Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My OS get infect by trojan-dropper.vbs.agent.bp


  • This topic is locked This topic is locked
8 replies to this topic

#1 Potti

Potti

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 20 February 2016 - 02:43 PM

Hello all :P , last night im use some hacking tool for game cs 1.6 to get better aim and no recoil in multiplayer online. This day my anti virus [kaspersky internet security 2016] tell me more than 10000 :exclame: file in my OS is infected by this virus include OS file. everytime i open any game or app in my OS Internet explore is open automaticly wirh blank page. i already delete that hacking tool. Cpu and Ram is run normally. im afraid my AV will deleted not deinfected my OS importance file. i surf many website and they tell this virus  may do alot problem in silence[background] while we doing work or anything in our OS. Please help me remove or anything that will save my OS from this virus.

 

==========================================================================================

FRST64 scan logs:

==========================================================================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
Ran by Nemesis (administrator) on NEMESIS-PC (21-02-2016 04:35:46)
Running from C:\Users\Nemesis\Downloads\Programs
Loaded Profiles: Nemesis & UpdatusUser (Available Profiles: Nemesis & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(AO Kaspersky Lab) C:\ProgramData\Kaspersky Lab\AVP16.0.0\Temp\temporaryFolder\updates\bin\kav16\16.0.0.614_kis_a\avp.exe.2696_2553_4126.removeOnNextReboot
(AO Kaspersky Lab) C:\ProgramData\Kaspersky Lab\AVP16.0.0\Temp\temporaryFolder\updates\bin\kav16\16.0.0.614_kis_a\avpui.exe.2696_2553_4126.removeOnNextReboot
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-26] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
BootExecute: autocheck autochk /p \??\C:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9074AC35-34C4-4C60-83AB-34246AEE1F60}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-782262153-2638994716-2445063645-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-782262153-2638994716-2445063645-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-782262153-2638994716-2445063645-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-782262153-2638994716-2445063645-1000 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-782262153-2638994716-2445063645-1000 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-782262153-2638994716-2445063645-1001 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-782262153-2638994716-2445063645-1001 -> {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-21] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-20] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-02-21] (AO Kaspersky Lab)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-21] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-02-21] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-782262153-2638994716-2445063645-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-782262153-2638994716-2445063645-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-02-21]
FF HKU\S-1-5-21-782262153-2638994716-2445063645-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]
FF HKU\S-1-5-21-782262153-2638994716-2445063645-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nemesis\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Nemesis\AppData\Roaming\IDM\idmmzcc5 [2016-02-21] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-02]
CHR Profile: C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-02]
CHR Extension: (Google Docs) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-02]
CHR Extension: (Google Drive) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-02]
CHR Extension: (YouTube) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-02]
CHR Extension: (Google Search) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-02]
CHR Extension: (Bitdefender Wallet) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-02]
CHR Extension: (Google Sheets) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-02]
CHR Extension: (Gmail) - C:\Users\Nemesis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-02]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-02-21] (Kaspersky Lab ZAO)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2016-02-20] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-02-21] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2016-02-21] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-02-21] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-09] (The OpenVPN Project) [File not signed]
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-02-04] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 Tosrfcom; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 04:30 - 2016-02-21 04:30 - 00111130 _____ C:\Users\Nemesis\Documents\OsInfo2.zip
2016-02-21 04:29 - 2016-02-21 04:29 - 02956120 _____ C:\Users\Nemesis\Documents\OsInfo2.nfo
2016-02-21 04:20 - 2016-02-21 04:35 - 00000000 ____D C:\FRST
2016-02-21 01:52 - 2016-02-21 01:52 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\ProductData
2016-02-21 01:52 - 2016-02-21 01:52 - 00000000 ____D C:\ProgramData\ProductData
2016-02-21 00:50 - 2016-02-21 00:50 - 00002361 _____ C:\Users\Nemesis\Documents\Safe Money.lnk
2016-02-21 00:50 - 2016-02-21 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-02-21 00:50 - 2016-02-21 00:49 - 00002099 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-02-21 00:49 - 2016-02-21 04:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-21 00:49 - 2016-02-21 03:15 - 00940928 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2016-02-21 00:49 - 2016-02-21 03:15 - 00181640 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2016-02-21 00:49 - 2016-02-21 00:49 - 00000000 ____D C:\windows\ELAMBKUP
2016-02-21 00:49 - 2016-02-21 00:49 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-02-21 00:49 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2016-02-21 00:49 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2016-02-21 00:36 - 2016-02-21 00:36 - 00004276 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_00.36.08_log.txt
2016-02-21 00:36 - 2016-02-21 00:36 - 00000000 ___SD C:\ComboFix
2016-02-21 00:34 - 2016-02-21 00:34 - 00021131 _____ C:\ComboFix.txt
2016-02-21 00:26 - 2011-06-26 14:45 - 00256000 _____ C:\windows\PEV.exe
2016-02-21 00:26 - 2010-11-08 01:20 - 00208896 _____ C:\windows\MBR.exe
2016-02-21 00:26 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-02-21 00:26 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-02-21 00:26 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-02-21 00:26 - 2000-08-31 08:00 - 00098816 _____ C:\windows\sed.exe
2016-02-21 00:26 - 2000-08-31 08:00 - 00080412 _____ C:\windows\grep.exe
2016-02-21 00:26 - 2000-08-31 08:00 - 00068096 _____ C:\windows\zip.exe
2016-02-21 00:25 - 2016-02-21 00:36 - 00000000 ____D C:\Qoobox
2016-02-21 00:25 - 2016-02-21 00:33 - 00000000 ____D C:\windows\erdnt
2016-02-21 00:13 - 2016-02-21 00:13 - 00000868 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-02-20 23:33 - 2016-02-20 23:35 - 00210964 _____ C:\TDSSKiller.3.1.0.9_20.02.2016_23.33.21_log.txt
2016-02-20 23:31 - 2016-02-20 23:31 - 00000000 _____ C:\autoexec.bat
2016-02-20 23:23 - 2016-02-20 23:23 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-02-20 21:19 - 2016-02-20 21:19 - 00262144 _____ C:\windows\system32\config\elam
2016-02-20 05:40 - 2016-02-20 05:40 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-02-20 05:38 - 2016-02-20 05:40 - 00210490 _____ C:\TDSSKiller.3.1.0.9_20.02.2016_05.38.49_log.txt
2016-02-20 05:25 - 2016-02-20 16:19 - 00053464 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2016-02-20 05:23 - 2016-01-12 03:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-02-20 05:23 - 2015-11-19 22:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-20 05:23 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-20 05:05 - 2016-02-20 05:05 - 00004276 _____ C:\TDSSKiller.3.1.0.9_20.02.2016_05.05.10_log.txt
2016-02-18 06:45 - 2016-02-21 04:25 - 00262271 _____ C:\Users\Nemesis\Documents\Factions Overview and Player Guide - MassiveCraft.html
2016-02-18 06:45 - 2016-02-18 06:45 - 00000000 ____D C:\Users\Nemesis\Documents\Factions Overview and Player Guide - MassiveCraft_files
2016-02-17 15:33 - 2016-02-17 15:45 - 00000000 ____D C:\ProgramData\SeriousBit
2016-02-17 15:26 - 2016-01-15 08:41 - 00040976 _____ (SeriousBit) C:\windows\system32\Drivers\nbdrv.sys
2016-02-16 19:56 - 2016-02-16 19:56 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2016-02-16 05:33 - 2016-02-16 05:33 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\.tlauncher
2016-02-15 21:04 - 2016-02-15 21:34 - 00000000 ____D C:\Users\Nemesis\Downloads\Macrium
2016-02-15 20:47 - 2015-12-16 22:53 - 00523384 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2016-02-15 20:47 - 2015-12-16 22:53 - 00075056 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2016-02-15 20:47 - 2015-12-16 22:49 - 06090019 _____ C:\windows\system32\nvcoproc.bin
2016-02-15 20:45 - 2015-12-17 01:34 - 42977072 _____ C:\windows\system32\nvcompiler.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 37609080 _____ C:\windows\SysWOW64\nvcompiler.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 31061624 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 24895792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 21122456 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 20663816 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 18716176 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 17561432 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 17156968 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 16981976 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 16286888 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 12334200 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2016-02-15 20:45 - 2015-12-17 01:34 - 03211760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 03168376 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 02755704 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 01915696 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436143.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 01564976 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436143.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 00938104 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 00872056 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 00734512 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 00681592 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2016-02-15 20:45 - 2015-12-17 01:34 - 00205456 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2016-02-15 20:45 - 2015-12-17 01:34 - 00039240 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2016-02-15 18:51 - 2016-02-15 18:51 - 00000145 __RSH C:\windows\system32\config\rev_masterservers.vdf
2016-02-15 18:51 - 2016-02-15 18:51 - 00000145 __RSH C:\windows\system32\config\masterservers.vdf
2016-02-15 18:51 - 2016-02-15 18:51 - 00000007 _____ C:\windows\system32\config\serverbrowser.vdf
2016-02-15 04:55 - 2016-02-15 05:22 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\HD Tune Pro
2016-02-15 03:23 - 2016-02-15 03:23 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\java
2016-02-15 03:19 - 2016-02-19 21:49 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\.minecraft
2016-02-15 03:19 - 2016-02-15 03:19 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-02-15 01:23 - 2016-02-15 01:23 - 00000000 _____ C:\Users\Nemesis\AppData\Roaming\pof.exact
2016-02-15 01:21 - 2016-02-15 01:21 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\Sun
2016-02-15 01:21 - 2016-02-15 01:21 - 00000000 ____D C:\Users\Nemesis\.oracle_jre_usage
2016-02-15 01:20 - 2016-02-15 01:21 - 00000000 ____D C:\ProgramData\Oracle
2016-02-15 01:20 - 2016-02-15 01:20 - 00110176 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2016-02-15 01:20 - 2016-02-15 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-15 01:20 - 2016-02-15 01:20 - 00000000 ____D C:\Program Files\Java
2016-02-15 01:10 - 2016-02-15 01:10 - 00000000 ____D C:\Users\Nemesis\AppData\LocalLow\Oracle
2016-02-15 01:04 - 2016-02-15 01:04 - 00000000 ____D C:\Users\Nemesis\AppData\LocalLow\Sun
2016-02-14 21:31 - 2016-02-14 21:31 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\6F182330.sys
2016-02-14 21:29 - 2016-02-14 21:29 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\389C21CF.sys
2016-02-14 21:01 - 2016-02-14 21:02 - 00213764 _____ C:\TDSSKiller.3.1.0.9_14.02.2016_21.01.45_log.txt
2016-02-10 18:18 - 2016-01-23 04:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-10 18:18 - 2016-01-23 04:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-10 18:18 - 2016-01-22 14:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-10 18:18 - 2016-01-22 14:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-10 18:18 - 2016-01-22 14:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-10 18:18 - 2016-01-22 14:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-10 18:18 - 2016-01-22 14:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-10 18:18 - 2016-01-22 14:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-10 18:18 - 2016-01-22 14:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-10 18:18 - 2016-01-22 14:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-10 18:18 - 2016-01-22 14:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-10 18:18 - 2016-01-22 14:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-10 18:18 - 2016-01-22 14:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-10 18:18 - 2016-01-22 14:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-10 18:18 - 2016-01-22 14:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-10 18:18 - 2016-01-22 14:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-10 18:18 - 2016-01-22 14:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 18:18 - 2016-01-22 14:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-10 18:18 - 2016-01-22 14:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-10 18:18 - 2016-01-22 14:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-10 18:18 - 2016-01-22 14:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-10 18:18 - 2016-01-22 14:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-10 18:18 - 2016-01-22 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-10 18:18 - 2016-01-22 14:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-10 18:18 - 2016-01-22 14:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-10 18:18 - 2016-01-22 14:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-10 18:18 - 2016-01-22 14:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-10 18:18 - 2016-01-22 13:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-10 18:18 - 2016-01-22 13:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-10 18:18 - 2016-01-22 13:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-10 18:18 - 2016-01-22 13:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-10 18:18 - 2016-01-22 13:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-10 18:18 - 2016-01-22 13:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-10 18:18 - 2016-01-22 13:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-10 18:18 - 2016-01-22 13:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-10 18:18 - 2016-01-22 13:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-10 18:18 - 2016-01-22 13:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-10 18:18 - 2016-01-22 13:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 18:18 - 2016-01-22 13:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-10 18:18 - 2016-01-22 13:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-10 18:18 - 2016-01-22 13:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-10 18:18 - 2016-01-22 13:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-10 18:18 - 2016-01-22 13:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-10 18:18 - 2016-01-22 13:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-10 18:18 - 2016-01-22 13:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-10 18:18 - 2016-01-22 13:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-10 18:18 - 2016-01-22 13:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-10 18:18 - 2016-01-22 13:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-10 18:18 - 2016-01-22 13:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-10 18:18 - 2016-01-22 13:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-10 18:18 - 2016-01-22 13:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-10 18:18 - 2016-01-22 13:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-10 18:15 - 2016-01-22 14:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-10 18:15 - 2016-01-22 14:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-10 18:15 - 2016-01-22 14:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-10 18:15 - 2016-01-22 14:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-10 18:15 - 2016-01-22 14:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-10 18:15 - 2016-01-22 14:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-10 18:15 - 2016-01-22 14:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-10 18:15 - 2016-01-22 14:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-10 18:15 - 2016-01-22 14:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-10 18:15 - 2016-01-22 14:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-10 18:15 - 2016-01-22 14:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-10 18:15 - 2016-01-22 14:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-10 18:15 - 2016-01-22 14:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-10 18:15 - 2016-01-22 14:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-10 18:15 - 2016-01-22 14:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-10 18:15 - 2016-01-22 14:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-10 18:15 - 2016-01-22 14:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-10 18:15 - 2016-01-22 14:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-10 18:15 - 2016-01-22 14:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-10 18:15 - 2016-01-22 14:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-10 18:15 - 2016-01-22 14:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-10 18:15 - 2016-01-22 14:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-10 18:15 - 2016-01-22 14:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-10 18:15 - 2016-01-22 14:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-10 18:15 - 2016-01-22 14:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 14:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-10 18:15 - 2016-01-22 14:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-10 18:15 - 2016-01-22 14:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-10 18:15 - 2016-01-22 14:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-10 18:15 - 2016-01-22 14:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-10 18:15 - 2016-01-22 14:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-10 18:15 - 2016-01-22 14:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 13:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-10 18:15 - 2016-01-22 13:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-10 18:15 - 2016-01-22 13:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-10 18:15 - 2016-01-22 13:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-10 18:15 - 2016-01-22 12:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-10 18:15 - 2016-01-22 12:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-10 18:15 - 2016-01-22 12:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-10 18:15 - 2016-01-22 12:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-10 18:15 - 2016-01-22 12:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-10 18:15 - 2016-01-22 12:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-10 18:15 - 2016-01-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-10 18:15 - 2016-01-22 12:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-10 18:15 - 2016-01-22 12:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-10 18:15 - 2016-01-22 12:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-10 18:15 - 2016-01-22 12:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 12:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 12:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 18:15 - 2016-01-22 12:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 17:33 - 2016-02-06 18:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-10 17:33 - 2016-02-06 18:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-10 17:33 - 2016-02-06 18:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-10 17:33 - 2016-02-06 18:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-10 17:33 - 2016-02-06 18:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-10 17:33 - 2016-02-06 18:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-10 17:33 - 2016-02-06 17:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-10 17:33 - 2016-02-06 17:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-10 17:33 - 2016-02-06 17:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-10 17:33 - 2016-02-06 17:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-10 17:33 - 2016-02-06 17:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-10 17:33 - 2016-02-06 17:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-10 17:33 - 2016-02-06 17:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-10 17:33 - 2016-02-06 16:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-10 17:33 - 2016-01-07 03:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-10 17:33 - 2016-01-07 03:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-10 17:33 - 2016-01-07 02:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-10 17:24 - 2016-01-08 01:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-10 17:23 - 2016-01-17 03:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-10 17:23 - 2016-01-17 02:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-10 17:23 - 2016-01-08 01:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-10 17:23 - 2015-12-21 02:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-02-10 17:23 - 2015-12-21 02:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 17:23 - 2015-12-20 22:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-02-09 20:34 - 2016-02-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-09 20:34 - 2016-02-09 20:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-09 20:34 - 2016-02-09 20:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-09 20:33 - 2015-07-30 21:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-09 20:33 - 2015-07-30 21:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-06 17:25 - 2016-02-21 00:31 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.dll
2016-02-06 17:24 - 2016-02-21 00:30 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.exe
2016-02-05 05:22 - 2016-01-22 14:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-05 05:22 - 2016-01-22 14:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-05 05:22 - 2016-01-22 14:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-05 05:22 - 2016-01-22 14:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-02-05 05:22 - 2016-01-22 14:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-02-05 05:22 - 2016-01-22 13:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-02-05 05:22 - 2016-01-22 13:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-05 05:22 - 2016-01-22 13:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-02-05 05:22 - 2016-01-17 03:06 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-05 05:22 - 2016-01-17 02:54 - 01162240 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-05 05:22 - 2016-01-12 03:05 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-05 05:22 - 2016-01-12 03:05 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-05 05:22 - 2016-01-12 03:05 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-05 05:22 - 2016-01-12 02:52 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-05 05:22 - 2016-01-12 02:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-05 05:22 - 2016-01-12 02:26 - 02610176 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-05 05:22 - 2016-01-12 02:24 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-05 05:22 - 2016-01-12 02:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-05 05:22 - 2016-01-12 02:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-05 05:22 - 2016-01-12 02:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-05 05:22 - 2016-01-12 02:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-05 05:22 - 2016-01-12 02:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-05 05:22 - 2016-01-12 02:14 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-05 05:22 - 2016-01-12 02:14 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-05 05:22 - 2016-01-12 02:14 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-05 05:22 - 2016-01-12 02:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-05 05:22 - 2016-01-11 22:08 - 01362944 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-05 05:22 - 2016-01-11 22:08 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-05 05:22 - 2016-01-11 22:08 - 00677376 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-05 05:22 - 2016-01-11 22:08 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-05 05:22 - 2016-01-11 22:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-05 02:47 - 2016-02-05 02:47 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\NVIDIA
2016-02-05 02:35 - 2016-02-15 22:20 - 00000000 ____D C:\Users\UpdatusUser
2016-02-05 02:35 - 2016-02-15 20:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-05 02:35 - 2016-02-15 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-05 02:35 - 2016-02-05 02:35 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2016-02-05 02:35 - 2016-02-05 02:35 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2016-02-05 02:35 - 2016-02-05 02:35 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2016-02-05 02:35 - 2016-02-05 02:35 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2016-02-05 02:35 - 2016-02-05 02:35 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2016-02-05 02:35 - 2015-12-16 22:53 - 06359672 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2016-02-05 02:35 - 2015-12-16 22:53 - 02985080 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2016-02-05 02:35 - 2015-12-16 22:53 - 02554488 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2016-02-05 02:35 - 2015-12-16 22:53 - 01256240 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2016-02-05 02:35 - 2015-12-16 22:53 - 00385328 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2016-02-05 02:35 - 2015-12-16 22:53 - 00062768 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2016-02-05 02:35 - 2010-11-21 15:16 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2016-02-05 02:34 - 2015-12-17 01:34 - 14005408 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2016-02-05 02:34 - 2015-12-17 01:34 - 03637352 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2016-02-05 02:34 - 2015-12-17 01:34 - 01572496 _____ (NVIDIA Corporation) C:\windows\system32\nvhdagenco6420103.dll
2016-02-05 02:34 - 2015-12-17 01:34 - 00207152 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2016-02-05 02:34 - 2015-12-17 01:34 - 00194680 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2016-02-05 02:34 - 2015-12-17 01:34 - 00034848 _____ C:\windows\system32\nvinfo.pb
2016-02-05 02:34 - 2012-03-01 08:02 - 01737536 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco64.dll
2016-02-05 02:34 - 2012-03-01 08:02 - 01466176 _____ (NVIDIA Corporation) C:\windows\system32\nvgenco64.dll
2016-02-04 05:20 - 2016-02-04 05:20 - 00000262 _____ C:\windows\game.ini
2016-02-04 05:20 - 2016-02-04 05:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2016-02-04 04:54 - 2016-02-04 05:07 - 00163644 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\windows\SysWOW64\Drivers\SECDRV.SYS
2016-02-04 04:53 - 2016-02-04 04:53 - 00000000 __SHD C:\windows\ftpcache
2016-02-03 17:48 - 2016-02-03 17:48 - 00001547 _____ C:\Users\Nemesis\Documents\BRING ME THE HORIZON - Drown.txt
2016-01-30 06:26 - 2016-01-30 06:38 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-01-30 06:26 - 2016-01-30 06:27 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-01-30 06:26 - 2016-01-30 06:26 - 00001053 _____ C:\Users\Nemesis\Desktop\MSI Afterburner.lnk
2016-01-30 06:03 - 2016-01-30 06:03 - 00000000 ____D C:\Users\Nemesis\Documents\IAmAlive
2016-01-30 06:00 - 2016-01-30 06:00 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\I Am Alive
2016-01-29 05:50 - 2016-01-29 05:50 - 00000000 ____D C:\windows\System32\Tasks\Event Viewer Tasks
2016-01-29 04:03 - 2016-01-29 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-01-24 14:28 - 2016-01-24 14:28 - 00000000 ____D C:\Users\Nemesis\New folder
2016-01-23 19:07 - 2016-01-24 14:30 - 00000000 ____D C:\Users\Nemesis\Documents\Fireglow Games
2016-01-23 14:17 - 2015-12-17 02:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-01-23 14:17 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-01-23 14:17 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-01-23 14:17 - 2015-12-17 02:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-01-23 14:17 - 2015-12-17 02:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-01-23 14:17 - 2015-12-17 02:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-01-23 14:17 - 2015-12-17 02:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-01-23 14:17 - 2015-12-17 02:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-01-23 14:17 - 2015-12-09 05:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-23 14:17 - 2015-12-09 05:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-23 14:17 - 2015-12-09 05:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-23 14:17 - 2015-12-09 05:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-23 14:17 - 2015-12-09 05:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-23 14:17 - 2015-12-09 05:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-23 14:17 - 2015-12-09 05:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-23 14:17 - 2015-12-09 05:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-23 14:17 - 2015-12-09 05:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-23 14:17 - 2015-12-09 05:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-23 14:17 - 2015-12-09 05:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-23 14:17 - 2015-12-09 03:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-23 14:17 - 2015-12-09 03:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-23 14:17 - 2015-12-09 03:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-23 14:17 - 2015-12-09 03:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-23 14:17 - 2015-12-09 03:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-23 14:17 - 2015-12-09 03:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-23 14:17 - 2015-12-09 02:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-23 14:17 - 2015-12-09 02:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-23 14:17 - 2015-12-09 02:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-23 14:17 - 2015-11-17 04:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-23 14:17 - 2015-11-14 07:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-23 14:17 - 2015-11-14 07:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-23 14:17 - 2015-11-14 07:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-23 14:17 - 2015-11-14 06:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-23 14:17 - 2015-11-14 06:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-23 14:17 - 2015-11-14 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 04:24 - 2015-11-05 00:40 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\DMCache
2016-02-21 03:15 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klpd.sys
2016-02-21 01:59 - 2009-07-14 12:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-21 01:59 - 2009-07-14 12:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-21 01:56 - 2016-01-01 13:15 - 00007650 _____ C:\Users\Nemesis\AppData\Local\Resmon.ResmonCfg
2016-02-21 01:51 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-21 00:49 - 2009-07-14 11:20 - 00000000 ____D C:\windows\inf
2016-02-21 00:36 - 2016-01-04 16:03 - 00000000 ____D C:\AdwCleaner
2016-02-21 00:31 - 2009-07-14 10:34 - 00000215 _____ C:\windows\system.ini
2016-02-21 00:30 - 2015-11-05 06:16 - 00017920 _____ C:\windows\system32\rpcnetp.exe
2016-02-20 22:48 - 2015-11-05 00:40 - 00000000 ____D C:\Users\Nemesis\Downloads\Compressed
2016-02-20 22:43 - 2016-01-01 08:46 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-20 22:24 - 2015-11-20 23:13 - 00000000 ____D C:\windows\Minidump
2016-02-20 21:08 - 2015-11-04 17:08 - 00000000 ____D C:\Users\Nemesis\AppData\Local\VirtualStore
2016-02-20 16:21 - 2016-01-01 08:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-20 11:47 - 2015-11-04 23:53 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 11:47 - 2015-11-04 23:53 - 00002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 04:54 - 2015-11-05 00:40 - 00000000 ____D C:\Users\Nemesis\Downloads\Video
2016-02-19 06:21 - 2015-11-04 17:16 - 00000000 ____D C:\Users\Nemesis\AppData\Local\ElevatedDiagnostics
2016-02-19 06:20 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2016-02-16 20:43 - 2016-01-15 13:29 - 00000000 ___RD C:\Users\Nemesis\Desktop\Games
2016-02-15 22:14 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-15 22:13 - 2016-01-06 19:24 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\SoftGrid Client
2016-02-15 21:57 - 2009-07-14 13:13 - 00782192 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-15 20:53 - 2016-01-01 01:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-15 20:46 - 2015-11-05 06:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-15 07:04 - 2009-07-14 11:20 - 00000000 ____D C:\windows\rescache
2016-02-15 01:21 - 2015-11-04 17:04 - 00000000 ____D C:\Users\Nemesis
2016-02-15 01:20 - 2015-11-17 04:34 - 00000000 ____D C:\Users\Nemesis\AppData\Local\CrashDumps
2016-02-11 07:33 - 2009-07-14 12:45 - 00267672 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-11 07:31 - 2010-11-21 15:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 19:51 - 2016-01-01 08:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-10 18:15 - 2015-11-04 23:31 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-10 18:15 - 2015-11-04 23:31 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-10 18:15 - 2015-11-04 23:30 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-10 18:15 - 2015-11-04 23:30 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-09 20:33 - 2016-01-04 22:43 - 00798528 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-02-09 00:27 - 2016-01-01 08:45 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-08 16:27 - 2016-01-01 13:02 - 00000000 ____D C:\Program Files\Bitdefender
2016-02-08 16:25 - 2016-01-01 14:05 - 00096185 _____ C:\bdlog.txt
2016-02-07 22:25 - 2016-01-12 09:41 - 00000000 ____D C:\Users\Nemesis\Documents\GTA San Andreas User Files
2016-02-05 05:56 - 2015-11-04 17:10 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\Toshiba
2016-02-05 05:56 - 2015-11-04 17:09 - 00000000 ____D C:\Users\Nemesis\AppData\Local\Toshiba
2016-02-05 05:24 - 2016-01-04 00:57 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-05 05:24 - 2016-01-04 00:57 - 00000000 ____D C:\windows\system32\appraiser
2016-02-05 02:35 - 2016-01-18 21:54 - 00000000 ____D C:\NVIDIA
2016-02-04 05:21 - 2011-04-08 19:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-04 04:54 - 2016-01-12 07:29 - 00000000 ____D C:\Users\Nemesis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-30 06:27 - 2016-01-02 02:34 - 00000000 ____D C:\windows\SysWOW64\directx
2016-01-28 16:13 - 2015-11-05 01:03 - 00000000 ____D C:\ProgramData\IObit
 
==================== Files in the root of some directories =======
 
2016-02-15 01:23 - 2016-02-15 01:23 - 0000000 _____ () C:\Users\Nemesis\AppData\Roaming\pof.exact
2016-01-01 13:15 - 2016-02-21 01:56 - 0007650 _____ () C:\Users\Nemesis\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-20 05:59
 
==================== End of FRST.txt ============================

 

Any information or detail you need to know i will give it here.

Sorry for my bad english.. Potti :apple:

 

AV Detection Quarantine Pic: Attached File  Capture1.PNG   44.76KB   0 downloads

System Information: Attached File  OsInfo2.zip   108.53KB   1 downloads

FSRT64 Additions.txt: Attached File  Addition.txt   26.08KB   2 downloads


Edited by Potti, 20 February 2016 - 03:51 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 20 February 2016 - 07:28 PM

Hi Potti :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and prepare a reply.

Thank you!

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Potti

Potti
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 21 February 2016 - 03:26 AM

Hallo Aura, thank for reply. :thumbup2:
Before i post this thread, i has run some anti-virus/malware program.I has run AdwCleaner/JRT/rkill/tdsskiller... and quick scan by my AV for impotance file.
Today Cpu and Memory Ram usage is still normal. i run Full scan by AV and detect alot infected file and has been deinfected while some un-importance file been deleted. Then reboot, look like all program has function normaly, no internet explore with blank space apear. Now i wait second AV full scan result to finish.
Futher result i will reply here!


#4 Potti

Potti
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 21 February 2016 - 11:21 AM

there a lot file from C:Windows\temp\ is infected.. this file can't disinfected by AV, AV want to delete it.
Should i remove/delete or any other way to do this?



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 21 February 2016 - 03:24 PM

Hi Potti :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Win32.Nimnul.a is the name Kaspersky give to variants of the Ramnit malware, which is a file infector. I would like you to read and acknowledge quietman's post below.

http://www.bleepingcomputer.com/forums/t/383322/infected-with-win32nimnula/#entry2158220

Basically, the best way to deal with a Ramnit infection is a total wipe of the drive, and clean reinstall of Windows. I cannot guarantee you that we can clean that infection off your system, since file infectors are almost impossible to remove, and leave behind many, many corrupt files. Therefore, I'll ask you to keep nearby your Windows installation media and be ready for that scenario (wipe and reinstall).

Right now, I would like you to go in your Kaspersky Internet Security, and output a fully detailed reports of all events on your system. Then, I would like you to save that report in a file, and attach it in your next reply. In order to do that, open Kaspersky Internet Security then click on Show Additional Tools in the bottom-right corner, follow by Tools and the Report column. From there, change the period for During last month in the drop down list, and click on Detailled reports in the top-right corner. In the drop down list, select All events and click on the export button at the left of the search field. Save the log on your desktop, and attach it in your next reply. For more information, you can consult the FAQ below on Kaspersky's website.

https://support.kaspersky.com/11226#block3

Now, can you confirm that existence of the following folder, C:\ProgramData\Kaspersky Lab\AVP15.0.0\QB? In it, do you see a lot of files and/or folders? It should look like this.

https://support.kaspersky.com/11211#block2

Your next reply should include:
  • Acknowledgement of the situation you are currently in (being infected with Ramnit, a file infector), and that a clean reinstall might be your only solution here;
  • Attached Kaspersky Internet Security report log;
  • Confirmation that the folder I listed above indeed exists on your system, and contains files in it;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Potti

Potti
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 PM

Posted 22 February 2016 - 07:40 AM

I think my OS is infected with Win32.Nimnul.a/Ramnit malware. As u can see in AV report i attach in this post, there a lot EXE/DLL/HTML/HTM file got infected.
Attached File  kis_allevent_logs.txt   1.22MB   2 downloads

And file on folder C:\ProgramData\Kaspersky Lab\AVP15.0.0\QB.
Attached File  Capture.PNG   48.2KB   0 downloads
all file i have deleted using AV yesterday
Only one file in there

Attached File  Capture2.PNG   37.79KB   0 downloads
 
Suggestion clean reinstall, that is the best way to resolve this problem.I have backup OS HDD that i make with 

Macrium Reflect. i think it better to reinstall then clean this virus maybe some of it still left behind and effect OS in future.

 

Btw thank for info info/suggestion/guide about this virus :thumbup2: . mark this thread as resolved.

Regard Potti... :apple:

 

 



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 22 February 2016 - 02:21 PM

And yes sadly, a clean reinstall is the best way to deal with file infector malware, because they leave too many infected and/or corrupt files behind for Antivirus, Antimalware, etc. to clean completely. If you already have everything backed up, then it's a good thing, it'll speed up the process :)

Tips, tricks, advices and recommendations

Now it's time to give you some tips, tricks, advices and recommendations on how to protect your system and prevents you from being infected in the future. Every program recommended below is free to use and therefore you don't have to pay for anything. You are free to follow these recommendations or to ignore them, however for the safety of your system, I strongly suggest you to read all my recommendations and to install the software/program that I recommend below. If you have any questions about one of the points covered in that speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Turning On Automatic Windows Updates

Keeping Windows up to date is one of the first step in having a secure and safe system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Check if there's any Important Updates available
  • Click on your Windows Start Menu then on Control Panel;
  • Click on System and Security then on Windows Update;
  • In the left pane, click on "Check for updates" and wait for the scan to complete;
  • If any Important Updates are available, click on "X Important Updates are available", make sure that they are all checked and click on "Install updates" (Please follow the same steps for the "Recommended Updates" if any are found);
  • Depending on how many updates you have to install and how big they are, that process can take a while. You'll most likely be asked to restart your computer once they are all installed to finish the installation, please do so;
To turn On Automatic Windows Updates
  • Click on your Windows Start Menu then on Control Panel;
  • Click on System and Security then on Windows Update;
  • In the left pane, click on "Change settings";
  • Now you have the choice to select between
    • Install updates automatically (recommended);
    • Download updates but let me choose whether to install them;
    • Check for updates but let me choose whether to download and install them;
  • The best choice in this situation is to pick the first option, "Install updates automatically (recommended)". This will automatically download and install Windows Updates whenever there's new ones without you having to do it manually. When these Windows Updates are installed, if they require a restart, a pop-up box will pop out in the bottom right-corner of your screen telling you to restart your computer now or it will be automatically restarted soon. You can however postpone that restart if you're already working on something else;
  • Make sure to check the "Give me recommended updates the same way I receive important updates" option so Windows Updates will install the Recommended Updates at the same time as your Important Updates;
Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here's a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on BleepingComputer and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 25 February 2016 - 06:23 PM

Hi Potti,

Do you have any questions before I close this thread? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 28 February 2016 - 05:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users