02-17 20:18 - 2013-08-27 17:06 - 00450048 ____N () C:\Program Files (x86)\Avanquest\Fix-It\sqlite3.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00098304 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axutil.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00303616 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_engine.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00114688 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axiom.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00016384 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_parser.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00033792 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\guththila.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00080384 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\neethi.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00046592 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_http_sender.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00012288 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_http_receiver.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00021504 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\modules\addressing\axis2_mod_addr.dll
2014-02-17 20:18 - 2012-10-30 18:18 - 00007680 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\modules\logging\axis2_mod_log.dll
2011-03-31 05:55 - 2011-03-31 05:55 - 00530432 _____ () C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLock3_5Net_3dio.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2006-01-20 01:32 - 2006-01-20 01:32 - 04448256 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\ROXIPP4.dll
2014-02-17 20:18 - 2013-12-13 12:28 - 00014336 ____N () C:\Program Files (x86)\Avanquest\Fix-It\RDClient.dll
2014-02-17 20:18 - 2013-12-13 12:28 - 00037888 ____N () C:\Program Files (x86)\Avanquest\Fix-It\CommonUtils.dll
2014-02-17 20:18 - 2013-12-13 12:28 - 00825856 ____N () C:\Program Files (x86)\Avanquest\Fix-It\SslUtils.dll
2014-02-17 20:18 - 2010-04-16 15:52 - 00038400 ____N () C:\Program Files (x86)\Avanquest\Fix-It\DiskDefragCpp.dll
2014-02-17 20:18 - 2010-04-16 15:52 - 00344576 ____N () C:\Program Files (x86)\Avanquest\Fix-It\madExcept_.bpl
2014-02-17 20:18 - 2010-04-16 15:52 - 00178688 ____N () C:\Program Files (x86)\Avanquest\Fix-It\madBasic_.bpl
2014-02-17 20:18 - 2010-04-16 15:52 - 00045056 ____N () C:\Program Files (x86)\Avanquest\Fix-It\madDisAsm_.bpl
2014-03-04 14:55 - 2014-03-04 14:55 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-10-11 06:13 - 2012-10-11 06:13 - 00897536 _____ () C:\Program Files\Touro Cloud Backup\NativeControls7.dll
2012-10-18 10:41 - 2012-10-18 10:41 - 01484288 _____ () C:\Program Files\Touro Cloud Backup\OnlineBackupFacade.dll
2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\Emi\AppData\Roaming\Dropbox\bin\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Program Files\Rendition_1.0.458_x64:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\doors:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\esc_projects:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\GetFLV Pro 9.0.5.1:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\Gnomon:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\HA:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\IST-1.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Desktop\IST-2.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\3dsmax:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Adlm:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\ADOBE_CS4_MASTER_COLLECTON_MULTILANGUAGE_KEYGEN_WIN_OSX-XFORCE:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Alcohol 120%:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\All_Tutorials_51:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Amazon MP3 Uploader:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Camtasia Studio:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Clay_docs:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\DealRunner:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\DigitalTutors:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\eBooks_PDFs:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Emi_demoReel_material:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Fonts:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\iBooks:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Mari:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\MobuScenes:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Mudbox:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\My ISO Files:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\My PageManager:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\Pimsleur Language Programs:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\SightSpeed Recordings:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\SnagIt:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\SpeedSpanish1:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\SpeedSpanish2:Roxio EMC Stream
AlternateDataStreams: C:\Users\Emi\Documents\TVshows from Danie:Roxio EMC Stream
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk => C:\Windows\pss\BigFix.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Emi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Emi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
MSCONFIG\startupreg: PlantSenseSysAgent => "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/11/2014 00:16:29 AM) (Source: Perflib) (User: )
Description: PolicyAgent4
 
Error: (03/11/2014 00:16:29 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (03/11/2014 00:16:27 AM) (Source: Perflib) (User: )
Description: EmdCache4
 
Error: (03/11/2014 00:16:26 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
 
Error: (03/11/2014 00:16:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2014 11:01:37 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (03/10/2014 11:00:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2014 05:39:01 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (03/10/2014 05:38:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/10/2014 05:09:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/11/2014 00:20:12 AM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (03/11/2014 00:20:12 AM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer%%1053
 
Error: (03/11/2014 00:20:12 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Modules Installer
 
Error: (03/11/2014 00:17:24 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (03/11/2014 00:17:24 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (03/11/2014 00:16:03 AM) (Source: Service Control Manager) (User: )
Description: 30000RoxMediaDB
 
Error: (03/11/2014 00:16:03 AM) (Source: Service Control Manager) (User: )
Description: cdudf_xp
 
Error: (03/11/2014 00:16:03 AM) (Source: Service Control Manager) (User: )
Description: Hardlock%%577
 
Error: (03/11/2014 00:16:03 AM) (Source: Service Control Manager) (User: )
Description: DS1410D%%2
 
Error: (03/11/2014 00:16:03 AM) (Source: Service Control Manager) (User: )
Description: Sentinel%%1275
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-03-11 01:34:53.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKE64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:52.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKE64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:52.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKE64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:52.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKE64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:21.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:21.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:20.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:20.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:20.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-11 01:34:19.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 69%
Total physical RAM: 4093.27 MB
Available physical RAM: 1258 MB
Total Pagefile: 8395.79 MB
Available Pagefile: 5310.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (Partition_1) (Fixed) (Total:580.61 GB) (Free:188.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:15.56 GB) (Free:8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 11 March 2014 - 04:50 AM

Great. Let's remove it now.
How is it going after the following steps? What problems still persist?


Step 1

Please download this attached Attached File  fixlist.txt   2.83KB   46 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 D'Inky

D'Inky
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 12 March 2014 - 04:36 AM

Hi!

I have completed the step 1-3 and IST cleaner is gone!! 

My PC also seems to be running faster as well. 

Thank you so much for your help.

Only thing makes me wonder is Firefox's behavior. When I click something, it turns black quite often and takes time to finally goes to the destination page. Also, I still can't sign in to beeping computer forum from it. With Chrome I have no problem with sign in.

 

Anyway, below are the files you have requested.

 

Thank you!

------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Emi at 2014-03-11 17:29:33 Run:1
Running from C:\Users\Emi\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\ProgramData\MediaDev\1394066413\mediadev.exe
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\conduit.xml
FF Extension: We-Care App - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\wecarereminder@bryan [2013-12-12]
R2 MediaDevSrv; C:\ProgramData\MediaDev\1394066413\mediadev.exe [368960 2014-03-05] ()
R2 WinDevSrv; C:\Users\Emi\AppData\Roaming\UpdateServ\UpdaterService.exe [368960 2014-02-28] (Media Corporation)
2014-03-05 17:40 - 2014-03-05 17:40 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-05 17:35 - 2014-03-05 17:35 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-05 17:34 - 2014-03-05 17:35 - 00000378 _____ () C:\Windows\Tasks\APSnotifierCA.job
2014-03-05 17:34 - 2014-03-05 17:34 - 00003162 _____ () C:\Windows\System32\Tasks\APSnotifierCA
2014-03-05 17:33 - 2014-03-05 17:32 - 01122960 _____ (AnyProtect.com) C:\Users\Emi\AppData\Local\nssB18A.tmp
2014-03-05 17:31 - 2014-03-11 00:17 - 00000396 _____ () C:\Windows\Tasks\istcleaner Task.job
2014-03-05 17:31 - 2014-03-05 17:32 - 00002818 _____ () C:\Windows\System32\Tasks\istcleaner Task
2014-03-05 17:31 - 2014-03-05 17:32 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\istcleaner
2014-03-05 17:31 - 2014-03-05 17:31 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-05 17:26 - 2014-03-10 02:52 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\UpdateServ
2014-03-05 17:26 - 2014-03-05 17:40 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-03-05 17:18 - 2014-03-05 17:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\OpenCandy
2014-02-17 19:10 - 2014-02-17 19:22 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-17 19:10 - 2014-02-17 19:21 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\systweak
2014-02-17 19:10 - 2014-01-21 18:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
Task: {1695DFB5-40D7-4BC0-BE11-9EE9543C425C} - System32\Tasks\istcleaner Task => C:\Users\Emi\AppData\Roaming\UpdateServ\ISTCleaner.exe [2014-01-10] (istcleaner.com)
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\istcleaner Task.job => C:\Users\Emi\AppData\Roaming\UpdateServ\ISTCleaner.exe
Task: {5BE8FA63-4C50-4EC5-9053-A5F325E860D0} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Reboot:
*****************
 
[3360] C:\ProgramData\MediaDev\1394066413\mediadev.exe => Process closed successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\conduit.xml => Moved successfully.
C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\wecarereminder@bryan => Moved successfully.
MediaDevSrv => Service deleted successfully.
WinDevSrv => Service stopped successfully.
WinDevSrv => Service deleted successfully.
C:\ProgramData\MediaDev => Moved successfully.
C:\ProgramData\UpdateTask => Moved successfully.
C:\Windows\Tasks\APSnotifierCA.job => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierCA => Moved successfully.
C:\Users\Emi\AppData\Local\nssB18A.tmp => Moved successfully.
C:\Windows\Tasks\istcleaner Task.job => Moved successfully.
C:\Windows\System32\Tasks\istcleaner Task => Moved successfully.
C:\Users\Emi\AppData\Roaming\istcleaner => Moved successfully.
C:\Program Files (x86)\ISTCleaner => Moved successfully.
C:\Users\Emi\AppData\Roaming\UpdateServ => Moved successfully.
C:\ProgramData\UpdateCommon => Moved successfully.
C:\Users\Emi\AppData\Roaming\OpenCandy => Moved successfully.
C:\Program Files (x86)\RegClean Pro => Moved successfully.
C:\Users\Emi\AppData\Roaming\systweak => Moved successfully.
C:\Windows\system32\roboot64.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1695DFB5-40D7-4BC0-BE11-9EE9543C425C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1695DFB5-40D7-4BC0-BE11-9EE9543C425C} => Key deleted successfully.
C:\Windows\System32\Tasks\istcleaner Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\istcleaner Task => Key deleted successfully.
C:\Windows\Tasks\APSnotifierCA.job not found.
C:\Windows\Tasks\istcleaner Task.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BE8FA63-4C50-4EC5-9053-A5F325E860D0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BE8FA63-4C50-4EC5-9053-A5F325E860D0} => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierCA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierCA => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b2dd166c65238e4786b64fa1a5886056
# engine=17406
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-12 05:24:30
# local_time=2014-03-11 10:24:30 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1045 16777213 100 88 0 80785454 0 0
# compatibility_mode=5892 16776574 100 95 128755778 231200576 0 0
# scanned=418076
# found=7
# cleaned=0
# scan_time=15749
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Downloads\ADOBE_CS4_MASTER_COLLECTON_MULTILANGUAGE_KEYGEN_WIN_OSX-XFORCE\disable_activation.cmd"
sh=5924FFAEADCA5F5E7E3A14DB070516BCC1BB3B2B ft=1 fh=8df632032f44f091 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Emi\AppData\Roaming\UpdateServ\flv.exe"
sh=3821070992A213BB1AC3F23985FBB779E2634F1B ft=1 fh=433dfdc413a52658 vn="Win32/AdWare.Linkular.AH application" ac=I fn="C:\FRST\Quarantine\C\Users\Emi\AppData\Roaming\UpdateServ\SaveClicker.exe"
sh=DF7723DC8E5DEBA31FB20836B351F952871DBCA8 ft=1 fh=2fc001d443b724c2 vn="probably a variant of Win32/Adware.Toolbar.Eztracks.A application" ac=I fn="C:\Program Files (x86)\Startup Monitor\include.exe"
sh=B90AAD8F0749B445B882D650D1C0B66A4122DA92 ft=1 fh=0cdc7fc4b065da36 vn="Win32/Distromatic.B potentially unwanted application" ac=I fn="C:\Users\Emi\AppData\Local\Temp\nse5E76.tmp\zplugins.dll"
sh=9DEF9E2A2B1C74C704A82B5413D7CEA69C57EF4F ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Emi\Documents\ADOBE_CS4_MASTER_COLLECTON_MULTILANGUAGE_KEYGEN_WIN_OSX-XFORCE\Crack\disable_activation.cmd"
sh=4C00369C4E2B79260723EC58A31B2C74A70939B1 ft=1 fh=53c2fb3d7a0a6159 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Emi\Downloads\mp3rocket.exe"
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Emi (administrator) on DINKY-PC on 12-03-2014 01:52:45
Running from C:\Users\Emi\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
(3d-io GmbH) C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe
(Avanquest Software North America) C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
() C:\Windows\MHotKey.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Creative) C:\Windows\CNYHKey.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Dropbox, Inc.) C:\Users\Emi\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Chicony) C:\Windows\ModLedKey.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-04-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2008-04-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Dopus TR] - C:\Program Files\GPSoftware\Directory Opus\DopusTR.exe
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2552856 2014-03-04] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [PlantSenseSysAgent] - "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [Google Update] - C:\Users\Emi\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-22] (Google Inc.)
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [Touro Cloud Backup] - C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe [1324544 2012-10-18] ()
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\MountPoints2: {04072e6f-aed1-11dd-85f5-001fe23b3876} - L:\LaunchU3.exe -a
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\MountPoints2: {418535a6-aefb-11dd-984b-001fe23b3876} - V:\Autorun.exe
HKU\S-1-5-21-209272363-2446646531-3981651877-1000\...\MountPoints2: {c8674e27-d54c-11df-9044-001fe23b3876} - L:\LaunchU3.exe -a
HKU\S-1-5-21-209272363-2446646531-3981651877-1001\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [155456 2013-12-15] ()
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL => C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~3.DLL [138048 2013-12-15] ()
Startup: C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Emi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX4710-UB802A
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {96AA78CD-44F5-4449-887C-AED55FEEA0F4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll (Amazon Inc.)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
BHO-x32: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.147.1
 
FireFox:
========
FF ProfilePath: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default
FF user.js: detected! => C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\user.js
FF SearchEngineOrder.1: Amazon 
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Emi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Emi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\searchplugins\yahoo_ff.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-28]
FF Extension: DownloadHelper - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-26]
FF Extension: Amazon 1Button App for Firefox - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\abb@amazon.com.xpi [2014-01-31]
FF Extension: Download Statusbar - C:\Users\Emi\AppData\Roaming\Mozilla\Firefox\Profiles\dpnlxyy1.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2011-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://search.yahoo.com/?type=586383&fr=spigot-yhp-ch
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Users\Emi\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Emi\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Emi\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Emi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-bds-amzn.crx [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-31]
 
==================== Services (Whitelisted) =================
 
R2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249192 2013-12-13] (Avanquest Software)
R2 3d-io License Server v2.0; C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [34816 2011-03-31] (3d-io GmbH)
R2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-12-13] (Avanquest Software)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2008-12-20] (Autodesk)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2013-12-13] (Avanquest Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 mi-raysat_3dsMax2009_64; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-10] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-02-10] (Trusteer Ltd.)
S2 RoxLiveShare; C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [233472 2006-01-20] (Sonic Solutions)
R3 RoxMediaDB; C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [864256 2006-01-20] (Sonic Solutions)
R2 RoxWatch; C:\Program Files (x86)\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [155648 2006-01-20] (Sonic Solutions)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R2 Touro Cloud Backup Crawler; C:\Program Files\Touro Cloud Backup\Touro Cloud BackupCrawler.exe [3671176 2012-10-18] ()
R2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [133504 2013-12-13] (Avanquest Software North America)
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-04] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [81096 2007-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [81096 2007-02-15] (SlySoft, Inc.)
R3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21584 2013-12-13] ()
R3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD64.sys [432256 2007-04-10] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-04] (AVG Technologies)
S1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [344064 2005-10-22] (Sonic Solutions)
S3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [33792 2005-10-22] (Sonic Solutions)
S2 Hardlock; C:\Windows\SysWOW64\drivers\hardlock.sys [453632 2008-11-23] (Aladdin Knowledge Systems)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [32768 2005-10-22] (Sonic Solutions)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2013-10-24] (UVNC BVBA)
S1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [128512 2005-10-22] (Sonic Solutions)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-02-10] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-02-10] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-02-10] (Trusteer Ltd.)
S3 Sntnlusb; C:\Windows\SysWOW64\DRIVERS\SNTNLUSB.SYS [20032 2001-06-21] (Rainbow Technologies Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [860656 2008-11-10] ()
S3 Spyder2; C:\Windows\System32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2007-12-12] ()
S3 usbser64; C:\Windows\System32\DRIVERS\usbser.sys [32768 2013-08-29] (Microsoft Corporation)
U3 aq9x4nih; C:\Windows\System32\Drivers\aq9x4nih.sys [0 ] (Microsoft Corporation)
S2 DS1410D; \??\C:\Windows\system32\drivers\ds1410d.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 Sentinel; \SystemRoot\System32\Drivers\SENTINEL.SYS [X]
S3 WacomVKHid; system32\DRIVERS\WacomVKHid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-12 01:52 - 2014-03-12 01:52 - 00029232 _____ () C:\Users\Emi\Desktop\FRST.txt
2014-03-11 17:53 - 2014-03-11 17:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 17:40 - 2014-03-11 17:42 - 02347384 _____ (ESET) C:\Users\Emi\Desktop\esetsmartinstaller_enu.exe
2014-03-11 01:35 - 2014-03-11 01:36 - 00029624 _____ () C:\Users\Emi\Desktop\Addition.txt
2014-03-11 01:33 - 2014-03-12 01:52 - 00000000 ____D () C:\FRST
2014-03-11 01:33 - 2014-03-11 01:36 - 00062492 _____ () C:\Users\Emi\Desktop\FRST_old.txt
2014-03-11 01:29 - 2014-03-11 01:30 - 02157056 _____ (Farbar) C:\Users\Emi\Desktop\FRST64.exe
2014-03-11 00:31 - 2014-03-11 00:31 - 00001401 _____ () C:\Users\Emi\Desktop\Notepad - Shortcut.lnk
2014-03-10 23:21 - 2014-03-10 23:21 - 00003344 _____ () C:\Users\Emi\Desktop\attach.txt
2014-03-10 23:21 - 2014-03-10 23:19 - 00019951 _____ () C:\Users\Emi\Desktop\dds.txt
2014-03-10 23:17 - 2014-03-11 00:52 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-10 23:17 - 2014-03-10 23:17 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-10 23:13 - 2014-03-10 23:13 - 00688992 ____R (Swearware) C:\Users\Emi\Desktop\dds.com
2014-03-10 17:55 - 2014-03-10 17:55 - 25640672 _____ (Microsoft Corporation) C:\Users\Emi\Desktop\Windows-KB890830-x64-V5.9.exe
2014-03-10 01:05 - 2014-03-10 01:05 - 00000959 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 01:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-10 01:04 - 2014-03-10 01:04 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Emi\Desktop\mbam-setup.exe
2014-03-10 00:45 - 2014-03-10 00:45 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Emi\Desktop\iexplore.com
2014-03-10 00:36 - 2014-03-10 00:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Emi\Desktop\rkill.com
2014-03-06 13:32 - 2014-03-07 02:58 - 00000000 ____D () C:\Users\Emi\Downloads\movies
2014-03-06 01:34 - 2014-03-06 01:34 - 00000000 _____ () C:\END
2014-03-06 01:32 - 2014-03-06 01:32 - 00772528 _____ () C:\Users\Emi\Downloads\uplayermediaplayer-setup.exe
2014-03-05 17:18 - 2013-11-13 20:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-03-05 17:06 - 2014-03-08 17:56 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\BitTorrent
2014-03-05 17:06 - 2014-03-05 17:06 - 01853528 _____ (BitTorrent Inc.) C:\Users\Emi\Downloads\BitTorrent.exe
2014-03-04 14:56 - 2014-03-04 17:22 - 00000000 ____D () C:\Users\Emi\AppData\Local\AVG Secure Search
2014-03-04 14:55 - 2014-03-04 14:56 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-04 14:55 - 2014-03-04 14:56 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-02-26 17:48 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avanquest
2014-02-26 17:32 - 2014-03-06 13:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-26 17:32 - 2014-03-06 13:52 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-26 17:32 - 2014-03-06 13:52 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2014-02-26 17:32 - 2013-12-21 21:17 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-02-26 17:32 - 2013-06-30 09:12 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2014-02-26 17:32 - 2011-10-01 23:54 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Trusteer
2014-02-26 17:32 - 2011-08-28 14:09 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Trusteer
2014-02-26 17:32 - 2011-07-25 23:18 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-02-19 20:08 - 2014-02-19 20:08 - 01898284 _____ (Sergey Serkov ) C:\Users\Emi\Downloads\tagscan5.1.647setup.exe
2014-02-18 00:45 - 2014-02-18 00:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 22:18 - 2014-02-18 00:57 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple Computer
2014-02-17 22:18 - 2014-02-17 22:18 - 00001705 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 22:16 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 22:16 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 22:16 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 22:15 - 2014-02-17 22:15 - 00001865 _____ () C:\Users\Emi\Desktop\Fix-It Utilities Professional (2).lnk
2014-02-17 22:15 - 2014-02-17 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 22:07 - 2014-02-17 22:08 - 148896080 _____ (Apple Inc.) C:\Users\Emi\Downloads\iTunes64Setup.exe
2014-02-17 21:40 - 2014-02-17 21:40 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\SampleView
2014-02-17 20:21 - 2014-02-17 20:21 - 00000000 _RSHD () C:\_Backup.RC
2014-02-17 20:19 - 2013-12-13 12:31 - 00021584 ____N () C:\Windows\system32\Drivers\AQFileRestore.sys
2014-02-17 20:19 - 2012-02-09 13:58 - 00035000 _____ () C:\Windows\system32\mxntdfg.exe
2014-02-17 20:18 - 2014-02-17 20:20 - 00000000 ____D () C:\ProgramData\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2014-02-17 20:18 - 2013-10-24 15:03 - 00027240 _____ (UVNC BVBA) C:\Windows\system32\mv2.dll
2014-02-17 20:18 - 2013-10-24 15:03 - 00012904 _____ (UVNC BVBA) C:\Windows\system32\Drivers\mv2.sys
2014-02-17 20:16 - 2014-02-17 20:16 - 00428338 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI37F3.txt
2014-02-17 20:16 - 2014-02-17 20:16 - 00018522 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI37F3.txt
2014-02-17 20:15 - 2014-02-17 20:16 - 00432560 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI3756.txt
2014-02-17 20:15 - 2014-02-17 20:16 - 00018474 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI3756.txt
2014-02-17 20:12 - 2014-03-12 01:48 - 00000000 ____D () C:\_Backup
2014-02-17 19:44 - 2014-02-17 19:47 - 73332576 _____ (Avanquest) C:\Users\Emi\Downloads\Fix-It_Professional_ENU_signed.exe
2014-02-17 19:26 - 2014-03-10 17:19 - 00000000 ____D () C:\Users\Emi\AppData\Local\Adobe
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\ParetoLogic
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\DriverCure
2014-02-17 18:50 - 2014-02-17 19:25 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-17 17:46 - 2014-02-17 17:46 - 00000000 ____D () C:\Users\Emi\AppData\Local\Macromedia
2014-02-17 17:25 - 2014-02-26 23:58 - 00751766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-17 16:28 - 2014-02-05 02:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-17 16:28 - 2014-02-05 02:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-17 16:28 - 2014-02-05 02:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-17 16:28 - 2014-02-05 02:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-17 16:28 - 2014-02-05 02:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-17 16:28 - 2014-02-05 02:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-17 16:28 - 2014-02-05 01:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-17 16:28 - 2014-02-05 01:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-17 16:28 - 2014-02-05 01:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 16:28 - 2014-02-05 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-17 16:28 - 2014-02-05 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-17 16:28 - 2014-02-05 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-17 16:28 - 2014-02-05 01:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-17 16:27 - 2014-02-05 03:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-17 16:27 - 2014-02-05 03:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-17 16:27 - 2014-02-05 03:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-17 16:27 - 2014-02-05 02:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-17 16:27 - 2014-02-05 02:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-17 16:27 - 2014-02-05 02:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-17 16:27 - 2014-02-05 02:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-17 16:27 - 2014-02-05 02:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-17 16:27 - 2014-02-05 02:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-17 16:27 - 2014-02-05 02:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-17 16:27 - 2014-02-05 01:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-17 16:27 - 2014-02-05 01:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-17 16:27 - 2014-02-05 01:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-17 16:27 - 2014-02-05 01:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-17 16:27 - 2014-02-05 01:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-17 16:27 - 2014-02-05 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-17 16:27 - 2014-02-05 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-17 16:27 - 2014-02-05 01:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-17 16:27 - 2014-02-05 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-17 16:02 - 2013-12-04 21:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 16:02 - 2013-12-04 19:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-16 17:41 - 2014-02-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:37 - 2014-02-14 22:37 - 00000911 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-14 12:24 - 2014-02-14 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG
2014-02-14 11:59 - 2014-02-14 11:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2013
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2013
2014-02-14 11:56 - 2014-02-14 11:56 - 00093168 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 11:56 - 2014-02-14 11:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Panasonic
2014-02-14 11:55 - 2014-02-14 11:55 - 00000990 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000985 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000960 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-02-14 11:54 - 2014-02-14 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-02-14 11:54 - 2014-02-14 11:55 - 00000926 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WTablet
2014-02-14 11:52 - 2014-02-14 11:55 - 00000000 ____D () C:\Users\Guest
2014-02-14 11:52 - 2014-02-14 11:52 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-02-14 11:52 - 2013-12-21 21:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-02-14 11:52 - 2013-06-30 09:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\TuneUp Software
2014-02-14 11:52 - 2011-10-01 23:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Trusteer
2014-02-14 11:52 - 2011-08-28 14:09 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Trusteer
2014-02-14 11:52 - 2011-07-25 23:18 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-02-14 11:52 - 2008-07-05 18:00 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2014-02-14 11:52 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-14 11:52 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-11 19:33 - 2014-02-11 19:53 - 00000000 ____D () C:\Users\Emi\Documents\TVshows from Danie
 
==================== One Month Modified Files and Folders =======
 
2014-03-12 01:53 - 2014-03-12 01:52 - 00029232 _____ () C:\Users\Emi\Desktop\FRST.txt
2014-03-12 01:52 - 2014-03-11 01:33 - 00000000 ____D () C:\FRST
2014-03-12 01:48 - 2014-02-17 20:12 - 00000000 ____D () C:\_Backup
2014-03-12 01:48 - 2012-01-22 15:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000UA.job
2014-03-12 01:34 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 01:34 - 2006-11-02 08:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 01:25 - 2010-09-28 00:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 01:12 - 2012-06-24 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 18:33 - 2008-07-05 17:44 - 01106354 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 17:53 - 2014-03-11 17:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-11 17:44 - 2006-11-02 05:46 - 00758822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 17:42 - 2014-03-11 17:40 - 02347384 _____ (ESET) C:\Users\Emi\Desktop\esetsmartinstaller_enu.exe
2014-03-11 17:39 - 2011-09-10 23:13 - 00000000 ___RD () C:\Users\Emi\Dropbox
2014-03-11 17:39 - 2011-09-10 23:11 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Dropbox
2014-03-11 17:35 - 2010-09-28 00:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 17:34 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 17:33 - 2008-07-06 08:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 17:33 - 2008-01-20 20:26 - 00697232 _____ () C:\Windows\PFRO.log
2014-03-11 17:32 - 2006-11-02 08:42 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-11 17:20 - 2013-06-16 14:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-11 01:36 - 2014-03-11 01:35 - 00029624 _____ () C:\Users\Emi\Desktop\Addition.txt
2014-03-11 01:36 - 2014-03-11 01:33 - 00062492 _____ () C:\Users\Emi\Desktop\FRST_old.txt
2014-03-11 01:30 - 2014-03-11 01:29 - 02157056 _____ (Farbar) C:\Users\Emi\Desktop\FRST64.exe
2014-03-11 00:52 - 2014-03-10 23:17 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 00:31 - 2014-03-11 00:31 - 00001401 _____ () C:\Users\Emi\Desktop\Notepad - Shortcut.lnk
2014-03-10 23:21 - 2014-03-10 23:21 - 00003344 _____ () C:\Users\Emi\Desktop\attach.txt
2014-03-10 23:19 - 2014-03-10 23:21 - 00019951 _____ () C:\Users\Emi\Desktop\dds.txt
2014-03-10 23:17 - 2014-03-10 23:17 - 00000000 ___RD () C:\Users\Emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-10 23:13 - 2014-03-10 23:13 - 00688992 ____R (Swearware) C:\Users\Emi\Desktop\dds.com
2014-03-10 17:55 - 2014-03-10 17:55 - 25640672 _____ (Microsoft Corporation) C:\Users\Emi\Desktop\Windows-KB890830-x64-V5.9.exe
2014-03-10 17:19 - 2014-02-17 19:26 - 00000000 ____D () C:\Users\Emi\AppData\Local\Adobe
2014-03-10 01:05 - 2014-03-10 01:05 - 00000959 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 01:05 - 2014-03-10 01:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-10 01:04 - 2014-03-10 01:04 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Emi\Desktop\mbam-setup.exe
2014-03-10 00:45 - 2014-03-10 00:45 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Emi\Desktop\iexplore.com
2014-03-10 00:36 - 2014-03-10 00:36 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Emi\Desktop\rkill.com
2014-03-08 17:56 - 2014-03-05 17:06 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\BitTorrent
2014-03-08 17:48 - 2012-01-22 15:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000Core.job
2014-03-08 15:48 - 2008-11-12 19:46 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Canon
2014-03-08 02:38 - 2008-11-10 14:48 - 00060928 _____ () C:\Users\Emi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-07 02:58 - 2014-03-06 13:32 - 00000000 ____D () C:\Users\Emi\Downloads\movies
2014-03-06 21:31 - 2010-10-12 11:54 - 00000000 ____D () C:\Users\Emi\dwhelper
2014-03-06 21:20 - 2013-06-02 13:38 - 00000000 ____D () C:\Users\Emi\Documents\Clay_docs
2014-03-06 20:34 - 2008-11-11 12:32 - 00000000 ____D () C:\Users\Tazz
2014-03-06 20:26 - 2008-12-05 17:37 - 00000000 ____D () C:\Projects
2014-03-06 19:42 - 2013-11-25 00:44 - 00000000 ____D () C:\Users\Emi\Documents\Emi_demoReel_material
2014-03-06 19:33 - 2010-04-03 19:49 - 00000000 ____D () C:\Users\Emi\Documents\DigitalTutors
2014-03-06 14:45 - 2010-02-21 20:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-06 14:44 - 2010-02-21 20:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 14:35 - 2011-04-24 22:57 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\MP3Rocket
2014-03-06 14:34 - 2011-04-24 22:58 - 00000000 ____D () C:\Users\Emi\Incomplete
2014-03-06 13:52 - 2014-02-26 17:32 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-06 13:52 - 2014-02-26 17:32 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-06 13:52 - 2014-02-26 17:32 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
2014-03-06 01:34 - 2014-03-06 01:34 - 00000000 _____ () C:\END
2014-03-06 01:33 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\Resources
2014-03-06 01:32 - 2014-03-06 01:32 - 00772528 _____ () C:\Users\Emi\Downloads\uplayermediaplayer-setup.exe
2014-03-05 17:06 - 2014-03-05 17:06 - 01853528 _____ (BitTorrent Inc.) C:\Users\Emi\Downloads\BitTorrent.exe
2014-03-04 17:22 - 2014-03-04 14:56 - 00000000 ____D () C:\Users\Emi\AppData\Local\AVG Secure Search
2014-03-04 14:56 - 2014-03-04 14:55 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-04 14:56 - 2014-03-04 14:55 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-04 14:55 - 2013-06-16 14:36 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-26 23:58 - 2014-02-17 17:25 - 00751766 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-02-26 17:49 - 2014-02-26 17:49 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-02-26 17:48 - 2014-02-26 17:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avanquest
2014-02-20 18:12 - 2012-06-24 15:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 18:12 - 2012-06-24 15:18 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 18:12 - 2011-09-03 16:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 20:09 - 2013-01-31 01:34 - 00000864 _____ () C:\Users\Emi\Desktop\TagScanner.lnk
2014-02-19 20:09 - 2013-01-31 01:34 - 00000000 ____D () C:\Program Files (x86)\TagScanner
2014-02-19 20:08 - 2014-02-19 20:08 - 01898284 _____ (Sergey Serkov ) C:\Users\Emi\Downloads\tagscan5.1.647setup.exe
2014-02-18 00:57 - 2014-02-17 22:18 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple Computer
2014-02-18 00:46 - 2014-02-18 00:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-17 22:18 - 2014-02-17 22:18 - 00001705 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-17 22:17 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files\iTunes
2014-02-17 22:17 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-17 22:16 - 2014-02-17 22:16 - 00000000 ____D () C:\Program Files\iPod
2014-02-17 22:16 - 2008-11-10 15:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-17 22:15 - 2014-02-17 22:15 - 00001865 _____ () C:\Users\Emi\Desktop\Fix-It Utilities Professional (2).lnk
2014-02-17 22:15 - 2014-02-17 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Users\Emi\AppData\Local\Apple
2014-02-17 22:14 - 2014-02-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-02-17 22:13 - 2008-11-09 19:53 - 00000000 ____D () C:\Users\Emi
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-17 22:10 - 2014-02-17 22:10 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-17 22:10 - 2008-11-10 15:02 - 00000000 ____D () C:\ProgramData\Apple
2014-02-17 22:08 - 2014-02-17 22:07 - 148896080 _____ (Apple Inc.) C:\Users\Emi\Downloads\iTunes64Setup.exe
2014-02-17 21:40 - 2014-02-17 21:40 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\SampleView
2014-02-17 20:21 - 2014-02-17 20:21 - 00000000 _RSHD () C:\_Backup.RC
2014-02-17 20:20 - 2014-02-17 20:18 - 00000000 ____D () C:\ProgramData\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Public\Documents\Avanquest Software
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\Avanquest
2014-02-17 20:18 - 2014-02-17 20:18 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2014-02-17 20:18 - 2008-07-05 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 20:16 - 2014-02-17 20:16 - 00428338 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI37F3.txt
2014-02-17 20:16 - 2014-02-17 20:16 - 00018522 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI37F3.txt
2014-02-17 20:16 - 2014-02-17 20:15 - 00432560 _____ () C:\Users\Emi\AppData\Local\dd_vcredistMSI3756.txt
2014-02-17 20:16 - 2014-02-17 20:15 - 00018474 _____ () C:\Users\Emi\AppData\Local\dd_vcredistUI3756.txt
2014-02-17 20:03 - 2013-06-16 14:32 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-02-17 19:47 - 2014-02-17 19:44 - 73332576 _____ (Avanquest) C:\Users\Emi\Downloads\Fix-It_Professional_ENU_signed.exe
2014-02-17 19:36 - 2011-07-25 19:01 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-02-17 19:25 - 2014-02-17 18:50 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\ParetoLogic
2014-02-17 18:51 - 2014-02-17 18:51 - 00000000 ____D () C:\Users\Emi\AppData\Roaming\DriverCure
2014-02-17 18:04 - 2011-09-17 19:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-17 17:46 - 2014-02-17 17:46 - 00000000 ____D () C:\Users\Emi\AppData\Local\Macromedia
2014-02-17 16:39 - 2013-12-21 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 16:25 - 2008-07-05 18:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-17 15:29 - 2012-05-28 00:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 18:56 - 2010-09-28 00:15 - 00000000 ____D () C:\Users\Emi\AppData\Local\Google
2014-02-16 17:41 - 2014-02-16 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 22:37 - 2014-02-14 22:37 - 00000911 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-02-14 22:36 - 2014-02-14 22:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-02-14 12:24 - 2014-02-14 12:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG
2014-02-14 12:24 - 2014-02-14 11:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-02-14 12:20 - 2010-09-28 00:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 12:20 - 2010-09-28 00:19 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 11:59 - 2014-02-14 11:59 - 00000000 ____D () C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVG2013
2014-02-14 11:58 - 2014-02-14 11:58 - 00000000 ____D () C:\Users\Guest\AppData\Local\Avg2013
2014-02-14 11:56 - 2014-02-14 11:56 - 00093168 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-14 11:56 - 2014-02-14 11:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Panasonic
2014-02-14 11:55 - 2014-02-14 11:55 - 00000990 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000985 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000960 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-14 11:55 - 2014-02-14 11:55 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-02-14 11:55 - 2014-02-14 11:54 - 00000926 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-02-14 11:55 - 2014-02-14 11:52 - 00000000 ____D () C:\Users\Guest
2014-02-14 11:53 - 2014-02-14 11:53 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\WTablet
2014-02-14 11:52 - 2014-02-14 11:52 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-02-12 17:43 - 2012-01-22 15:28 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000UA
2014-02-12 17:43 - 2012-01-22 15:28 - 00003474 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-209272363-2446646531-3981651877-1000Core
2014-02-11 19:53 - 2014-02-11 19:33 - 00000000 ____D () C:\Users\Emi\Documents\TVshows from Danie
2014-02-10 12:35 - 2011-07-25 19:24 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
 
Files to move or delete:
====================
C:\Users\Emi\key.dat
C:\Users\Emi\key_caps.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 17:57
 
==================== End Of Log ============================
 


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 12 March 2014 - 04:52 AM

Hi,

concerning Firefox, it might be best to reset it: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems
But otherwise it's looking good. No more active malware has been found!


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#7 D'Inky

D'Inky
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 12 March 2014 - 11:43 PM

Thank you so much for all the help and your time! I hope my small donation will cheer up your weekend!



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 13 March 2014 - 02:58 AM

Thank you very much for your donation!
All the best.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 13 March 2014 - 02:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users