killtheransom

Members

View Profile See their activity

Posts
2
Joined
August 15, 2013
Last visited
August 21, 2013

Reputation

0 Neutral

Trojan.Ransom, Trojan.FakeAlert.ED keeps coming back

killtheransom replied to killtheransom's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01 Ran by Matto (administrator) on 16-08-2013 00:19:39 Running from C:\Users\Matto\Desktop\temp-download Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files (x86)\stunnel\stunnel.exe (Zepsoft) C:\Program Files (x86)\zepsoft\Wallpaper Calendar\WallCal3.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations) HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-22] (NVIDIA Corporation) HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation) HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-25] (Dell Inc.) HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [369152 2010-01-26] (Alps Electric Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [sugarSync] - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11262304 2013-04-04] (SugarSync, Inc.) HKCU\...\Run: [shutdown_Manager] - [x] HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.) MountPoints2: {24253d22-5584-11e2-b292-1803736b3c74} - E:\LGAutoRun.exe HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-22] (Microsoft Corporation) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-26] (Nullsoft, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation) Startup: C:\Users\Matto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wallpaper Calendar.lnk ShortcutTarget: Wallpaper Calendar.lnk -> C:\Program Files (x86)\zepsoft\Wallpaper Calendar\WallCal3.exe (Zepsoft) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {3D7A6AC5-3D06-4B40-98DF-7D0E9A151C7D} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A9D2F5ED-0739-42EC-A710-FC9771D5BAED&apn_sauid=B025BCF5-41EB-47D1-8B30-E4F63B15B570 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: msdaipp - No CLSID Value - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 84.2.46.1 84.2.44.1 FireFox: ======== FF ProfilePath: C:\Users\Matto\AppData\Roaming\Mozilla\Firefox\Profiles\je0weawy.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Matto\AppData\Roaming\Mozilla\Firefox\Profiles\je0weawy.default\searchplugins\askcom.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird ==================== Services (Whitelisted) ================= R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] () R2 stunnel; C:\Program Files (x86)\stunnel\stunnel.exe [93184 2010-03-23] () ==================== Drivers (Whitelisted) ==================== S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-29] () S3 GENERICDRV; \??\D:\dell drivers\amifldrv64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-15 23:24 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 23:24 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 23:24 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 23:24 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 23:24 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 23:24 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-15 23:24 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-15 23:24 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 23:24 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 23:24 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 23:24 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 23:24 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-15 23:24 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-15 23:24 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 23:24 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-15 23:24 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 23:24 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 23:24 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 23:24 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 23:24 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 23:24 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 23:24 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-08-15 23:24 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-08-15 23:24 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 23:24 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 23:24 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 23:24 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 23:24 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-08-15 23:24 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-08-15 23:24 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 23:24 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 23:24 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-08-15 21:27 - 2013-08-15 21:27 - 00157184 _____ C:\Users\Matto\Desktop\Copy of 2013 webshop forgalom2.xls 2013-08-15 11:01 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 11:01 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 11:01 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 11:01 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 11:01 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 11:01 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 11:01 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 11:01 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 11:00 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 11:00 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 11:00 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 11:00 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 11:00 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 11:00 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 11:00 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 11:00 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 11:00 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 11:00 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 11:00 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 11:00 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 11:00 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 11:00 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 11:00 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 11:00 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 11:00 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 11:00 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 11:00 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-15 11:00 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-08-15 11:00 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-08-15 11:00 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-08-15 11:00 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-08-15 11:00 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-08-15 11:00 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-08-15 11:00 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-15 11:00 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-08-13 17:53 - 2013-08-13 17:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-13 17:44 - 2013-08-13 17:53 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-09 08:31 - 2013-08-09 08:31 - 00007982 _____ C:\Users\Matto\Desktop\sktk.csv 2013-08-08 17:06 - 2013-08-08 17:06 - 00006095 _____ C:\Users\Matto\Desktop\Copy of czk partnerek.csv 2013-08-08 11:50 - 2013-08-08 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-07 20:24 - 2013-08-07 20:45 - 01516409 _____ C:\Users\Matto\Desktop\torzsvevo.csv 2013-08-07 20:22 - 2013-08-07 20:22 - 02748416 _____ C:\Users\Matto\Desktop\torzsvevo.xls 2013-08-05 23:03 - 2013-08-05 23:03 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-08-05 10:29 - 2013-08-05 10:29 - 00024576 _____ C:\Users\Matto\Desktop\ferfi.xls 2013-08-02 12:48 - 2013-08-02 12:48 - 00000000 ____D C:\ProgramData\ESET 2013-08-02 12:48 - 2013-08-02 12:48 - 00000000 ____D C:\Program Files\ESET 2013-08-02 12:45 - 2013-08-02 12:45 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-02 12:45 - 2013-08-02 12:45 - 00000000 ____D C:\Users\Matto\AppData\Roaming\Malwarebytes 2013-08-02 12:45 - 2013-08-02 12:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-02 12:45 - 2013-08-02 12:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-02 12:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-02 10:11 - 2013-08-02 10:11 - 02649850 _____ C:\Users\Matto\Desktop\Megtobb_termek_50_uszogumis.psd 2013-08-02 08:59 - 2013-08-15 19:35 - 00000004 _____ C:\Users\Matto\AppData\Roaming\cache.ini 2013-08-01 14:34 - 2013-08-01 14:34 - 00072704 _____ C:\Users\Matto\Desktop\szlovak-juli.xls 2013-07-19 12:37 - 2013-07-23 19:03 - 00012958 _____ C:\Users\Matto\Desktop\eddigi-fizetések.xlsx 2013-07-19 09:19 - 2013-07-19 09:19 - 00914944 _____ C:\Users\Matto\Desktop\paypal.xls ==================== One Month Modified Files and Folders ======= 2013-08-16 09:56 - 2013-08-16 09:56 - 00000000 ____D C:\FRST 2013-08-16 00:18 - 2009-07-14 06:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-16 00:18 - 2009-07-14 06:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-16 00:16 - 2009-07-14 07:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-16 00:15 - 2011-11-30 17:00 - 00000000 ____D C:\Users\Matto\AppData\Roaming\Skype 2013-08-16 00:07 - 2011-12-02 14:56 - 00001026 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-16 00:07 - 2011-11-30 11:35 - 02044545 _____ C:\Windows\WindowsUpdate.log 2013-08-16 00:02 - 2011-12-05 19:52 - 00001024 _____ C:\.rnd 2013-08-16 00:02 - 2011-12-02 14:56 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-16 00:01 - 2011-11-30 14:00 - 00000000 ____D C:\ProgramData\NVIDIA 2013-08-16 00:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-16 00:00 - 2009-07-14 06:51 - 00111448 _____ C:\Windows\setupact.log 2013-08-15 23:31 - 2012-04-05 08:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-15 23:21 - 2011-11-30 16:48 - 00000000 ___RD C:\Users\Matto\Desktop\temp-download 2013-08-15 21:27 - 2013-08-15 21:27 - 00157184 _____ C:\Users\Matto\Desktop\Copy of 2013 webshop forgalom2.xls 2013-08-15 21:16 - 2011-12-06 13:15 - 00000000 ____D C:\Users\Matto\AppData\Local\CrashDumps 2013-08-15 21:01 - 2011-12-02 13:36 - 11098112 ___SH C:\Users\Matto\Desktop\Thumbs.db 2013-08-15 19:52 - 2011-11-30 21:36 - 00013144 _____ C:\Windows\PFRO.log 2013-08-15 19:35 - 2013-08-02 08:59 - 00000004 _____ C:\Users\Matto\AppData\Roaming\cache.ini 2013-08-15 19:19 - 2011-12-05 17:46 - 00000000 ____D C:\mozilla_levelek 2013-08-15 19:13 - 2011-12-05 17:46 - 00000000 ____D C:\outlook_levelek 2013-08-15 18:57 - 2011-12-12 16:44 - 00000000 ____D C:\Users\Matto\AppData\Local\CutePDF Writer 2013-08-15 16:47 - 2011-12-06 15:22 - 00001456 _____ C:\Users\Matto\AppData\Local\Adobe Save for Web 12.0 Prefs 2013-08-15 11:36 - 2012-08-29 09:09 - 00000000 ____D C:\Users\Matto\Desktop\torold 2013-08-13 23:45 - 2012-11-22 02:53 - 00000000 ___HD C:\Users\Matto\AppData\Local\p0tNq0KOOY 2013-08-13 23:45 - 2011-12-01 00:13 - 00000000 ____D C:\Users\Matto\AppData\Roaming\PACE Anti-Piracy 2013-08-13 23:45 - 2011-12-01 00:13 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy 2013-08-13 17:53 - 2013-08-13 17:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-13 17:53 - 2013-08-13 17:44 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-13 17:12 - 2011-12-02 14:55 - 00000000 ____D C:\Users\Matto\AppData\Local\Google 2013-08-13 17:07 - 2009-07-14 06:45 - 00018432 _____ C:\Windows\system32\umstartup.etl 2013-08-13 16:53 - 2009-07-14 07:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-08-13 14:01 - 2011-12-02 13:27 - 00000000 ____D C:\matto 2013-08-13 09:46 - 2011-12-01 18:41 - 00000000 ____D C:\fenykepek 2013-08-12 12:26 - 2012-10-18 06:52 - 00017709 _____ C:\Users\Matto\Desktop\Htterv.xlsx 2013-08-10 18:55 - 2012-04-27 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-09 08:31 - 2013-08-09 08:31 - 00007982 _____ C:\Users\Matto\Desktop\sktk.csv 2013-08-08 17:06 - 2013-08-08 17:06 - 00006095 _____ C:\Users\Matto\Desktop\Copy of czk partnerek.csv 2013-08-08 11:50 - 2013-08-08 11:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-07 20:45 - 2013-08-07 20:24 - 01516409 _____ C:\Users\Matto\Desktop\torzsvevo.csv 2013-08-07 20:22 - 2013-08-07 20:22 - 02748416 _____ C:\Users\Matto\Desktop\torzsvevo.xls 2013-08-05 23:03 - 2013-08-05 23:03 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-08-05 23:03 - 2011-12-02 14:55 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-05 10:29 - 2013-08-05 10:29 - 00024576 _____ C:\Users\Matto\Desktop\ferfi.xls 2013-08-02 16:14 - 2013-03-03 13:51 - 00000000 ____D C:\Users\Matto\AppData\Local\SugarSync 2013-08-02 12:48 - 2013-08-02 12:48 - 00000000 ____D C:\ProgramData\ESET 2013-08-02 12:48 - 2013-08-02 12:48 - 00000000 ____D C:\Program Files\ESET 2013-08-02 12:45 - 2013-08-02 12:45 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-08-02 12:45 - 2013-08-02 12:45 - 00000000 ____D C:\Users\Matto\AppData\Roaming\Malwarebytes 2013-08-02 12:45 - 2013-08-02 12:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-02 12:45 - 2013-08-02 12:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-02 10:11 - 2013-08-02 10:11 - 02649850 _____ C:\Users\Matto\Desktop\Megtobb_termek_50_uszogumis.psd 2013-08-02 09:58 - 2011-11-30 20:42 - 00000000 ____D C:\Users\Matto 2013-08-01 14:34 - 2013-08-01 14:34 - 00072704 _____ C:\Users\Matto\Desktop\szlovak-juli.xls 2013-07-29 11:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-25 11:25 - 2013-08-15 11:00 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 10:57 - 2013-08-15 11:00 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-25 05:54 - 2013-08-15 23:24 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-25 05:37 - 2013-08-15 23:24 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-25 05:35 - 2013-08-15 23:24 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-25 05:31 - 2013-08-15 23:24 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-25 05:30 - 2013-08-15 23:24 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-25 05:29 - 2013-08-15 23:24 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-25 05:29 - 2013-08-15 23:24 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-25 05:29 - 2013-08-15 23:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-25 05:28 - 2013-08-15 23:24 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-25 05:28 - 2013-08-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-25 05:28 - 2013-08-15 23:24 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-25 05:28 - 2013-08-15 23:24 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-25 05:28 - 2013-08-15 23:24 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-25 05:27 - 2013-08-15 23:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-25 05:27 - 2013-08-15 23:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-25 05:26 - 2013-08-15 23:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-25 04:40 - 2013-08-15 23:24 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-25 04:32 - 2013-08-15 23:24 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-25 04:30 - 2013-08-15 23:24 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-25 04:26 - 2013-08-15 23:24 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-25 04:26 - 2013-08-15 23:24 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-25 04:25 - 2013-08-15 23:24 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-25 04:24 - 2013-08-15 23:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-25 04:24 - 2013-08-15 23:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-25 04:23 - 2013-08-15 23:24 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-25 04:23 - 2013-08-15 23:24 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-25 04:23 - 2013-08-15 23:24 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-25 04:23 - 2013-08-15 23:24 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-25 04:23 - 2013-08-15 23:24 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-25 04:22 - 2013-08-15 23:24 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-25 04:22 - 2013-08-15 23:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-25 04:22 - 2013-08-15 23:24 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-07-24 08:35 - 2011-11-30 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-24 08:35 - 2011-11-30 16:59 - 00000000 ____D C:\ProgramData\Skype 2013-07-23 19:03 - 2013-07-19 12:37 - 00012958 _____ C:\Users\Matto\Desktop\eddigi-fizetések.xlsx 2013-07-19 09:19 - 2013-07-19 09:19 - 00914944 _____ C:\Users\Matto\Desktop\paypal.xls 2013-07-19 03:58 - 2013-08-15 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-07-19 03:41 - 2013-08-15 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll Files to move or delete: ==================== C:\Users\Matto\AppData\Roaming\cache.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 18:19 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01 Ran by Matto at 2013-08-16 00:20:56 Running from C:\Users\Matto\Desktop\temp-download Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 2.5.1.17730) Adobe Community Help (x32 Version: 3.4.980) Adobe Creative Suite 5.5 Production Premium (x32 Version: 5.5) Adobe Dreamweaver CS5.5 (x32 Version: 11.5) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) Adobe Story (x32 Version: 1.0.571) Apple Application Support (x32 Version: 2.1.5) Apple Software Update (x32 Version: 2.1.3.127) Bluetooth Win7 Suite (64) (Version: 7.2.0.83) BS.Player FREE (x32 Version: 2.58.1058) Dell Digital Delivery (x32 Version: 1.7.4501.0) Dell Touchpad (Version: 7.1106.101.111) Dell Wireless Driver Installation (x32 Version: 9.0) Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0) ePDF Writer 2.8 ESET NOD32 Antivirus (Version: 6.0.316.1) Google Earth (x32 Version: 7.1.1.1888) Google Update Helper (x32 Version: 1.3.21.153) GTA San Andreas (x32 Version: 1.00.00001) IDT Audio (x32 Version: 1.0.6341.0) Intel PROSet Wireless Intel PROSet Wireless (x32) Intel® Management Engine Components (x32 Version: 7.0.0.1118) Intel® Processor Graphics (x32 Version: 8.15.10.2361) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.0.0454) Intel® PROSet/Wireless WiFi szoftver (Version: 14.2.0000) Java 7 Update 9 (64-bit) (Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.6.0) Java 6 Update 31 (x32 Version: 6.0.310) Java 7 Update 5 (x32 Version: 7.0.50) JavaFX 2.1.1 (x32 Version: 2.1.1) LG PC Suite (x32 Version: 5.2.17.20121218) LG United Mobile Drivers (x32 Version: 3.8.1) MailingCheck (x32 Version: 1.00.0004) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office FrontPage 2003 (x32 Version: 11.0.5614.0) Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) Modem Diagnostic Tool (Version: 1.0.28.0) Mozilla Firefox 23.0 (x86 hu) (x32 Version: 23.0) Mozilla Maintenance Service (x32 Version: 23.0) Mozilla Thunderbird 17.0.7 (x86 hu) (x32 Version: 17.0.7) Need for Speed™ The Run (x32 Version: 1.0.0.0) Nero Burning ROM 10 (x32 Version: 10.2.11000.12.100) Nero Burning ROM 10 (x32 Version: 10.5.10300) Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100) Nero BurnRights 10 (x32 Version: 4.2.10300.0.102) Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000) Nero Control Center 10 (x32 Version: 10.2.10600.0.6) Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000) Nero Core Components 10 (x32 Version: 2.0.17400.8.2) Nero Update (x32 Version: 1.0.0018) Netwaiting (x32 Version: 2.5.59) NVIDIA 3D Vision Driver 268.30 (Version: 268.30) NVIDIA Control Panel 268.30 (Version: 268.30) NVIDIA Graphics Driver 268.30 (Version: 268.30) NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1) NVIDIA Install Application (Version: 2.265.41.0) NVIDIA Optimus 1.0.21 (Version: 1.0.21) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6830) NVIDIA Update Components (Version: 1.0.21) PDF Settings CS5 (x32 Version: 10.0) Picasa 3 (x32 Version: 3.9) PxMergeModule (x32 Version: 1.00.0000) Quickset64 (Version: 10.09.25) QuickTime (x32 Version: 7.71.80.42) Realtek Ethernet Controller Driver (x32 Version: 7.31.1025.2010) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0) SendBlaster (x32 Version: 1.05.0005) Shutdown Scheduler (x32 Version: 1.0.0) Skype Click to Call (x32 Version: 6.10.13089) Skype™ 6.5 (x32 Version: 6.5.158) stunnel (x32) SugarSync Manager (x32 Version: 1.9.96.111090) Számlázó (x32 Version: 2008) Total Commander (Remove or Repair) (x32 Version: 7.55) VidCoder 1.2.6 (x86) (x32 Version: 1.2.6) VirtualDJ PRO Full (x32 Version: 7.0.5) Wallpaper Calendar (x32) Winamp (x32 Version: 5.622 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) WinZip 16.0 (Version: 16.0.9691) XnView 1.98.5 (x32 Version: 1.98.5) ==================== Restore Points ========================= 13-08-2013 19:37:52 Scheduled Checkpoint 15-08-2013 08:50:01 Windows Update 15-08-2013 21:23:55 Windows Update ==================== Hosts content: ========================== 2011-11-30 21:10 - 2011-11-30 21:09 - 00001803 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net ==================== Scheduled Tasks (whitelisted) ============= Task: {306544AC-6B6A-4BA2-8788-33350A04C6D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {4976A56A-21F7-475A-A272-ED52EBF5619F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02] (Google Inc.) Task: {93F8E98D-8D45-4A4A-A830-2BFA9232A874} - System32\Tasks\AdobeAAMUpdater-1.0-MATTODELL-Matto => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated) Task: {982BD253-8A7C-4496-AA31-327966F85375} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-02] (Google Inc.) Task: {E33CA120-3BDD-40D6-87FE-283E8026A225} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe FE Family Controller Description: Realtek PCIe FE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Dell Wireless 1702 Bluetooth v3.0+HS Description: Dell Wireless 1702 Bluetooth v3.0+HS Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/16/2013 00:02:46 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/15/2013 11:40:19 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/15/2013 09:16:51 PM) (Source: Application Error) (User: ) Description: Faulting application name: Szamla.exe, version: 1.5.1.48, time stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc00000fd Fault offset: 0x77251264 Faulting process id: 0xc70 Faulting application start time: 0xSzamla.exe0 Faulting application path: Szamla.exe1 Faulting module path: Szamla.exe2 Report Id: Szamla.exe3 Error: (08/15/2013 09:16:46 PM) (Source: Application Error) (User: ) Description: Faulting application name: Szamla.exe, version: 1.5.1.48, time stamp: 0x2a425e19 Faulting module name: Szamla.exe, version: 1.5.1.48, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000298e7 Faulting process id: 0xc70 Faulting application start time: 0xSzamla.exe0 Faulting application path: Szamla.exe1 Faulting module path: Szamla.exe2 Report Id: Szamla.exe3 Error: (08/15/2013 02:41:51 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/14/2013 11:41:37 AM) (Source: Application Hang) (User: ) Description: The program Photoshop.exe version 12.1.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2b48 Start Time: 01ce98d224219a6b Termination Time: 24 Application Path: C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe Report Id: Error: (08/14/2013 09:29:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/14/2013 09:29:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/14/2013 08:04:43 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (08/13/2013 08:31:50 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors: ============= Error: (08/16/2013 00:05:34 AM) (Source: Service Control Manager) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: %%1053 Error: (08/16/2013 00:05:34 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect. Error: (08/15/2013 11:49:03 PM) (Source: Service Control Manager) (User: ) Description: The Server service terminated with the following error: %%1062 Error: (08/15/2013 11:49:02 PM) (Source: Service Control Manager) (User: ) Description: The Computer Browser service terminated with the following error: %%1115 Error: (08/15/2013 11:49:01 PM) (Source: Service Control Manager) (User: ) Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781. Error: (08/15/2013 11:49:01 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY) Description: The BITS service failed to start. Error 2147943515. Error: (08/15/2013 11:36:50 PM) (Source: Service Control Manager) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: %%1053 Error: (08/15/2013 11:36:50 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect. Error: (08/15/2013 07:56:32 PM) (Source: Service Control Manager) (User: ) Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/15/2013 01:03:43 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Microsoft Office Sessions: ========================= Error: (08/16/2013 00:02:46 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (08/15/2013 11:40:19 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (08/15/2013 09:16:51 PM) (Source: Application Error)(User: ) Description: Szamla.exe1.5.1.482a425e19unknown0.0.0.000000000c00000fd77251264c7001ce99ebf8c1c43eC:\Program Files (x86)\PC Connect\Számlazó\Szamla.exeunknown3cc06a13-05df-11e3-a7fa-8a2e4a4a6daf Error: (08/15/2013 09:16:46 PM) (Source: Application Error)(User: ) Description: Szamla.exe1.5.1.482a425e19Szamla.exe1.5.1.482a425e19c0000005000298e7c7001ce99ebf8c1c43eC:\Program Files (x86)\PC Connect\Számlazó\Szamla.exeC:\Program Files (x86)\PC Connect\Számlazó\Szamla.exe3986e9a7-05df-11e3-a7fa-8a2e4a4a6daf Error: (08/15/2013 02:41:51 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\lg electronics\lg pc suite\LGPCSuite.exe Error: (08/14/2013 11:41:37 AM) (Source: Application Hang)(User: ) Description: Photoshop.exe12.1.0.02b4801ce98d224219a6b24C:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe Error: (08/14/2013 09:29:49 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (08/14/2013 09:29:49 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (08/14/2013 08:04:43 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe Error: (08/13/2013 08:31:50 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe CodeIntegrity Errors: =================================== Date: 2013-05-01 22:00:06.423 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system. Date: 2011-11-30 14:27:42.867 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AmpPal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-11-30 14:27:42.851 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AmpPal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-11-30 14:07:12.897 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AmpPal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2011-11-30 14:07:12.866 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\AmpPal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 8099.17 MB Available physical RAM: 5388.61 MB Total Pagefile: 16196.53 MB Available Pagefile: 13510.45 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:594.18 GB) (Free:311.86 GB) NTFS (Disk=0 Partition=3) Drive f: (My Passport) (Fixed) (Total:465.73 GB) (Free:131.18 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 0C7A859B) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=2 GB) - (Type=0B) Partition 3: (Not Active) - (Size=594 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 00038A56) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) Could not read MBR for disk 2. ==================== End Of Log ============================ thanks
- August 15, 2013
- 4 replies
- - Trojan.FakeAlert.ED;
  - trojan.ransom
  - (and 1 more)
    Tagged with:
    
    Trojan.FakeAlert.ED;
    
    trojan.ransom
    
    white screen
Trojan.Ransom, Trojan.FakeAlert.ED keeps coming back

killtheransom posted a topic in Resolved Malware Removal Logs

Dear Malwarebytes! I have got a fake alert virus (Nemzeti Nyomozóiroda). And I cannot get rid of it. IT keeps coming back. I used malwarebytes, it removed everythings. Then it comes back time by time. Usually when I start using a different browser paralelly with mozilla (which is my default browser). When I start using Internet Explorer it comes back I attach all the logs I have, please help me find out what more can I do? thanks mbam-log-2013-08-02 (12-46-05).txt mbam-log-2013-08-03 (10-54-05).txt mbam-log-2013-08-13 (17-20-07).txt mbam-log-2013-08-13 (17-32-11).txt mbam-log-2013-08-13 (17-35-03).txt mbam-log-2013-08-13 (17-53-52).txt mbam-log-2013-08-14 (10-07-57).txt mbam-log-2013-08-14 (10-20-30).txt mbam-log-2013-08-15 (19-35-52).txt mbam-log-2013-08-15 (19-56-36).txt
- August 15, 2013
- 4 replies
- - Trojan.FakeAlert.ED;
  - trojan.ransom
  - (and 1 more)
    Tagged with:
    
    Trojan.FakeAlert.ED;
    
    trojan.ransom
    
    white screen

Sign In

killtheransom

Posts

Joined

Last visited

Reputation

Trojan.Ransom, Trojan.FakeAlert.ED keeps coming back

Trojan.Ransom, Trojan.FakeAlert.ED keeps coming back

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information