Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please analyse my logs after 0access trojan removal


  • This topic is locked This topic is locked
7 replies to this topic

#1 AsterNik

AsterNik

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 15 November 2013 - 05:26 PM

Hi experts,

 

I had recently removed trojan.0access with mbar. Now I have done several checks with various AV programs and tools (like ESET, etc...) and it seems that everything is ok. However, most of the advices found on internet state that FDISK+reinstall is the secure way to proceed even when zeroacces is removed.  I would like to resort to that solution only as last option. Computer is also used for online banking. Can you help me analyse the files, and let me know if there are still infections, hidden threats, backdoors? Otherwise, PC is working like a breeze, no slowdowns or unexpected errors... Thank you in advance for your time and help!

 

Nik

 

DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by NikDim at 21:20:42 on 2013-11-14
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2573 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP4-14953/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{AA163233-FB76-46E7-A286-29B31805DBCF} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-12 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2009-12-7 11520]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 349800]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-17 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2011-6-18 10880]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-12 39504]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-6-18 627744]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
.
=============== Created Last 60 ================
.
2013-11-14 19:47:07 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-14 19:47:04 -------- d-----w- C:\Users\NikDim\AppData\Local\temp
2013-11-14 15:55:09 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFFEB2B9-112A-4B7B-918B-114E1AA8C182}\mpengine.dll
2013-11-14 03:12:42 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5B0126-4438-4F2F-AE90-5ECE0FB53868}\gapaengine.dll
2013-11-14 03:12:38 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-14 03:07:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-14 03:07:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-14 03:05:29 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-11-14 03:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-11-14 03:04:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-11-14 03:01:18 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 03:01:18 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 03:01:18 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 03:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 03:01:18 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 03:01:18 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 09:42:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 09:41:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-11-13 09:41:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-11-13 02:01:50 98816 ----a-w- C:\Windows\sed.exe
2013-11-13 02:01:50 256000 ----a-w- C:\Windows\PEV.exe
2013-11-13 02:01:50 208896 ----a-w- C:\Windows\MBR.exe
2013-11-13 01:51:52 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-12 23:00:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-12 22:37:16 -------- d-----w- C:\AdwCleaner
2013-11-07 05:04:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2013-11-03 02:04:08 -------- d-----w- C:\Users\NikDim\AppData\Local\WarThunder
2013-11-03 02:04:08 -------- d-----w- C:\ProgramData\WarThunder
2013-10-29 23:57:30 -------- d-----w- C:\Users\NikDim\openvr
2013-10-21 03:02:10 -------- d-----w- C:\Users\NikDim\AppData\Local\Apps
2013-10-18 17:58:46 -------- d-----w- C:\ProgramData\Oracle
2013-10-18 17:58:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 19:52:21 -------- d-----w- C:\Users\NikDim\AppData\Local\Opera Software
2013-10-17 19:52:20 -------- d-----w- C:\Users\NikDim\AppData\Roaming\Opera Software
2013-10-17 19:52:17 -------- d-----w- C:\Program Files (x86)\Opera Next
2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root
2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework
2013-10-13 00:58:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6E90B08-DC8F-45FB-BEA3-D5AB3138D0D4}\mpengine.dll
2013-10-13 00:36:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-13 00:34:51 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-13 00:23:23 -------- d-----w- C:\Users\NikDim\AppData\Local\AMD
2013-10-13 00:22:50 -------- d-----w- C:\Users\NikDim\AppData\Local\ATI
2013-10-13 00:22:05 0 ----a-w- C:\Windows\ativpsrm.bin
2013-10-13 00:19:57 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-10-13 00:19:54 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-10-13 00:19:07 -------- d-----w- C:\ProgramData\AMD
2013-10-13 00:18:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-10-13 00:17:59 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-10-13 00:13:49 -------- d-----w- C:\ProgramData\Package Cache
2013-10-13 00:13:33 -------- d-----w- C:\Program Files\ATI
2013-10-13 00:08:56 -------- d-----w- C:\Program Files\ATI Technologies
2013-10-13 00:07:45 -------- d-----w- C:\AMD
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\smss.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\services.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-15 23:28:01 -------- d-----w- C:\Users\NikDim\AppData\Local\tmd2
.
==================== Find6M  ====================
.
2013-10-22 19:52:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-06 00:16:46 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-06 00:04:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-01 20:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-08-31 00:14:10 156712 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-08-31 00:14:10 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-08-31 00:14:00 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-08-31 00:14:00 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-08-31 00:13:58 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-08-31 00:13:58 114488 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-08-31 00:13:56 1233080 ----a-w- C:\Windows\System32\aticfx64.dll
2013-08-31 00:13:54 1027544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-08-31 00:13:50 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
2013-08-31 00:13:46 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-08-31 00:13:42 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-08-31 00:13:38 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-08-31 00:13:32 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-08-31 00:13:30 7256496 ----a-w- C:\Windows\System32\atiumd64.dll
2013-08-31 00:11:28 12528640 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-08-30 23:48:44 127488 ----a-w- C:\Windows\System32\coinst_13.152.dll
2013-08-30 23:48:04 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-08-30 23:47:46 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-08-30 23:47:40 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-08-30 23:47:36 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-08-30 23:47:30 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-08-30 23:47:14 28192256 ----a-w- C:\Windows\System32\amdocl64.dll
2013-08-30 23:45:04 23760896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-08-30 23:43:12 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-08-30 23:43:08 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-08-30 23:35:00 25387520 ----a-w- C:\Windows\System32\atio6axx.dll
2013-08-30 23:18:20 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-08-30 23:18:12 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-08-30 23:18:10 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-08-30 23:18:02 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-08-30 23:18:00 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-08-30 23:17:46 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-08-30 23:14:36 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-08-30 23:13:58 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-08-30 22:59:02 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-08-30 22:58:50 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-08-30 22:58:44 571904 ----a-w- C:\Windows\System32\atieclxx.exe
2013-08-30 22:57:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-08-30 22:56:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
.
============= FINISH: 21:21:01.01 ===============
 
FARBAR - frst.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by NikDim (administrator) on HPNIKTOP on 15-11-2013 20:23:10
Running from C:\downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe
() C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM-x32\...\Run: [HP VoodooDNA Mouse] - C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe [327680 2009-03-05] ()
HKLM-x32\...\Run: [WordWeb] - C:\Program Files (x86)\WordWeb\wweb32.exe [77056 2013-05-16] (WordWeb Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57512 2012-11-20] (Advanced Micro Devices)
R3 GamingMsFltr; C:\Windows\System32\drivers\gamingms.sys [11520 2009-12-07] (Primax Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-12] (GFI Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [627744 2010-04-09] (Realtek Semiconductor Corporation                           )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U4 bdselfpr; 
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\WNt500x64\Sandra.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\Abyssus.sys CDF91E688D456B9702B2EA72C85F840C
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 1BF58E56CA271FEF678DC3A9996FAB0A
C:\Windows\System32\DRIVERS\atikmpag.sys 4DD3339D3818356145A4945C1B4CB4C5
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys 352476C98EF3952563A14F767491BBA9
C:\Windows\System32\DRIVERS\amd_xata.sys F4805C309FE48D6939147FE5CCDB1AD4
C:\Windows\System32\Drivers\ssadadb.sys 4DE0D5D747A73797C95A97DCCE5018B5
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys F2154A205F4B784B61A72AEBC72BDC5F
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 37CB595C0AB20ECBFA5170D3185690DB
C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gamingms.sys AE9F5530C260639A53FA2CDBF6700F56
C:\Windows\System32\drivers\gfiark.sys 9F5E8645FECD68C0ECC374F5A4AE068A
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 3C4B4EE54FEBB09F7E9F58776DE96DCA
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys B15C021C2C9BB217A799D9532E8F04D4
C:\Windows\System32\DRIVERS\RTL8192cu.sys 9F467CEC8DCCBC24FA725A38DDBB2F62
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\System32\DRIVERS\ssadserd.sys D33D1BD3EC0E766211A234F56A12726D
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys 4EF44915E522F3ECD1A3FF540AA64126
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\System32\DRIVERS\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VKbms.sys 3B59BB6D10CF969DBE4DB93D9EAD7FB4
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-15 20:22 - 2013-11-15 20:22 - 00000000 ____D C:\FRST
2013-11-15 07:37 - 2013-11-15 07:37 - 00000222 _____ C:\Users\NikDim\Desktop\Skullgirls.url
2013-11-15 07:16 - 2013-11-15 07:16 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 07:02 - 2013-11-15 07:02 - 00000000 ____D C:\Windows\ERUNT
2013-11-15 06:55 - 2013-11-15 06:55 - 01034531 _____ (Thisisu) C:\Users\NikDim\Desktop\JRT.exe
2013-11-14 23:27 - 2013-11-15 07:12 - 00000000 ____D C:\Users\NikDim\Desktop\malreports
2013-11-14 21:27 - 2013-11-14 21:28 - 00000000 ____D C:\Users\NikDim\Desktop\RK_Quarantine
2013-11-14 21:23 - 2013-11-14 21:23 - 00008602 _____ C:\Attach.txt
2013-11-14 21:22 - 2013-11-14 21:22 - 00021429 _____ C:\DDS.txt
2013-11-14 20:47 - 2013-11-14 20:47 - 00026483 _____ C:\ComboFix.txt
2013-11-14 16:33 - 2013-11-15 00:20 - 00000392 _____ C:\Windows\setupact.log
2013-11-14 16:33 - 2013-11-14 16:33 - 00000000 _____ C:\Windows\setuperr.log
2013-11-14 04:11 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-14 04:07 - 2013-11-14 04:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-14 04:07 - 2013-11-14 04:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-14 04:06 - 2013-11-14 04:11 - 00008992 _____ C:\Windows\IE11_main.log
2013-11-14 04:06 - 2013-11-14 04:06 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 04:06 - 2013-11-14 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 04:06 - 2013-11-14 04:06 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 04:06 - 2013-11-14 04:06 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 04:06 - 2013-11-14 04:06 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-14 04:06 - 2013-11-14 04:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-14 04:06 - 2013-11-14 04:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-14 04:06 - 2013-11-14 04:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-14 04:06 - 2013-11-14 04:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-14 04:06 - 2013-11-14 04:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-14 04:06 - 2013-11-14 04:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-14 04:05 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-14 04:05 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-14 04:05 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-14 04:05 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-14 04:05 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-14 04:05 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-14 04:05 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-14 04:05 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2013-11-14 04:05 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-14 04:05 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-14 04:05 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-14 04:05 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-14 04:05 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-14 04:05 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-14 04:05 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-14 04:05 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-14 04:05 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-14 04:05 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-14 04:04 - 2013-11-14 05:22 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-14 04:04 - 2013-11-14 05:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-14 04:01 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 04:01 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 04:01 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 04:01 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 04:01 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 04:01 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 04:00 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 04:00 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 04:00 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 04:00 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 04:00 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 04:00 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 04:00 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 04:00 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-14 04:00 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-14 04:00 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-14 04:00 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-14 04:00 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-14 04:00 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-14 04:00 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-13 10:42 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 10:42 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 10:42 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 10:42 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 10:42 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 10:42 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 10:42 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 10:42 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 10:42 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 10:42 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 10:42 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 10:42 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 10:42 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 10:42 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 10:42 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 10:42 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 10:42 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 10:41 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2013-11-13 10:41 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 04:38 - 2013-11-13 03:09 - 00025525 _____ C:\ComboFix - Copy.txt
2013-11-13 03:01 - 2013-11-14 20:47 - 00000000 ____D C:\Qoobox
2013-11-13 03:01 - 2013-11-13 03:08 - 00000000 ____D C:\Windows\erdnt
2013-11-13 03:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-13 03:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-13 03:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-13 03:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-13 03:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-13 03:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-13 03:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-13 03:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-13 02:51 - 2013-11-13 02:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-13 02:33 - 2013-11-13 02:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\NikDim\Desktop\tdsskiller.exe
2013-11-13 02:13 - 2013-11-13 02:13 - 05147957 ____R (Swearware) C:\Users\NikDim\Desktop\ComboFix.exe
2013-11-13 01:48 - 2013-11-13 01:48 - 00688992 ____R (Swearware) C:\Users\NikDim\Desktop\dds.com
2013-11-13 00:28 - 2013-11-13 00:28 - 03643392 _____ C:\Users\NikDim\Desktop\RogueKiller.exe
2013-11-13 00:00 - 2013-11-14 17:55 - 00000000 ____D C:\Users\NikDim\Desktop\mbar
2013-11-13 00:00 - 2013-11-14 17:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-12 23:37 - 2013-11-15 07:10 - 00000000 ____D C:\AdwCleaner
2013-11-12 23:35 - 2013-11-12 23:35 - 01085542 _____ C:\Users\NikDim\Desktop\adwcleaner.exe
2013-11-12 23:30 - 2013-11-14 03:53 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\vlc
2013-11-12 23:30 - 2013-11-12 23:30 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-10 21:48 - 2013-11-10 21:48 - 00000000 ____D C:\Users\NikDim\Downloads\new13vid
2013-11-10 21:47 - 2013-11-14 20:35 - 00000000 ____D C:\Users\NikDim\Downloads\new13pic
2013-11-07 06:05 - 2013-11-07 06:05 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2013-11-07 06:05 - 2013-11-07 06:05 - 00000000 ____D C:\Users\NikDim\Documents\Sports Interactive
2013-11-07 06:05 - 2013-11-07 06:05 - 00000000 ____D C:\Users\NikDim\AppData\Local\Sports Interactive
2013-11-07 06:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-07 06:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-07 06:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-07 06:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-07 06:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-07 06:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-07 06:05 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-07 06:05 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-07 06:05 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-07 06:04 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-07 06:04 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-07 06:04 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-07 06:04 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-07 06:04 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2013-11-07 06:04 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2013-11-07 06:04 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2013-11-07 06:04 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2013-11-07 06:04 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2013-11-07 06:04 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-11-07 06:04 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2013-11-07 06:04 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2013-11-07 06:04 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2013-11-07 06:04 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-07 06:04 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-07 06:04 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2013-11-07 06:04 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2013-11-07 06:04 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2013-11-07 06:04 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-11-07 06:04 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2013-11-07 06:04 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2013-11-07 06:04 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-07 06:04 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-07 06:04 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-07 06:04 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-07 06:04 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-07 06:04 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-07 06:04 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-11-07 06:04 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-11-07 06:04 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-11-07 06:04 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-11-07 06:04 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-11-07 06:04 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-11-07 06:04 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2013-11-07 06:04 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2013-11-07 06:04 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2013-11-07 06:04 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2013-11-07 06:04 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2013-11-07 06:04 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2013-11-07 06:04 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2013-11-07 06:04 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2013-11-07 06:04 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2013-11-07 06:04 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2013-11-07 06:04 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2013-11-07 06:04 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2013-11-07 06:04 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2013-11-07 06:04 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2013-11-07 06:04 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2013-11-07 06:04 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2013-11-07 06:04 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2013-11-07 06:04 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2013-11-07 06:04 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2013-11-07 06:04 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2013-11-07 06:04 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2013-11-07 06:04 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2013-11-07 06:04 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2013-11-07 06:04 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2013-11-07 06:04 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2013-11-07 06:04 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2013-11-07 06:04 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2013-11-07 06:04 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2013-11-07 06:04 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2013-11-07 06:04 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2013-11-07 06:04 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2013-11-07 06:04 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2013-11-07 06:04 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2013-11-07 06:04 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2013-11-07 06:04 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2013-11-07 06:04 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2013-11-07 06:04 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2013-11-07 06:04 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2013-11-07 06:04 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2013-11-07 06:04 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2013-11-07 06:04 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2013-11-07 06:04 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2013-11-07 06:04 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2013-11-07 06:04 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2013-11-07 06:04 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2013-11-07 06:04 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2013-11-07 06:04 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2013-11-07 06:04 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2013-11-07 06:04 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2013-11-07 06:04 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2013-11-07 06:04 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2013-11-07 06:04 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2013-11-07 06:04 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2013-11-07 06:04 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2013-11-07 06:04 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2013-11-07 06:04 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2013-11-07 06:04 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2013-11-07 06:04 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2013-11-07 06:04 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2013-11-07 06:04 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2013-11-07 06:04 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2013-11-07 06:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2013-11-07 06:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2013-11-07 06:04 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2013-11-07 06:04 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2013-11-07 06:04 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2013-11-07 06:04 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2013-11-07 06:04 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2013-11-07 06:04 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2013-11-07 06:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2013-11-07 06:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2013-11-07 06:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2013-11-07 06:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2013-11-07 06:04 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2013-11-07 06:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2013-11-07 06:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2013-11-07 06:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2013-11-07 06:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2013-11-07 06:04 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2013-11-07 06:04 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2013-11-07 06:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2013-11-07 06:04 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2013-11-07 06:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2013-11-07 06:04 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2013-11-07 06:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2013-11-07 06:04 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2013-11-07 06:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2013-11-07 06:04 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2013-11-07 06:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2013-11-07 06:04 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2013-11-07 06:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2013-11-07 06:04 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2013-11-07 06:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2013-11-07 06:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2013-11-07 06:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2013-11-07 06:04 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2013-11-07 06:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2013-11-07 06:04 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2013-11-07 06:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2013-11-07 06:04 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2013-11-07 06:04 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2013-11-04 20:02 - 2013-11-04 20:02 - 00000000 _____ C:\Users\NikDim\Desktop\u petak kod protica.txt
2013-11-03 03:04 - 2013-11-03 03:04 - 00000000 ____D C:\Users\NikDim\AppData\Local\WarThunder
2013-11-03 03:04 - 2013-11-03 03:04 - 00000000 ____D C:\ProgramData\WarThunder
2013-10-30 00:57 - 2013-10-30 00:57 - 00000000 ____D C:\Users\NikDim\openvr
2013-10-27 09:18 - 2013-11-08 05:25 - 00000622 _____ C:\Users\NikDim\Desktop\New Text Document.txt
2013-10-24 21:16 - 2013-10-24 21:16 - 00001019 _____ C:\Users\NikDim\Desktop\HousecallLauncher.exe - Shortcut.lnk
2013-10-21 04:02 - 2013-10-21 04:02 - 00000000 ____D C:\Users\NikDim\AppData\Local\Apps\2.0
2013-10-18 18:58 - 2013-10-18 18:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-18 18:58 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-18 18:58 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-18 18:58 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-18 18:58 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-18 18:57 - 2013-10-18 18:58 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-17 20:52 - 2013-11-09 23:43 - 00000000 ____D C:\Program Files (x86)\Opera Next
2013-10-17 20:52 - 2013-10-17 20:52 - 00001134 _____ C:\Users\Public\Desktop\Opera Next.lnk
2013-10-17 20:52 - 2013-10-17 20:52 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\Opera Software
2013-10-17 20:52 - 2013-10-17 20:52 - 00000000 ____D C:\Users\NikDim\AppData\Local\Opera Software
2013-10-16 02:21 - 2013-10-16 02:21 - 00000932 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2013-10-16 02:20 - 2013-10-16 02:20 - 00001749 _____ C:\Users\NikDim\Desktop\OpenHardwareMonitor.exe - Shortcut.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-11-15 20:22 - 2013-11-15 20:22 - 00000000 ____D C:\FRST
2013-11-15 19:58 - 2011-11-05 23:42 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839018204-4038612700-1296563387-1000UA.job
2013-11-15 19:48 - 2011-07-21 15:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-15 16:19 - 2011-06-17 20:02 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-15 15:58 - 2011-11-05 23:42 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839018204-4038612700-1296563387-1000Core.job
2013-11-15 07:37 - 2013-11-15 07:37 - 00000222 _____ C:\Users\NikDim\Desktop\Skullgirls.url
2013-11-15 07:16 - 2013-11-15 07:16 - 00000000 ____D C:\Program Files (x86)\ESET
2013-11-15 07:12 - 2013-11-14 23:27 - 00000000 ____D C:\Users\NikDim\Desktop\malreports
2013-11-15 07:10 - 2013-11-12 23:37 - 00000000 ____D C:\AdwCleaner
2013-11-15 07:02 - 2013-11-15 07:02 - 00000000 ____D C:\Windows\ERUNT
2013-11-15 06:55 - 2013-11-15 06:55 - 01034531 _____ (Thisisu) C:\Users\NikDim\Desktop\JRT.exe
2013-11-15 06:35 - 2011-08-19 09:34 - 00000000 ____D C:\Program Files (x86)\Acro Software
2013-11-15 06:34 - 2013-07-01 21:54 - 00000000 ____D C:\Program Files (x86)\FXLider MetaTrader
2013-11-15 06:34 - 2011-12-01 10:49 - 00000000 ____D C:\Program Files (x86)\LucasArts
2013-11-15 04:06 - 2011-09-17 21:48 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BA36C7EF-44D0-40CB-BD7E-4E538C3190B2}
2013-11-15 03:35 - 2011-01-16 23:44 - 01471219 _____ C:\Windows\WindowsUpdate.log
2013-11-15 02:01 - 2011-11-05 23:43 - 00002377 _____ C:\Users\NikDim\Desktop\Google Chrome.lnk
2013-11-15 00:27 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-15 00:27 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-15 00:20 - 2013-11-14 16:33 - 00000392 _____ C:\Windows\setupact.log
2013-11-15 00:20 - 2011-07-21 15:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 00:20 - 2011-06-18 18:12 - 00000437 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-15 00:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 23:57 - 2012-09-26 17:40 - 00000000 ____D C:\biznis i trejding
2013-11-14 21:28 - 2013-11-14 21:27 - 00000000 ____D C:\Users\NikDim\Desktop\RK_Quarantine
2013-11-14 21:23 - 2013-11-14 21:23 - 00008602 _____ C:\Attach.txt
2013-11-14 21:22 - 2013-11-14 21:22 - 00021429 _____ C:\DDS.txt
2013-11-14 20:53 - 2011-01-16 23:39 - 00527610 _____ C:\Windows\PFRO.log
2013-11-14 20:47 - 2013-11-14 20:47 - 00026483 _____ C:\ComboFix.txt
2013-11-14 20:47 - 2013-11-13 03:01 - 00000000 ____D C:\Qoobox
2013-11-14 20:45 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-14 20:38 - 2013-10-08 21:12 - 00693222 _____ C:\Users\NikDim\AppData\Local\census.cache
2013-11-14 20:38 - 2013-10-08 21:12 - 00078736 _____ C:\Users\NikDim\AppData\Local\ars.cache
2013-11-14 20:35 - 2013-11-10 21:47 - 00000000 ____D C:\Users\NikDim\Downloads\new13pic
2013-11-14 17:55 - 2013-11-13 00:00 - 00000000 ____D C:\Users\NikDim\Desktop\mbar
2013-11-14 17:55 - 2013-08-13 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 17:16 - 2013-11-13 00:00 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 16:33 - 2013-11-14 16:33 - 00000000 _____ C:\Windows\setuperr.log
2013-11-14 14:07 - 2013-05-12 19:48 - 00000000 ____D C:\od maja 2013 razno
2013-11-14 13:27 - 2011-06-17 16:27 - 00000000 ___RD C:\Users\NikDim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 05:30 - 2013-09-01 21:06 - 00000000 ____D C:\Windows\Minidump
2013-11-14 05:23 - 2011-11-09 23:59 - 00002154 _____ C:\Windows\epplauncher.mif
2013-11-14 05:22 - 2013-11-14 04:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-14 05:22 - 2013-11-14 04:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-14 05:19 - 2009-07-14 06:13 - 00795182 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 05:14 - 2011-06-17 16:27 - 00001419 _____ C:\Users\NikDim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-14 05:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 04:11 - 2013-11-14 04:06 - 00008992 _____ C:\Windows\IE11_main.log
2013-11-14 04:07 - 2013-11-14 04:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-14 04:07 - 2013-11-14 04:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 04:06 - 2013-11-14 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 04:06 - 2013-11-14 04:06 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 04:06 - 2013-11-14 04:06 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 04:06 - 2013-11-14 04:06 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-14 04:06 - 2013-11-14 04:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-14 04:06 - 2013-11-14 04:06 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-14 04:06 - 2013-11-14 04:06 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-14 04:06 - 2013-11-14 04:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-14 04:06 - 2013-11-14 04:06 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-14 04:06 - 2013-11-14 04:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-14 04:06 - 2013-11-14 04:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-14 04:06 - 2013-11-14 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-14 04:04 - 2013-08-02 03:25 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 04:02 - 2011-06-17 17:17 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 03:53 - 2013-11-12 23:30 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\vlc
2013-11-13 20:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-13 11:14 - 2011-06-17 16:23 - 00000000 ____D C:\Users\NikDim
2013-11-13 06:29 - 2011-10-15 19:21 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-11-13 06:29 - 2011-01-16 23:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-13 04:48 - 2011-11-08 07:23 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-13 04:48 - 2011-11-08 07:23 - 00000000 ____D C:\ProgramData\Skype
2013-11-13 03:09 - 2013-11-13 04:38 - 00025525 _____ C:\ComboFix - Copy.txt
2013-11-13 03:09 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-13 03:08 - 2013-11-13 03:01 - 00000000 ____D C:\Windows\erdnt
2013-11-13 02:51 - 2013-11-13 02:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-13 02:34 - 2013-11-13 02:33 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\NikDim\Desktop\tdsskiller.exe
2013-11-13 02:13 - 2013-11-13 02:13 - 05147957 ____R (Swearware) C:\Users\NikDim\Desktop\ComboFix.exe
2013-11-13 01:48 - 2013-11-13 01:48 - 00688992 ____R (Swearware) C:\Users\NikDim\Desktop\dds.com
2013-11-13 01:16 - 2011-06-17 17:22 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\Opera
2013-11-13 01:16 - 2011-06-17 17:22 - 00000000 ____D C:\Users\NikDim\AppData\Local\Opera
2013-11-13 01:16 - 2011-06-17 17:22 - 00000000 ____D C:\Program Files (x86)\Opera
2013-11-13 00:28 - 2013-11-13 00:28 - 03643392 _____ C:\Users\NikDim\Desktop\RogueKiller.exe
2013-11-13 00:20 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-12 23:35 - 2013-11-12 23:35 - 01085542 _____ C:\Users\NikDim\Desktop\adwcleaner.exe
2013-11-12 23:30 - 2013-11-12 23:30 - 00001032 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-12 23:30 - 2011-11-26 21:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-11-12 23:28 - 2011-06-17 19:48 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-11-10 22:09 - 2013-06-03 15:56 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\Azureus
2013-11-10 21:48 - 2013-11-10 21:48 - 00000000 ____D C:\Users\NikDim\Downloads\new13vid
2013-11-09 23:43 - 2013-10-17 20:52 - 00000000 ____D C:\Program Files (x86)\Opera Next
2013-11-08 05:25 - 2013-10-27 09:18 - 00000622 _____ C:\Users\NikDim\Desktop\New Text Document.txt
2013-11-07 06:05 - 2013-11-07 06:05 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2013-11-07 06:05 - 2013-11-07 06:05 - 00000000 ____D C:\Users\NikDim\Documents\Sports Interactive
2013-11-07 06:05 - 2013-11-07 06:05 - 00000000 ____D C:\Users\NikDim\AppData\Local\Sports Interactive
2013-11-07 06:04 - 2012-03-17 00:24 - 00054978 _____ C:\Windows\DirectX.log
2013-11-05 22:41 - 2011-06-17 21:17 - 00000000 ____D C:\Games
2013-11-04 20:02 - 2013-11-04 20:02 - 00000000 _____ C:\Users\NikDim\Desktop\u petak kod protica.txt
2013-11-03 16:57 - 2011-10-08 16:55 - 00000000 ____D C:\Users\NikDim\AppData\Local\CutePDF Writer
2013-11-03 10:29 - 2012-04-30 20:00 - 00000000 ____D C:\CV
2013-11-03 10:28 - 2011-11-06 23:14 - 00000000 ____D C:\Users\NikDim\Documents\My Games
2013-11-03 03:04 - 2013-11-03 03:04 - 00000000 ____D C:\Users\NikDim\AppData\Local\WarThunder
2013-11-03 03:04 - 2013-11-03 03:04 - 00000000 ____D C:\ProgramData\WarThunder
2013-11-01 14:15 - 2013-07-01 09:20 - 00006325 _____ C:\Users\NikDim\Desktop\razno i za download.txt
2013-10-30 00:57 - 2013-10-30 00:57 - 00000000 ____D C:\Users\NikDim\openvr
2013-10-28 08:21 - 2013-05-12 04:28 - 00005653 _____ C:\Users\NikDim\Documents\TombRaider.log
2013-10-24 21:16 - 2013-10-24 21:16 - 00001019 _____ C:\Users\NikDim\Desktop\HousecallLauncher.exe - Shortcut.lnk
2013-10-22 20:52 - 2011-06-17 17:46 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-21 04:02 - 2013-10-21 04:02 - 00000000 ____D C:\Users\NikDim\AppData\Local\Apps\2.0
2013-10-20 15:16 - 2011-11-08 07:23 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\Skype
2013-10-20 14:48 - 2012-08-23 22:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-18 18:58 - 2013-10-18 18:58 - 00000000 ____D C:\ProgramData\Oracle
2013-10-18 18:58 - 2013-10-18 18:57 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-18 18:58 - 2011-06-17 19:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 21:43 - 2011-07-21 15:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-17 21:43 - 2011-07-21 15:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 20:52 - 2013-10-17 20:52 - 00001134 _____ C:\Users\Public\Desktop\Opera Next.lnk
2013-10-17 20:52 - 2013-10-17 20:52 - 00000000 ____D C:\Users\NikDim\AppData\Roaming\Opera Software
2013-10-17 20:52 - 2013-10-17 20:52 - 00000000 ____D C:\Users\NikDim\AppData\Local\Opera Software
2013-10-16 02:21 - 2013-10-16 02:21 - 00000932 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2013-10-16 02:21 - 2011-09-06 19:18 - 00000000 ____D C:\Program Files\CPUID
2013-10-16 02:20 - 2013-10-16 02:20 - 00001749 _____ C:\Users\NikDim\Desktop\OpenHardwareMonitor.exe - Shortcut.lnk
 
Some content of TEMP:
====================
C:\Users\NikDim\AppData\Local\temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {5312aa06-7887-11de-b1db-001321be213f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 12
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {b275406f-993f-11e0-98f9-d48564a12bcb}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {b275406f-993f-11e0-98f9-d48564a12bcb}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5312aa06-7887-11de-b1db-001321be213f}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {b275406f-993f-11e0-98f9-d48564a12bcb}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{b2754070-993f-11e0-98f9-d48564a12bcb}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{b2754070-993f-11e0-98f9-d48564a12bcb}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {5312aa06-7887-11de-b1db-001321be213f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {b2754070-993f-11e0-98f9-d48564a12bcb}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2013-11-10 08:45
 
==================== End Of Log ============================
 
 
Addtion.txt from farbar
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by NikDim at 2013-11-15 20:24:12
Running from C:\downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830)
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0830.1944.33589)
AMD Media Foundation Decoders (Version: 1.0.80830.1925)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589)
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589)
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589)
CCC Help Czech (x32 Version: 2013.0830.1943.33589)
CCC Help Danish (x32 Version: 2013.0830.1943.33589)
CCC Help Dutch (x32 Version: 2013.0830.1943.33589)
CCC Help English (x32 Version: 2013.0830.1943.33589)
CCC Help Finnish (x32 Version: 2013.0830.1943.33589)
CCC Help French (x32 Version: 2013.0830.1943.33589)
CCC Help German (x32 Version: 2013.0830.1943.33589)
CCC Help Greek (x32 Version: 2013.0830.1943.33589)
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589)
CCC Help Italian (x32 Version: 2013.0830.1943.33589)
CCC Help Japanese (x32 Version: 2013.0830.1943.33589)
CCC Help Korean (x32 Version: 2013.0830.1943.33589)
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589)
CCC Help Polish (x32 Version: 2013.0830.1943.33589)
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589)
CCC Help Russian (x32 Version: 2013.0830.1943.33589)
CCC Help Spanish (x32 Version: 2013.0830.1943.33589)
CCC Help Swedish (x32 Version: 2013.0830.1943.33589)
CCC Help Thai (x32 Version: 2013.0830.1943.33589)
CCC Help Turkish (x32 Version: 2013.0830.1943.33589)
ccc-utility64 (Version: 2013.0830.1944.33589)
Cisco WebEx Meetings (x32)
Citrix Online Launcher (x32 Version: 1.0.122)
Counter-Strike: Source (x32)
CPUID CPU-Z 1.58
CPUID HWMonitor 1.23
D3DX10 (x32 Version: 15.4.2368.0902)
ESET Online Scanner v3 (x32)
Football Manager 2014 Demo (x32)
Genius PDF (x32 Version: 1.1)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1580)
Google Update Helper (x32 Version: 1.3.21.165)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
Heroes of Might and Magic IV: Winds of War (x32)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Laser Gaming Mouse with VoodooDNA (x32 Version: 1.00.00.00)
HP Odometer (x32 Version: 2.10.0000)
HP Product Detection (x32 Version: 11.15.0005)
HP Support Information (x32 Version: 10.1.1000)
INFOGRAD(Jule. 2013 ver. 1.0.1) (x32)
IrfanView (remove only) (x32 Version: 4.28)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.3130)
Lightworks (x32 Version: 10.0.22.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Might & Magic Heroes VI (x32 Version: 1.1.1)
Mozilla Thunderbird 17.0.5 (x86 en-US) (x32 Version: 17.0.5)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera Next 18.0.1284.26 (x32 Version: 18.0.1284.26)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.1.4329)
PowerDirector (x32 Version: 8.0.3129)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Recovery Manager (x32 Version: 5.5.3219)
Skype™ 6.7 (x32 Version: 6.7.102)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
The Elder Scrolls V: Skyrim (x32)
Tomb Raider Survival Edition Repack (x32)
Total Commander (Remove or Repair) (x32 Version: 7.56a)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Vuze (x32 Version: 5.1.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
WordWeb (x32 Version: 7)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
12-11-2013 23:17:20 Malwarebytes Anti-Rootkit Restore Point
13-11-2013 01:20:32 Installed Microsoft Fix it 50267
13-11-2013 05:25:38 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
13-11-2013 05:26:06 Removed Microsoft Visual C++ 2005 Redistributable
13-11-2013 05:29:33 Removed Ubisoft Game Launcher
13-11-2013 08:48:27 Removed Microsoft Visual C++ 2005 Redistributable (x64)
13-11-2013 08:48:54 Removed Microsoft Visual C++ 2005 Redistributable
13-11-2013 08:49:28 Removed Microsoft Visual C++ 2005 Redistributable
13-11-2013 09:42:47 Windows Update
14-11-2013 03:01:58 Windows Update
14-11-2013 04:20:06 Windows Update
14-11-2013 15:57:47 SiSoftware Sandra Lite
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2013-11-14 20:45 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0BACE8AE-CEEF-4409-ACBF-5D29DFAC89FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21] (Google Inc.)
Task: {3E375A8D-0F96-472D-94C9-8E027BCEE5F9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {64A44C6A-8E1D-4ADF-93BD-332A8A2E1761} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21] (Google Inc.)
Task: {85A4AE1B-D90F-4933-B0A6-A186378DDEC9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2839018204-4038612700-1296563387-1000Core => C:\Users\NikDim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)
Task: {BA384FAE-8EAC-461C-9E8C-E083DFD0D86A} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-10] (Hewlett-Packard)
Task: {F79C6958-00A8-41FB-9010-6597DAF9F3EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2839018204-4038612700-1296563387-1000UA => C:\Users\NikDim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839018204-4038612700-1296563387-1000Core.job => C:\Users\NikDim\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2839018204-4038612700-1296563387-1000UA.job => C:\Users\NikDim\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 18:47 - 2013-08-30 18:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-17 19:41 - 2011-05-28 19:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-10-10 15:39 - 2007-10-09 13:14 - 00094208 _____ () C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\razerlan.dll
2013-11-15 02:01 - 2013-11-14 12:28 - 00702416 _____ () C:\Users\NikDim\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 02:01 - 2013-11-14 12:28 - 00099792 _____ () C:\Users\NikDim\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 02:01 - 2013-11-14 12:29 - 04055504 _____ () C:\Users\NikDim\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 02:01 - 2013-11-14 12:29 - 00399312 _____ () C:\Users\NikDim\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 02:01 - 2013-11-14 12:28 - 01619408 _____ () C:\Users\NikDim\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 02:01 - 2013-11-14 12:29 - 13582800 _____ () C:\Users\NikDim\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/15/2013 08:22:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/15/2013 04:31:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/15/2013 04:31:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/15/2013 07:16:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/15/2013 07:16:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (11/15/2013 07:15:46 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (11/15/2013 08:22:34 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\downloads\esetsmartinstaller_enu (1).exe
 
Error: (11/15/2013 04:31:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NikDim\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (11/15/2013 04:31:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NikDim\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (11/15/2013 07:16:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\downloads\esetsmartinstaller_enu.exe
 
Error: (11/15/2013 07:16:27 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\downloads\esetsmartinstaller_enu.exe
 
Error: (11/15/2013 07:15:46 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\NikDim\Downloads\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-14 20:44:57.576
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-14 20:44:57.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-14 20:44:57.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-14 20:44:57.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-13 03:07:36.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-13 03:07:36.620
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-04-30 21:21:08.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00137_018\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-30 21:14:43.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00137_018\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-11 22:04:45.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00127_013\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-04-11 18:49:29.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00127_013\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 4095.29 MB
Available physical RAM: 2053.99 MB
Total Pagefile: 8188.75 MB
Available Pagefile: 5848.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:759.56 GB) (Free:336.95 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.18 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 02F511D1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=760 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=159 GB) - (Type=05)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 AsterNik

AsterNik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 16 November 2013 - 04:26 PM

Hi again... I know it's a lot of files to analyse. In the meantime I have run Sophos AV and everything reported as clear. Right know I will also run McAfee rootkit remover and check it's results. 

 

Please advise soon, otherwise I am opting for FDSK+reinstall if no one reply...



#3 AsterNik

AsterNik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 17 November 2013 - 07:28 PM

I  do sincerely hope that someone wants to help me? Otherwise, bleeping computers is just another bunch of hacking bastards forum... (I noticed to many anon reads and no reply on this post).

 

Anyway, an update: I have run and installedd avast AV+firewall, malwarebytes PRO, mcafee antiroot  kit scan .... etc.  all show good results.. In the meantime,  I removed vuze, and some crack game. Panda cloud antivirus detected malware MEM.exe in ATI folder (it was  related to  ATI/AMD CCC, that was also removed after all..., except for graphics drivers, a false report most probably). Run sophos suit trial, didn't find anything, then remove it through IObit remover as I didn't like it.... Now running +++ AV, ++++ FW, and other rootk finders, not to mention the names, as far as we  go I don't trust you. Everything seems fine, reported by this tools. 

 

If there are someone still alive, apart from trojan coders reading this post, here is the latest DDS reports.... But not yet. Approximate estimation from various sources, (sophos, symantec, etc....) is that through zeroaccess botnet owners can earn between 250 millions to 1 billion dollars a year. So: if u r the one of the bastards, reading this post now, and collecting millions.... make sure that I  will find u soon or later. (even sophos pdf ZA report revealed some names...). Let me assure you that it will not be a fruitful meeting for you.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 PM

Posted 20 November 2013 - 11:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

I have reviewed all of your logs and cannot find any malware.

I would have suggested all the tools you executed.

The only one I can now suggest is this SecurityCheck.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

If you feel that changing all of your passwords is not safe enough then your call if you want to re-install.

#5 AsterNik

AsterNik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 November 2013 - 06:36 PM

Many thanks nasdaq, sorry if I was being impatience. Here is the Security check report:

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Microsoft Security Essentials   
avast! Internet Security        
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Thunderbird (24.0.) 
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
Please let me know if you have any comments.
I would rather not re-install, but considering buying full version of Avast! as it have AV, FW, and 'safe zone' special for online banking and it's easy on PC resource use. Maybe Malwerbyte PRO as well. An periodically scan with special tools above.
 
So do you think that the password changes would be good enough measure?
 
Nik


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 PM

Posted 21 November 2013 - 08:51 AM

You are looking good.

I do not see any reason for a reinstall. Change you Password if not already done.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 AsterNik

AsterNik
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 21 November 2013 - 02:21 PM

Thanks again, password changes in process... ComboFix already unisntalled.   As for automatic updates, do not worry, I am checking it regularly more then often needed. I just like to have more control (then windows itself) over windows processes, automatic or not and I am familiar with use, since many years now, of administrative tools (services control), regedit, etc.

 

I think avast! internet security also have good internet protection, so far so good. Hehe, as for MSE, I wouldn't really count too much on them. For MBAM paid version, I'm thinking that I will soon order it. I am also aware of scarewares and rogue  software nasties. What also should  be explored is that various game sites are using P2P, freeplay, and user made add ons for games (DLC). As I'am a big (and old) gamer, is'n that also a possible vector of spreading malware?.  Thanks for advice on other useful software!  

 

Nik



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 PM

Posted 27 November 2013 - 09:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users