Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deluxe tools virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 Rokowski

Rokowski

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 16 February 2014 - 05:33 AM

Hello, yesterday a friend of mine sent me some spammer he is using wich was called "skype spammer.exe", he said he is using it for a while now and never ran into problems with it. So i gave it a try and it took some secs to open but than it worked fine, later i checked it on virustotal, and it came back with not so good results :/
I am using Eset Smartsecutiry 7, and ran full scan but it didnt find anything, same thing was with Malwarebytes- i did full system scan and it doesnt find anything, under msconfig there arent any new or unusuall "server.exe's" , but i have really bad feeling that i am infected now :(
here is virus total result : https://www.virustotal.com/en/file/dfb411cff5824c1df8245e30204a5181adecae88d2555008dd842292b09db165/analysis/
Hope you can help me, thank you in advance Rok



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 18 February 2014 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 19 February 2014 - 03:56 AM

Hello Nasdaq, thank you for helping me out :)

here is Adwcleaner log;
 

# AdwCleaner v3.019 - Report created 19/02/2014 at 09:13:58
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Nina-NB - NINA-NB-TOSH
# Running from : C:\Users\Nina-NB\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Program Files (x86)\GreenTree Applications
Folder Found C:\Program Files (x86)\uniblue
Folder Found C:\ProgramData\uniblue
Folder Found C:\ProgramData\Uniblue\DriverScanner
Folder Found C:\Users\Nina-NB\AppData\Roaming\uniblue
Folder Found C:\Users\Nina-NB\AppData\Roaming\Uniblue\DriverScanner
Folder Found C:\Windows\SysWOW64\hotspot shield
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v27.0.1 (sl)
 
[ File : C:\Users\Nina-NB\AppData\Roaming\Mozilla\Firefox\Profiles\wdffs210.default\prefs.js ]
 
Line Found : user_pref("extensions.toolbar_SGT-V7@apn.ask.com.install-event-fired", true);
 
*************************
 
AdwCleaner[R0].txt - [1495 octets] - [26/09/2013 16:42:41]
AdwCleaner[R1].txt - [2241 octets] - [19/02/2014 09:13:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2301 octets] ##########
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
 
JRT log;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Nina-NB on sre 19.02.2014 at  9:24:26,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Nina-NB\AppData\Roaming\mozilla\firefox\profiles\wdffs210.default\minidumps [12 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on sre 19.02.2014 at  9:29:56,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
---------------------------------------------------------------------------------------------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Nina-NB (administrator) on NINA-NB-TOSH on 19-02-2014 09:31:52
Running from C:\Users\Nina-NB\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Akamai Technologies, Inc.) C:\Users\Nina-NB\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Nina-NB\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2271962270-4160619226-835598309-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Nina-NB\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
 
FireFox:
========
FF ProfilePath: C:\Users\Nina-NB\AppData\Roaming\Mozilla\Firefox\Profiles\wdffs210.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina-NB\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ceneji.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\najdi-si.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\odpiralni.xml
FF Extension: Test Pilot - C:\Users\Nina-NB\AppData\Roaming\Mozilla\Firefox\Profiles\wdffs210.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-01-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-17]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-17]
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Nina-NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlaniokgfckpjblpafbfchhghecmifi [2013-04-29]
CHR Extension: (Marc Ecko) - C:\Users\Nina-NB\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2012-11-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Nina-NB\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-12-24]
 
==================== Services (Whitelisted) =================
 
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S4 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-28] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-12-31] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-19 09:31 - 2014-02-19 09:32 - 00014712 _____ () C:\Users\Nina-NB\Downloads\FRST.txt
2014-02-19 09:31 - 2014-02-19 09:31 - 02153472 _____ (Farbar) C:\Users\Nina-NB\Downloads\FRST64.exe
2014-02-19 09:29 - 2014-02-19 09:29 - 00000769 _____ () C:\Users\Nina-NB\Desktop\JRT.txt
2014-02-19 09:13 - 2014-02-19 09:13 - 01241834 _____ () C:\Users\Nina-NB\Downloads\adwcleaner.exe
2014-02-17 21:20 - 2014-02-17 21:39 - 00000000 ____D () C:\Users\Nina-NB\Documents\Virtual Machines
2014-02-17 15:53 - 2014-02-17 15:53 - 00001054 _____ () C:\Users\Nina-NB\Desktop\TERA.lnk
2014-02-17 15:53 - 2014-02-17 15:53 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\TERA
2014-02-17 15:53 - 2014-02-17 15:53 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-02-17 15:52 - 2014-02-17 15:52 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\Nina-NB\Downloads\TERASetup.exe
2014-02-17 13:30 - 2014-02-17 13:30 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Microsoft Games
2014-02-17 11:05 - 2014-02-17 11:05 - 00001640 _____ () C:\Users\Public\Desktop\Combat Arms EU.lnk
2014-02-17 10:07 - 2014-02-17 10:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1BBC0139.sys
2014-02-17 10:06 - 2014-02-17 11:03 - 00000000 ____D () C:\Users\Nina-NB\Desktop\mbar
2014-02-17 10:06 - 2014-02-17 10:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-17 10:05 - 2014-02-17 10:06 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Nina-NB\Downloads\mbar-1.07.0.1009.exe
2014-02-16 23:03 - 2014-02-17 11:00 - 1857798016 _____ (Nexon) C:\Users\Nina-NB\Documents\Combatarms_eu.exe
2014-02-16 22:36 - 2014-02-16 22:36 - 00001455 _____ () C:\Users\Nina-NB\Desktop\RKreport[0]_S_02162014_223610.txt
2014-02-16 22:36 - 2014-02-16 22:36 - 00000675 _____ () C:\Users\Nina-NB\Desktop\RKreport[0]_DN_02162014_223640.txt
2014-02-16 22:24 - 2014-02-16 22:36 - 00000000 ____D () C:\Users\Nina-NB\Desktop\RK_Quarantine
2014-02-16 22:23 - 2014-02-16 22:23 - 03813376 _____ () C:\Users\Nina-NB\Downloads\RogueKiller (1).exe
2014-02-16 21:39 - 2014-02-16 21:40 - 10028912 _____ (Akamai Technologies, Inc.) C:\Users\Nina-NB\Downloads\NexonEU_Installer (2).exe
2014-02-16 11:57 - 2014-02-16 13:31 - 00000000 ____D () C:\Users\Nina-NB\Documents\Anti-Malware
2014-02-16 00:25 - 2014-02-16 00:45 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-15 23:22 - 2014-02-17 17:24 - 00001728 _____ () C:\Windows\PFRO.log
2014-02-15 22:55 - 2014-02-15 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 22:44 - 2014-02-15 22:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-15 22:43 - 2014-02-15 23:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 22:43 - 2014-02-15 22:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 22:43 - 2014-02-15 22:43 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-15 22:43 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-15 22:42 - 2014-02-15 22:43 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Nina-NB\Downloads\spybot-2.2.exe
2014-02-15 22:19 - 2014-02-15 22:27 - 396533760 _____ () C:\Users\Nina-NB\Downloads\kav_rescue_10.iso
2014-02-15 22:14 - 2014-02-15 22:14 - 00054765 _____ () C:\ComboFix.txt
2014-02-15 21:39 - 2014-02-15 21:39 - 05183211 ____R (Swearware) C:\Users\Nina-NB\Downloads\ComboFix.exe
2014-02-15 21:20 - 2014-02-19 09:16 - 00000616 _____ () C:\Windows\setupact.log
2014-02-15 21:20 - 2014-02-15 21:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 21:09 - 2014-02-15 21:09 - 00199978 _____ () C:\Users\Nina-NB\Documents\cc_20140215_210944.reg
2014-02-15 21:09 - 2014-02-15 21:09 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-15 21:09 - 2014-02-15 21:09 - 00000832 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-15 21:08 - 2014-02-15 21:09 - 04721920 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\ccsetup410.exe
2014-02-15 21:08 - 2014-02-15 21:09 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-15 21:08 - 2014-02-15 21:08 - 04721144 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\ccsetup410pro.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 04721144 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\ccsetup410pro (1).exe
2014-02-15 20:38 - 2014-02-15 20:38 - 00016012 _____ () C:\Users\Nina-NB\Desktop\crash.exe
2014-02-15 20:38 - 2014-02-15 20:38 - 00000345 _____ () C:\Users\Nina-NB\Desktop\crash.cpp
2014-02-15 19:10 - 2014-02-15 19:11 - 00000000 ____D () C:\Users\Nina-NB\Desktop\UNDERGROUND
2014-02-15 19:10 - 2014-02-15 19:10 - 00001013 _____ () C:\Users\Nina-NB\Desktop\Dropbox.lnk
2014-02-15 19:08 - 2014-02-15 19:11 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Dropbox
2014-02-15 19:08 - 2014-02-15 19:10 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\DropboxMaster
2014-02-15 19:08 - 2014-02-15 19:08 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-15 19:07 - 2014-02-15 19:08 - 37660568 _____ (Dropbox, Inc.) C:\Users\Nina-NB\Downloads\Dropbox 2.6.2.exe
2014-02-15 16:20 - 2014-02-15 16:20 - 00000000 ____D () C:\Users\Nina-NB\Downloads\KRIŽCI_PA_KROŽCI
2014-02-15 16:09 - 2014-02-15 16:09 - 00000166 _____ () C:\Users\Nina-NB\Desktop\test.cpp
2014-02-15 16:04 - 2014-02-15 16:13 - 00000973 _____ () C:\Users\Nina-NB\Desktop\spammer.cpp
2014-02-14 00:42 - 2014-02-14 00:43 - 00000000 ____D () C:\Users\Nina-NB\Desktop\GALAXY S2 ROOT
2014-02-14 00:21 - 2014-02-14 00:25 - 162367198 _____ () C:\Users\Nina-NB\Downloads\cm-10.1.3-i9100.zip
2014-02-14 00:19 - 2014-02-14 00:21 - 100751136 _____ () C:\Users\Nina-NB\Downloads\gapps-jb-20130812-signed.zip
2014-02-13 22:46 - 2014-02-13 22:46 - 07561216 _____ () C:\Users\Nina-NB\Downloads\jeboo_kernel_i9100_v1-2a.tar
2014-02-13 21:58 - 2014-02-13 21:58 - 00495470 _____ () C:\Users\Nina-NB\Downloads\ril-LQB-i9100-signed.zip
2014-02-13 21:57 - 2014-02-13 21:57 - 01587023 _____ () C:\Users\Nina-NB\Downloads\recovery-clockwork-touch-5.8.1.5-galaxys2.zip
2014-02-13 21:52 - 2014-02-13 21:52 - 06177451 _____ () C:\Users\Nina-NB\Downloads\kk-kernel-09-02-CWM.zip
2014-02-13 21:44 - 2014-02-13 21:44 - 00000000 ____D () C:\Users\Nina-NB\Downloads\kk-kernel-09-02-CWM
2014-02-13 21:22 - 2014-02-13 21:22 - 01358054 _____ () C:\Users\Nina-NB\Downloads\recovery-clockwork-4.0.1.5-galaxys2 (1).zip
2014-02-13 21:18 - 2014-02-13 21:18 - 00000000 ____D () C:\Users\Nina-NB\Downloads\recovery-clockwork-swipe-6.0.4.6-i9100
2014-02-13 21:15 - 2014-02-13 21:15 - 00000000 ____D () C:\Users\Nina-NB\Downloads\Odin307
2014-02-13 21:06 - 2014-02-13 21:06 - 01207012 _____ () C:\Users\Nina-NB\Downloads\Odin307.zip
2014-02-13 20:33 - 2014-02-13 20:33 - 05269876 _____ () C:\Users\Nina-NB\Downloads\recovery-clockwork-swipe-6.0.4.6-i9100.zip
2014-02-13 20:12 - 2014-02-13 20:16 - 00000000 ____D () C:\Users\Nina-NB\Desktop\gopro rok
2014-02-13 18:58 - 2014-02-13 19:01 - 87179530 _____ () C:\Users\Nina-NB\Downloads\gapps-kk-20140105-signed.zip
2014-02-13 18:56 - 2014-02-13 18:56 - 00007051 _____ () C:\Users\Nina-NB\Downloads\gapps-kk-20140105-signed.zip.torrent
2014-02-13 18:48 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 18:48 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 18:47 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 18:47 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 18:47 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 18:47 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 18:47 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 18:47 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 18:47 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 18:47 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 18:47 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 18:47 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 18:47 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 18:47 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 18:47 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 18:47 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 18:47 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 18:47 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 18:47 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 18:47 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 18:47 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 18:47 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 18:47 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 18:47 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 18:47 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 18:47 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 18:47 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 18:47 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 18:47 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 18:47 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 18:47 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 18:47 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 18:47 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 18:47 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 18:47 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 18:47 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 18:47 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 18:47 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 18:47 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 18:47 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 18:47 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 18:45 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 18:45 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 18:45 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 18:45 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 18:45 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 18:45 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 18:45 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 18:45 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 18:45 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 18:45 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 18:45 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 18:45 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 18:45 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 18:45 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 18:45 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 18:45 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 18:45 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 18:45 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 18:45 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 18:45 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 18:45 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 18:45 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 18:45 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 18:45 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 18:45 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 18:45 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 18:45 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 18:45 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 17:38 - 2014-02-13 19:08 - 00000000 ____D () C:\Users\Nina-NB\Desktop\Miha samsung i9100
2014-02-13 16:58 - 2014-02-13 16:58 - 00153734 _____ () C:\Users\Nina-NB\Downloads\kernel_settings_wipe.zip
2014-02-13 16:46 - 2014-02-13 16:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-13 16:43 - 2014-02-13 16:43 - 00002012 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-02-13 16:43 - 2014-02-13 16:43 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Nina-NB\Documents\samsung
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Samsung
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Samsung
2014-02-13 16:42 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-02-13 16:42 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-02-13 16:41 - 2014-02-13 16:43 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-13 16:41 - 2014-02-13 16:42 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-13 16:38 - 2014-02-13 16:40 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Nina-NB\Downloads\KiesSetup.exe
2014-02-11 18:02 - 2014-02-11 18:36 - 00000318 _____ () C:\Users\Nina-NB\Desktop\E-ASISTENT_HACK_DATE CHANGE.vbs
2014-02-11 18:01 - 2014-02-11 18:02 - 00000510 _____ () C:\Users\Nina-NB\Desktop\E-ASISTENT_HACK_DATE CHANGE.txt
2014-02-11 17:57 - 2014-02-11 17:59 - 00001463 _____ () C:\Users\Nina-NB\Desktop\e-asistent_hack_2013.cpp
2014-02-10 17:37 - 2014-02-10 17:37 - 00000000 ____D () C:\Users\Nina-NB\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-02-10 14:54 - 2014-02-10 14:54 - 00003215 _____ () C:\Users\Nina-NB\Desktop\Sophos Virus Removal Tool.lnk
2014-02-10 14:54 - 2014-02-10 14:54 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-02-10 14:51 - 2014-02-10 14:53 - 83887936 _____ (Sophos Limited) C:\Users\Nina-NB\Downloads\Sophos Virus Removal Tool.exe
2014-02-10 14:45 - 2014-02-10 14:45 - 05180173 _____ (Swearware) C:\Users\Nina-NB\Downloads\ComboFix (1).exe
2014-02-07 22:34 - 2014-02-07 22:34 - 02051584 _____ () C:\Users\Nina-NB\Downloads\aspplus_sl.msi
2014-02-05 16:04 - 2011-08-16 14:43 - 03200104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-02-05 15:28 - 2014-02-05 15:29 - 14107008 _____ (Driver-Soft Inc. ) C:\Users\Nina-NB\Downloads\DG_Setup.exe
2014-02-05 15:22 - 2014-02-05 15:22 - 00020148 _____ () C:\Users\Nina-NB\Downloads\Realtek.High.Definition.Audio.Driver.R2.64.torrent
2014-02-05 15:17 - 2014-02-05 15:17 - 00000000 ____D () C:\ProgramData\TOSHIBA Tempro
2014-02-05 15:17 - 2014-02-05 15:17 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-02-03 21:36 - 2014-02-03 21:36 - 00949418 _____ () C:\Users\Nina-NB\Downloads\Tecaj_GJP.ppsx
2014-02-02 22:04 - 2014-02-06 16:12 - 00000000 ____D () C:\Users\Nina-NB\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595)
2014-02-02 14:42 - 2014-02-02 14:43 - 34249488 _____ (Riot Games) C:\Users\Nina-NB\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe
2014-02-01 20:31 - 2014-02-01 20:31 - 04845384 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\spsetup125 (1).exe
2014-02-01 20:30 - 2014-02-01 20:31 - 04845384 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\spsetup125.exe
2014-01-31 23:13 - 2014-01-31 23:13 - 00008747 _____ () C:\Users\Nina-NB\Documents\mami31.1.xlsx
2014-01-28 08:41 - 2014-01-28 08:41 - 00448512 _____ (OldTimer Tools) C:\Users\Nina-NB\Downloads\TFC (1).exe
2014-01-28 08:33 - 2014-01-28 08:33 - 00001087 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-28 08:33 - 2014-01-28 08:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-01-28 08:33 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-01-27 22:05 - 2014-01-27 22:05 - 00001067 _____ () C:\Users\Nina-NB\Desktop\Notepad++.lnk
2014-01-27 22:05 - 2014-01-27 22:05 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-27 22:04 - 2014-01-27 22:04 - 07598942 _____ () C:\Users\Nina-NB\Downloads\npp.6.5.3.Installer.exe
2014-01-27 19:50 - 2014-01-27 19:50 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 19:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-27 19:50 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-27 19:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-27 19:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-24 08:45 - 2014-01-24 08:45 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Blizzard
2014-01-24 07:59 - 2014-01-24 08:45 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-24 07:59 - 2014-01-24 07:59 - 00001193 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-01-24 07:58 - 2014-01-31 23:06 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Battle.net
2014-01-24 07:58 - 2014-01-24 09:19 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Battle.net
2014-01-24 07:58 - 2014-01-24 07:58 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Blizzard Entertainment
2014-01-24 07:58 - 2014-01-24 07:58 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-01-24 07:58 - 2014-01-24 07:58 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-24 07:56 - 2014-01-24 07:56 - 00000000 ____D () C:\ProgramData\Battle.net
2014-01-24 07:55 - 2014-01-24 07:55 - 05971136 _____ (Blizzard Entertainment) C:\Users\Nina-NB\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-01-23 18:31 - 2014-01-23 18:31 - 00974848 _____ () C:\Windows\SysWOW64\cis-2.4.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00569344 _____ (© MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00491520 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00352256 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00330240 _____ ((주)마크애니) C:\Windows\MASetupCaller.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00258048 _____ (© PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00245760 _____ (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00200704 _____ ( © MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00172032 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2014-01-23 18:31 - 2014-01-23 18:31 - 00155648 _____ (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00143360 _____ () C:\Windows\SysWOW64\3DAudio.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00135168 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00131072 _____ (© MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00122880 _____ (© MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00118784 _____ ((주)마크애니) C:\Windows\SysWOW64\MaDRM.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00110592 _____ (© MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00090112 _____ ((주)마크애니) C:\Windows\MAMCityDownload.ocx
2014-01-23 18:31 - 2014-01-23 18:31 - 00081920 _____ () C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00065536 _____ () C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00057344 _____ (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00057344 _____ (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00057344 _____ () C:\Windows\SysWOW64\issacapi_se-2.3.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00049152 _____ ((주) 마크애니) C:\Windows\SysWOW64\MaJGUILib.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00045320 _____ (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00045056 _____ ((주) 마크애니) C:\Windows\SysWOW64\MaXMLProto.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00045056 _____ ((주) 마크애니) C:\Windows\SysWOW64\MACXMLProto.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00040960 _____ (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00030568 _____ () C:\Windows\MusiccityDownload.exe
2014-01-23 18:31 - 2014-01-23 18:31 - 00024576 _____ ((주)마크애니) C:\Windows\SysWOW64\MASetupCleaner.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-19 09:32 - 2014-02-19 09:31 - 00014712 _____ () C:\Users\Nina-NB\Downloads\FRST.txt
2014-02-19 09:31 - 2014-02-19 09:31 - 02153472 _____ (Farbar) C:\Users\Nina-NB\Downloads\FRST64.exe
2014-02-19 09:31 - 2013-09-24 20:56 - 00000000 ____D () C:\FRST
2014-02-19 09:29 - 2014-02-19 09:29 - 00000769 _____ () C:\Users\Nina-NB\Desktop\JRT.txt
2014-02-19 09:25 - 2011-08-31 10:13 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 09:24 - 2009-07-14 05:45 - 00029184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 09:24 - 2009-07-14 05:45 - 00029184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 09:19 - 2013-09-26 16:26 - 01037530 _____ (Thisisu) C:\Users\Nina-NB\Downloads\JRT.exe
2014-02-19 09:17 - 2013-11-30 20:34 - 00000000 ____D () C:\ProgramData\VMware
2014-02-19 09:17 - 2011-08-31 10:13 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 09:16 - 2014-02-15 21:20 - 00000616 _____ () C:\Windows\setupact.log
2014-02-19 09:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 09:15 - 2013-09-26 16:42 - 00000000 ____D () C:\AdwCleaner
2014-02-19 09:15 - 2011-12-28 14:49 - 01292305 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 09:13 - 2014-02-19 09:13 - 01241834 _____ () C:\Users\Nina-NB\Downloads\adwcleaner.exe
2014-02-19 09:13 - 2013-10-03 14:11 - 00000024 _____ () C:\Users\Nina-NB\random.dat
2014-02-19 09:13 - 2013-02-16 18:43 - 00000024 _____ () C:\Users\Nina-NB\jagexappletviewer.preferences
2014-02-19 09:12 - 2013-10-03 14:11 - 00000046 _____ () C:\Users\Nina-NB\jagex_cl_runescape_LIVE.dat
2014-02-18 22:33 - 2012-05-19 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-18 12:52 - 2012-03-15 22:25 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Skype
2014-02-18 11:19 - 2012-03-15 22:28 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\vlc
2014-02-17 21:47 - 2014-02-08 17:56 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\uTorrent
2014-02-17 21:47 - 2013-11-30 20:44 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\VMware
2014-02-17 21:40 - 2013-11-30 20:44 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\VMware
2014-02-17 21:39 - 2014-02-17 21:20 - 00000000 ____D () C:\Users\Nina-NB\Documents\Virtual Machines
2014-02-17 21:18 - 2013-02-16 16:58 - 00112136 _____ () C:\Users\Nina-NB\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-17 17:24 - 2014-02-15 23:22 - 00001728 _____ () C:\Windows\PFRO.log
2014-02-17 17:21 - 2013-08-01 18:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 17:18 - 2012-03-16 00:19 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 15:53 - 2014-02-17 15:53 - 00001054 _____ () C:\Users\Nina-NB\Desktop\TERA.lnk
2014-02-17 15:53 - 2014-02-17 15:53 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\TERA
2014-02-17 15:53 - 2014-02-17 15:53 - 00000000 ____D () C:\Program Files (x86)\TERA
2014-02-17 15:52 - 2014-02-17 15:52 - 15366160 _____ (Gameforge Productions GmbH ) C:\Users\Nina-NB\Downloads\TERASetup.exe
2014-02-17 13:30 - 2014-02-17 13:30 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Microsoft Games
2014-02-17 11:05 - 2014-02-17 11:05 - 00001640 _____ () C:\Users\Public\Desktop\Combat Arms EU.lnk
2014-02-17 11:03 - 2014-02-17 10:06 - 00000000 ____D () C:\Users\Nina-NB\Desktop\mbar
2014-02-17 11:03 - 2013-08-19 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-17 11:01 - 2013-12-19 19:49 - 00000000 ____D () C:\Nexon
2014-02-17 11:01 - 2012-11-10 18:41 - 00000000 ____D () C:\ProgramData\NexonEU
2014-02-17 11:00 - 2014-02-16 23:03 - 1857798016 _____ (Nexon) C:\Users\Nina-NB\Documents\Combatarms_eu.exe
2014-02-17 10:07 - 2014-02-17 10:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1BBC0139.sys
2014-02-17 10:06 - 2014-02-17 10:06 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-17 10:06 - 2014-02-17 10:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Nina-NB\Downloads\mbar-1.07.0.1009.exe
2014-02-17 08:46 - 2009-07-14 05:45 - 05041048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-16 23:02 - 2013-12-19 19:12 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Akamai
2014-02-16 22:36 - 2014-02-16 22:36 - 00001455 _____ () C:\Users\Nina-NB\Desktop\RKreport[0]_S_02162014_223610.txt
2014-02-16 22:36 - 2014-02-16 22:36 - 00000675 _____ () C:\Users\Nina-NB\Desktop\RKreport[0]_DN_02162014_223640.txt
2014-02-16 22:36 - 2014-02-16 22:24 - 00000000 ____D () C:\Users\Nina-NB\Desktop\RK_Quarantine
2014-02-16 22:23 - 2014-02-16 22:23 - 03813376 _____ () C:\Users\Nina-NB\Downloads\RogueKiller (1).exe
2014-02-16 21:40 - 2014-02-16 21:39 - 10028912 _____ (Akamai Technologies, Inc.) C:\Users\Nina-NB\Downloads\NexonEU_Installer (2).exe
2014-02-16 18:11 - 2013-05-03 15:23 - 00000000 ____D () C:\ProgramData\Nero
2014-02-16 18:10 - 2012-12-22 22:27 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\TeamViewer
2014-02-16 18:09 - 2012-03-15 22:23 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-16 13:33 - 2012-03-16 01:11 - 00000000 ____D () C:\Windows\pss
2014-02-16 13:31 - 2014-02-16 11:57 - 00000000 ____D () C:\Users\Nina-NB\Documents\Anti-Malware
2014-02-16 11:27 - 2013-02-09 12:16 - 00000000 ____D () C:\Users\Nina-NB\Documents\Prenosi
2014-02-16 00:45 - 2014-02-16 00:25 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-02-15 23:20 - 2014-02-15 22:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 23:03 - 2012-03-23 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 22:55 - 2014-02-15 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 22:46 - 2014-02-15 22:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 22:44 - 2014-02-15 22:44 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-15 22:43 - 2014-02-15 22:43 - 00001389 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-15 22:43 - 2014-02-15 22:42 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Nina-NB\Downloads\spybot-2.2.exe
2014-02-15 22:27 - 2014-02-15 22:19 - 396533760 _____ () C:\Users\Nina-NB\Downloads\kav_rescue_10.iso
2014-02-15 22:14 - 2014-02-15 22:14 - 00054765 _____ () C:\ComboFix.txt
2014-02-15 22:14 - 2013-05-06 14:27 - 00000000 ____D () C:\Qoobox
2014-02-15 21:56 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-15 21:39 - 2014-02-15 21:39 - 05183211 ____R (Swearware) C:\Users\Nina-NB\Downloads\ComboFix.exe
2014-02-15 21:25 - 2013-12-10 23:14 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\CrashDumps
2014-02-15 21:24 - 2013-12-26 19:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 21:24 - 2012-05-19 08:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 21:24 - 2012-03-15 23:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 21:20 - 2014-02-15 21:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-15 21:13 - 2013-12-26 23:14 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Winamp
2014-02-15 21:13 - 2013-12-25 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-15 21:12 - 2013-08-27 17:28 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 21:12 - 2011-08-31 08:41 - 00000000 ____D () C:\Windows\Panther
2014-02-15 21:09 - 2014-02-15 21:09 - 00199978 _____ () C:\Users\Nina-NB\Documents\cc_20140215_210944.reg
2014-02-15 21:09 - 2014-02-15 21:09 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-15 21:09 - 2014-02-15 21:09 - 00000832 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-15 21:09 - 2014-02-15 21:08 - 04721920 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\ccsetup410.exe
2014-02-15 21:09 - 2014-02-15 21:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-15 21:08 - 2014-02-15 21:08 - 04721144 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\ccsetup410pro.exe
2014-02-15 21:08 - 2014-02-15 21:08 - 04721144 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\ccsetup410pro (1).exe
2014-02-15 21:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 20:38 - 2014-02-15 20:38 - 00016012 _____ () C:\Users\Nina-NB\Desktop\crash.exe
2014-02-15 20:38 - 2014-02-15 20:38 - 00000345 _____ () C:\Users\Nina-NB\Desktop\crash.cpp
2014-02-15 19:39 - 2012-03-15 09:39 - 00000000 ___RD () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-15 19:16 - 2014-02-15 19:16 - 00015696 _____ () C:\Users\Nina-NB\Downloads\FL_NEXUS.exe
2014-02-15 19:11 - 2014-02-15 19:10 - 00000000 ____D () C:\Users\Nina-NB\Desktop\UNDERGROUND
2014-02-15 19:11 - 2014-02-15 19:08 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Dropbox
2014-02-15 19:10 - 2014-02-15 19:10 - 00001013 _____ () C:\Users\Nina-NB\Desktop\Dropbox.lnk
2014-02-15 19:10 - 2014-02-15 19:08 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\DropboxMaster
2014-02-15 19:08 - 2014-02-15 19:08 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-15 19:08 - 2014-02-15 19:07 - 37660568 _____ (Dropbox, Inc.) C:\Users\Nina-NB\Downloads\Dropbox 2.6.2.exe
2014-02-15 16:38 - 2013-12-09 23:22 - 00000000 ____D () C:\Users\Nina-NB\Desktop\gopro rok (2)
2014-02-15 16:20 - 2014-02-15 16:20 - 00000000 ____D () C:\Users\Nina-NB\Downloads\KRIŽCI_PA_KROŽCI
2014-02-15 16:13 - 2014-02-15 16:04 - 00000973 _____ () C:\Users\Nina-NB\Desktop\spammer.cpp
2014-02-15 16:09 - 2014-02-15 16:09 - 00000166 _____ () C:\Users\Nina-NB\Desktop\test.cpp
2014-02-14 00:56 - 2012-12-09 18:44 - 00862982 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 00:56 - 2012-03-21 10:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-14 00:56 - 2009-07-14 06:13 - 00862982 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 00:43 - 2014-02-14 00:42 - 00000000 ____D () C:\Users\Nina-NB\Desktop\GALAXY S2 ROOT
2014-02-14 00:25 - 2014-02-14 00:21 - 162367198 _____ () C:\Users\Nina-NB\Downloads\cm-10.1.3-i9100.zip
2014-02-14 00:21 - 2014-02-14 00:19 - 100751136 _____ () C:\Users\Nina-NB\Downloads\gapps-jb-20130812-signed.zip
2014-02-13 22:46 - 2014-02-13 22:46 - 07561216 _____ () C:\Users\Nina-NB\Downloads\jeboo_kernel_i9100_v1-2a.tar
2014-02-13 21:58 - 2014-02-13 21:58 - 00495470 _____ () C:\Users\Nina-NB\Downloads\ril-LQB-i9100-signed.zip
2014-02-13 21:57 - 2014-02-13 21:57 - 01587023 _____ () C:\Users\Nina-NB\Downloads\recovery-clockwork-touch-5.8.1.5-galaxys2.zip
2014-02-13 21:52 - 2014-02-13 21:52 - 06177451 _____ () C:\Users\Nina-NB\Downloads\kk-kernel-09-02-CWM.zip
2014-02-13 21:44 - 2014-02-13 21:44 - 00000000 ____D () C:\Users\Nina-NB\Downloads\kk-kernel-09-02-CWM
2014-02-13 21:22 - 2014-02-13 21:22 - 01358054 _____ () C:\Users\Nina-NB\Downloads\recovery-clockwork-4.0.1.5-galaxys2 (1).zip
2014-02-13 21:18 - 2014-02-13 21:18 - 00000000 ____D () C:\Users\Nina-NB\Downloads\recovery-clockwork-swipe-6.0.4.6-i9100
2014-02-13 21:15 - 2014-02-13 21:15 - 00000000 ____D () C:\Users\Nina-NB\Downloads\Odin307
2014-02-13 21:06 - 2014-02-13 21:06 - 01207012 _____ () C:\Users\Nina-NB\Downloads\Odin307.zip
2014-02-13 20:33 - 2014-02-13 20:33 - 05269876 _____ () C:\Users\Nina-NB\Downloads\recovery-clockwork-swipe-6.0.4.6-i9100.zip
2014-02-13 20:16 - 2014-02-13 20:12 - 00000000 ____D () C:\Users\Nina-NB\Desktop\gopro rok
2014-02-13 19:08 - 2014-02-13 17:38 - 00000000 ____D () C:\Users\Nina-NB\Desktop\Miha samsung i9100
2014-02-13 19:01 - 2014-02-13 18:58 - 87179530 _____ () C:\Users\Nina-NB\Downloads\gapps-kk-20140105-signed.zip
2014-02-13 18:56 - 2014-02-13 18:56 - 00007051 _____ () C:\Users\Nina-NB\Downloads\gapps-kk-20140105-signed.zip.torrent
2014-02-13 18:50 - 2009-07-14 03:34 - 00000510 _____ () C:\Windows\win.ini
2014-02-13 16:58 - 2014-02-13 16:58 - 00153734 _____ () C:\Users\Nina-NB\Downloads\kernel_settings_wipe.zip
2014-02-13 16:46 - 2014-02-13 16:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-13 16:43 - 2014-02-13 16:43 - 00002012 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-02-13 16:43 - 2014-02-13 16:43 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Nina-NB\Documents\samsung
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Samsung
2014-02-13 16:43 - 2014-02-13 16:43 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Samsung
2014-02-13 16:43 - 2014-02-13 16:41 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-13 16:42 - 2014-02-13 16:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-13 16:42 - 2011-08-31 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-13 16:40 - 2014-02-13 16:38 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Nina-NB\Downloads\KiesSetup.exe
2014-02-13 16:40 - 2012-03-15 22:08 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Downloaded Installations
2014-02-11 23:27 - 2012-03-15 09:41 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\VirtualStore
2014-02-11 17:59 - 2014-02-11 17:57 - 00001463 _____ () C:\Users\Nina-NB\Desktop\e-asistent_hack_2013.cpp
2014-02-11 17:20 - 2011-08-31 10:13 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 17:20 - 2011-08-31 10:13 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-10 22:38 - 2012-06-10 06:40 - 00000000 ____D () C:\Users\Nina-NB\Documents\ROK SOLA
2014-02-10 17:37 - 2014-02-10 17:37 - 00000000 ____D () C:\Users\Nina-NB\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-02-10 14:54 - 2014-02-10 14:54 - 00003215 _____ () C:\Users\Nina-NB\Desktop\Sophos Virus Removal Tool.lnk
2014-02-10 14:54 - 2014-02-10 14:54 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-02-10 14:54 - 2013-04-17 17:06 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-02-10 14:54 - 2012-03-23 17:03 - 00000000 ____D () C:\ProgramData\Sophos
2014-02-10 14:53 - 2014-02-10 14:51 - 83887936 _____ (Sophos Limited) C:\Users\Nina-NB\Downloads\Sophos Virus Removal Tool.exe
2014-02-10 14:45 - 2014-02-10 14:45 - 05180173 _____ (Swearware) C:\Users\Nina-NB\Downloads\ComboFix (1).exe
2014-02-08 19:18 - 2013-11-01 21:39 - 00002029 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-02-08 17:51 - 2014-02-08 17:51 - 00276980 _____ () C:\Users\Nina-NB\Downloads\The_Simpsons.torrent
2014-02-07 22:34 - 2014-02-07 22:34 - 02051584 _____ () C:\Users\Nina-NB\Downloads\aspplus_sl.msi
2014-02-07 16:33 - 2014-02-13 16:42 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-02-06 16:12 - 2014-02-02 22:04 - 00000000 ____D () C:\Users\Nina-NB\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595)
2014-02-06 13:16 - 2014-02-13 18:47 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 18:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 18:47 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 18:47 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 18:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 18:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 18:47 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 18:47 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 18:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 18:47 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 18:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 18:47 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 18:47 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 18:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 18:47 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 18:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 18:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 18:47 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 18:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 18:47 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 18:47 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 18:47 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 18:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 18:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 18:47 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 18:47 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 18:47 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 18:47 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 18:47 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 18:47 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 18:47 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 18:47 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 18:47 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 18:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 18:47 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 18:47 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 16:14 - 2011-12-28 14:59 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-02-05 15:29 - 2014-02-05 15:28 - 14107008 _____ (Driver-Soft Inc. ) C:\Users\Nina-NB\Downloads\DG_Setup.exe
2014-02-05 15:28 - 2011-08-31 10:13 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-05 15:22 - 2014-02-05 15:22 - 00020148 _____ () C:\Users\Nina-NB\Downloads\Realtek.High.Definition.Audio.Driver.R2.64.torrent
2014-02-05 15:17 - 2014-02-05 15:17 - 00000000 ____D () C:\ProgramData\TOSHIBA Tempro
2014-02-05 15:17 - 2014-02-05 15:17 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-02-05 03:31 - 2013-08-06 15:46 - 00000000 ____D () C:\.jagex_cache_32
2014-02-05 03:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-02-04 18:32 - 2012-03-15 09:39 - 00000000 ____D () C:\Users\Nina-NB
2014-02-03 21:36 - 2014-02-03 21:36 - 00949418 _____ () C:\Users\Nina-NB\Downloads\Tecaj_GJP.ppsx
2014-02-02 22:21 - 2013-09-26 16:55 - 00088792 _____ () C:\Users\Nina-NB\Downloads\OTL.Txt
2014-02-02 14:43 - 2014-02-02 14:42 - 34249488 _____ (Riot Games) C:\Users\Nina-NB\Downloads\LeagueofLegends_EUNE_Installer_06_17_13.exe
2014-02-01 23:28 - 2013-12-26 23:21 - 00000806 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-02-01 23:28 - 2013-12-26 23:20 - 00000000 ____D () C:\Program Files\Speccy
2014-02-01 20:31 - 2014-02-01 20:31 - 04845384 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\spsetup125 (1).exe
2014-02-01 20:31 - 2014-02-01 20:30 - 04845384 _____ (Piriform Ltd) C:\Users\Nina-NB\Downloads\spsetup125.exe
2014-01-31 23:13 - 2014-01-31 23:13 - 00008747 _____ () C:\Users\Nina-NB\Documents\mami31.1.xlsx
2014-01-31 23:06 - 2014-01-24 07:58 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Battle.net
2014-01-31 20:19 - 2012-03-24 19:38 - 00000000 ____D () C:\Users\Nina-NB\Documents\NINA
2014-01-28 08:41 - 2014-01-28 08:41 - 00448512 _____ (OldTimer Tools) C:\Users\Nina-NB\Downloads\TFC (1).exe
2014-01-28 08:40 - 2013-08-01 08:46 - 00000000 ____D () C:\Riot Games
2014-01-28 08:33 - 2014-01-28 08:33 - 00001087 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-01-28 08:33 - 2014-01-28 08:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-01-28 08:26 - 2012-09-28 18:07 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\PMB Files
2014-01-28 08:26 - 2012-09-28 18:07 - 00000000 ____D () C:\ProgramData\PMB Files
2014-01-27 23:50 - 2012-10-27 11:31 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Notepad++
2014-01-27 22:11 - 2012-10-27 11:31 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-01-27 22:05 - 2014-01-27 22:05 - 00001067 _____ () C:\Users\Nina-NB\Desktop\Notepad++.lnk
2014-01-27 22:05 - 2014-01-27 22:05 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-27 22:04 - 2014-01-27 22:04 - 07598942 _____ () C:\Users\Nina-NB\Downloads\npp.6.5.3.Installer.exe
2014-01-27 19:50 - 2014-01-27 19:50 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-27 19:50 - 2013-11-01 21:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-27 19:50 - 2012-04-07 18:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-24 09:19 - 2014-01-24 07:58 - 00000000 ____D () C:\Users\Nina-NB\AppData\Roaming\Battle.net
2014-01-24 08:45 - 2014-01-24 08:45 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Blizzard
2014-01-24 08:45 - 2014-01-24 07:59 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-01-24 07:59 - 2014-01-24 07:59 - 00001193 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-01-24 07:58 - 2014-01-24 07:58 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Blizzard Entertainment
2014-01-24 07:58 - 2014-01-24 07:58 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-01-24 07:58 - 2014-01-24 07:58 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-01-24 07:56 - 2014-01-24 07:56 - 00000000 ____D () C:\ProgramData\Battle.net
2014-01-24 07:55 - 2014-01-24 07:55 - 05971136 _____ (Blizzard Entertainment) C:\Users\Nina-NB\Downloads\Hearthstone-Beta-Setup-enUS.exe
2014-01-23 18:31 - 2014-02-13 16:42 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00974848 _____ () C:\Windows\SysWOW64\cis-2.4.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00569344 _____ (© MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00491520 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00352256 _____ (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00330240 _____ ((주)마크애니) C:\Windows\MASetupCaller.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00258048 _____ (© PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00245760 _____ (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00200704 _____ ( © MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00172032 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2014-01-23 18:31 - 2014-01-23 18:31 - 00155648 _____ (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00143360 _____ () C:\Windows\SysWOW64\3DAudio.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00135168 _____ (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00131072 _____ (© MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00122880 _____ (© MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00118784 _____ ((주)마크애니) C:\Windows\SysWOW64\MaDRM.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00110592 _____ (© MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2014-01-23 18:31 - 2014-01-23 18:31 - 00090112 _____ ((주)마크애니) C:\Windows\MAMCityDownload.ocx
2014-01-23 18:31 - 2014-01-23 18:31 - 00081920 _____ () C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00065536 _____ () C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00057344 _____ (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00057344 _____ (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00057344 _____ () C:\Windows\SysWOW64\issacapi_se-2.3.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00049152 _____ ((주) 마크애니) C:\Windows\SysWOW64\MaJGUILib.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00045320 _____ (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00045056 _____ ((주) 마크애니) C:\Windows\SysWOW64\MaXMLProto.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00045056 _____ ((주) 마크애니) C:\Windows\SysWOW64\MACXMLProto.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00040960 _____ (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2014-01-23 18:31 - 2014-01-23 18:31 - 00030568 _____ () C:\Windows\MusiccityDownload.exe
2014-01-23 18:31 - 2014-01-23 18:31 - 00024576 _____ ((주)마크애니) C:\Windows\SysWOW64\MASetupCleaner.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-20 09:44 - 2013-11-10 22:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-20 08:17 - 2012-03-15 23:51 - 00000000 ____D () C:\Users\Nina-NB\AppData\Local\Adobe
 
Files to move or delete:
====================
C:\Users\Nina-NB\jagex_cl_runescape_LIVE.dat
C:\Users\Nina-NB\jagex_cl_runescape_LIVE1.dat
C:\Users\Nina-NB\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Nina-NB\AppData\Local\Temp\NGMDll.dll
C:\Users\Nina-NB\AppData\Local\Temp\NGMResource.dll
C:\Users\Nina-NB\AppData\Local\Temp\NGMSetup.exe
C:\Users\Nina-NB\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Nina-NB\AppData\Local\Temp\Quarantine.exe
C:\Users\Nina-NB\AppData\Local\Temp\unicows.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-09 07:45
 
==================== End Of Log ============================
 
 
 
-----------------------------------------------------------------------------------------------------------------------
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Nina-NB at 2014-02-19 09:32:29
Running from C:\Users\Nina-NB\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Osebni požarni zid ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
ACDSee Pro 3 (x32 Version: 3.0.475 - ACD Systems International Inc.)
ACDSee RAW Image Decoder Plug-In Update 4.1 (x32 Version: 4.1.296 - ACD Systems International Inc.)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Apple Mobile Device Support (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (x32 Version: 9.2 - Atheros)
Audiosurf (x32 Version:  - Dylan Fitterer)
Aurora 15.0a2 (x86 sl) (x32 Version: 15.0a2 - Mozilla)
Battle.net (x32 Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (Version: v8.00.06(T) - TOSHIBA CORPORATION)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 4.10 - Piriform)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Combat Arms EU (x32 Version:  - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Dev-C++ 5 beta 9 release (4.9.9.2) (x32 Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2300.0 - PreEmptive Solutions)
Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7 - Dennis Meuwissen)
EndNote X6 (x32 Version: 16.0.0.6348 - Thomson Reuters)
ESET Online Scanner v3 (x32 Version:  - )
ESET Smart Security (Version: 7.0.302.26 - ESET, spol s r. o.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GoodSync (x32 Version:  - Siber Systems)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Google Zemlja (x32 Version: 7.1.2.2041 - Google)
GoPro Studio 2.0.0 (x32 Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
Hearthstone (x32 Version:  - Blizzard Entertainment)
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
ImgBurn (x32 Version: 2.5.7.0 - LIGHTNING UK!)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
iTunes (Version: 10.6.1.7 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Croatian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Slovenian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Slovenian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 sl) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.0.6002 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.8000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.17700 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.0.28001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15500 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18900 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.28001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.19600 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.0.31001 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.10002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.0.8000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Notepad++ (x32 Version: 6.5.3 - Notepad++ Team)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
osu! (x32 Version: 0.0.0.0 - peppy)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011 - Realtek)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (x32 Version:  - )
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8 - VS Revo Group, Ltd.)
RuneScape Launcher 1.2.3 (x32 Version: 1.2.3 - Jagex Ltd)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Sophos Virus Removal Tool (x32 Version: 2.4 - Sophos Limited)
Speccy (Version: 1.25 - Piriform)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
STATGRAPHICS Centurion XV.II (x32 Version: 15.02.0014 - StatPoint, Inc.)
Steam (x32 Version:  - Valve Corporation)
SumatraPDF (x32 Version: 1.9 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated)
TeamViewer 9 (x32 Version: 9.0.25942 - TeamViewer)
TERA (x32 Version: 7 - Gameforge Productions GmbH)
tools-freebsd (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
TOSHIBA Assist (x32 Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (x32 Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.23.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.23.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (x32 Version: 1.2.23.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (x32 Version: 2.00.0013 - TOSHIBA)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden
Toshiba Manuals (x32 Version: 10.03 - TOSHIBA)
TOSHIBA Media Controller (x32 Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (x32 Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (x32 Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.10010 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.1.0.0 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.1.0.0 - TOSHIBA) Hidden
TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (x32 Version: 2.00.0008 - TOSHIBA)
TOSHIBA TEMPRO (x32 Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 2.0.0.13 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.13 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.4 - TOSHIBA CORPORATION)
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
TRORMCLauncher (x32 Version:  - )
Uniblue PowerSuite (x32 Version:  - Uniblue Systems Ltd)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 1 (KB2707250) (x32 Version: 11.0.51106 - Microsoft Corporation)
VLC media player 2.0.6 (x32 Version: 2.0.6 - VideoLAN)
VMware Workstation (Version: 10.0.0 - VMware, Inc.) Hidden
VMware Workstation (x32 Version: 10.0.0 - VMware, Inc)
Web Deployment Tool (Version: 1.1.0618 - Microsoft Corporation)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Winamp (x32 Version: 5.66  - Nullsoft, Inc)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (Version: 03/07/2012  - GoPro)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 7 (64-bit) (Version: 5.00.7 - win.rar GmbH)
WinRAR archiver (x32 Version:  - )
YTD Video Downloader 4.7.2 (x32 Version: 4.7.2 - GreenTree Applications SRL)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
11-02-2014 15:44:20 Windows Update
13-02-2014 15:40:51 Installed Samsung Kies
13-02-2014 17:46:21 Windows Update
13-02-2014 23:49:24 Windows Update
15-02-2014 20:41:31 ComboFix created restore point
16-02-2014 18:00:19 Windows Backup
17-02-2014 16:17:45 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2013-11-21 20:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {47099FC1-C9DD-48EC-B76E-57D5CF2077E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {512218B7-177C-4C99-9A1D-BE55141DF7EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {6D7BA663-452C-41C7-98C5-980E2ACC5896} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)
Task: {7A24E3B6-D916-4BB3-840D-4C882D3A1DD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15] (Adobe Systems Incorporated)
Task: {7CC396A5-84D5-4F76-8366-8B19CCF29457} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A25BB16D-B84E-4111-8E1C-533B2D046690} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {B647AEC9-4025-4783-B659-030A0C669D68} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {B7D73373-626D-4349-A99E-C93834183F04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {B804ACDE-97A6-46A4-A7F0-8CA4FB2979BE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FDBBFCC0-7392-4847-8240-2F1E0813D4FE} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {FEC84FF7-C863-40A5-A322-F6F8F6828C49} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-28 07:09 - 2013-04-28 07:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-15 22:43 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-15 22:43 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-15 22:43 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-15 22:43 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-15 22:43 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-05 15:28 - 2014-02-02 00:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-05 15:28 - 2014-02-02 00:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-05 15:28 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-05 15:28 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-05 15:28 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-05 15:28 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService6 => 2
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cfWiMAXService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TemproMonitoringService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMwareHostd => 3
MSCONFIG\Services: vToolbarUpdater13.2.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Nina-NB^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nina-NB\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: KPeerNexonEU => 
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: NBAgent => 
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: PowerSuite => "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000  -m
MSCONFIG\startupreg: ROC_roc_ssl_v12 => 
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: vProt => 
MSCONFIG\startupreg: WinampAgent => 
 
==================== Faulty Device Manager Devices =============
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-21 20:05:46.755
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-21 20:05:46.693
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 21:29:22.139
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-18 21:29:22.055
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 17:55:13.879
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-08-13 17:55:13.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-06 15:40:45.109
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-06 15:40:45.085
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-16 22:15:32.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-16 22:15:32.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 8172.91 MB
Available physical RAM: 5766.59 MB
Total Pagefile: 14313.09 MB
Available Pagefile: 11487.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (375%750_W7) (Fixed) (Total:349.02 GB) (Free:151.55 GB) NTFS
Drive d: (375%750_Data) (Fixed) (Total:349.23 GB) (Free:27.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1C6C03C0)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=349 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=349 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
What should i do next? :)
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 19 February 2014 - 10:36 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Nina-NB\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-12-24]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me now if the problem persists.

#5 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 19 February 2014 - 02:16 PM

Hello again nasdaq! 

Here is FRST log;
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Nina-NB at 2014-02-19 20:05:55 Run:2
Running from C:\Users\Nina-NB\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Nina-NB\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-12-24]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
end
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp => Key deleted successfully.
C:\Users\Nina-NB\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx => Moved successfully.
catchme => Service deleted successfully.
 
==== End of Fixlog ====
 
----------------------------------------------------------------------------------------
 
and here is security check result ;
 
 
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET Smart Security 7.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.44 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 
 

Well i dont know really, beacuse i never felt that i am backdoored but virustotal results said other. :/
anything else i should try or am i clean?


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 19 February 2014 - 04:52 PM

How is the computer performing?

What are the results of virustotal

#7 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 20 February 2014 - 02:38 AM

Pc seems to be preforming pretty good, without any errors or laggs. here is virustotal result ; https://www.virustotal.com/en/file/dfb411cff5824c1df8245e30204a5181adecae88d2555008dd842292b09db165/analysis/

 

I think it may be false positive?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 20 February 2014 - 08:52 AM

Pc seems to be preforming pretty good, without any errors or laggs. here is virustotal result ; https://www.virustotal.com/en/file/dfb411cff5824c1df8245e30204a5181adecae88d2555008dd842292b09db165/analysis/

I would not use it. Use it at your own risk.

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Flash test site:
http://www.adobe.com/software/flash/about/

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine

===
Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh


Adobe Reader/Acrobat v11.0.05 was released Oct 8, 2013

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>



If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
Ignore if ComboFix was not used.
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:38 PM

Posted 26 February 2014 - 10:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users