Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack i cant get rid of


  • Please log in to reply
6 replies to this topic

#1 nircc

nircc

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 05 November 2016 - 11:52 AM

Hey there.

 

After installing VLC player few weeks ago i got this BrowserHijack thingy

 

every 1hour or so 

 

my chrome opens an VLCDownload link which leads to an ADY.LY website.

 

tried every software known to me like Hitman pro/Spyhunter/Malewarebytes/Combofix / eset/norton/kaspersky tools

 

deleted chrome with revo installer and created new user without any plugins

 

checked registry for adf.ly - found nothing - maybe its VLC ?? 

 

check services and all fine.

 

 

not sure what to do ... im LOST : {

 

win 7 / chrome 

 

thanks



BC AdBot (Login to Remove)

 


#2 nircc

nircc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 06 November 2016 - 03:36 AM

Any1 ? :/

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 AM

Posted 07 November 2016 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#4 nircc

nircc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 07 November 2016 - 11:20 AM

@nasdaq

 

 

Hey and thanks for contacting me .

 

Here's the logfiles :

 

ADWCleaner:

# AdwCleaner v6.030 - Logfile created 07/11/2016 at 18:02:54

# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-07.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Nir - NIR-PC
# Running from : C:\Users\Nir\Desktop\adwcleaner_6.030.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\EnigmaSoftwareGroup
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1313 Bytes] - [29/10/2016 15:14:27]
C:\AdwCleaner\AdwCleaner[C2].txt - [1480 Bytes] - [29/10/2016 15:24:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [1158 Bytes] - [25/10/2016 16:55:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [1237 Bytes] - [26/10/2016 16:49:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [1379 Bytes] - [29/10/2016 15:14:20]
C:\AdwCleaner\AdwCleaner[S3].txt - [1456 Bytes] - [29/10/2016 15:22:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [1589 Bytes] - [29/10/2016 15:24:53]
C:\AdwCleaner\AdwCleaner[S5].txt - [1521 Bytes] - [07/11/2016 18:02:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1594 Bytes] ##########
 
Farbar:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Nir (administrator) on NIR-PC (07-11-2016 18:04:22)
Running from C:\Users\Nir\Desktop\farbar
Loaded Profiles: Nir (Available Profiles: Nir)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Cooler Master) C:\Program Files (x86)\Cooler Master\MasterKeys Pro L With intelligent RGB\Masterkeys pro L RGB HID.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\Nir\Desktop\adwcleaner_6.030.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [MasterKeys Pro L] => C:\Program Files (x86)\Cooler Master\MasterKeys Pro L With intelligent RGB\MasterKeys Pro L RGB HID.exe [1970176 2016-05-31] (Cooler Master)
HKU\S-1-5-21-2722746626-904562578-2051315880-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3994736 2016-10-22] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{D5F4CAD7-3FC1-4486-B3B0-236E6636E190}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2722746626-904562578-2051315880-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2722746626-904562578-2051315880-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2722746626-904562578-2051315880-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.il/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-2722746626-904562578-2051315880-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Nir\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Nir\AppData\Roaming\IDM\idmmzcc5 [2016-11-07] [not signed]
FF HKU\S-1-5-21-2722746626-904562578-2051315880-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.co.il/"
CHR Profile: C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (Google מצגות) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-04]
CHR Extension: (Google Docs) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-04]
CHR Extension: (כונן Google) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-04]
CHR Extension: (YouTube) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-04]
CHR Extension: (Adblock Plus) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-05]
CHR Extension: (Google Sheets) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Gmail) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-08-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-03] (Intel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-07 18:04 - 2016-11-07 18:04 - 00000000 ____D C:\Users\Nir\Desktop\farbar
2016-11-07 18:03 - 2016-11-07 18:04 - 00000000 ____D C:\FRST
2016-11-07 18:02 - 2016-11-07 18:02 - 03910208 _____ C:\Users\Nir\Desktop\adwcleaner_6.030.exe
2016-11-06 20:58 - 2016-11-06 20:58 - 00000000 _____ C:\Users\Nir\Desktop\New Text Document.txt
2016-11-05 14:50 - 2016-11-05 14:50 - 00001239 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-11-05 14:50 - 2016-11-05 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2016-11-05 14:48 - 2016-11-05 17:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-11-05 14:30 - 2016-11-05 14:30 - 00001192 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2016-11-05 14:30 - 2016-11-05 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-11-05 14:03 - 2016-11-05 14:03 - 00001184 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-11-05 14:03 - 2016-11-05 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-11-05 13:56 - 2016-11-05 14:03 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-11-05 00:45 - 2016-11-05 14:30 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-11-05 00:45 - 2016-11-05 00:45 - 00000000 ____D C:\Users\Nir\Documents\Heroes of the Storm
2016-11-04 16:23 - 2016-11-04 16:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-04 16:23 - 2016-11-04 16:23 - 22851472 _____ (Malwarebytes ) C:\Users\Nir\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-04 16:23 - 2016-11-04 16:23 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-04 16:23 - 2016-11-04 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-04 16:23 - 2016-11-04 16:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-04 16:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-04 16:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-04 16:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-04 16:14 - 2016-11-04 16:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-04 16:14 - 2016-11-04 16:14 - 00001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-11-04 16:14 - 2016-11-04 16:14 - 00001034 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-11-04 16:14 - 2016-11-04 16:14 - 00000000 ____D C:\Users\Nir\AppData\Roaming\TeamViewer
2016-11-01 23:36 - 2016-11-01 23:36 - 00000000 ____D C:\Users\Nir\Documents\The KMPlayer
2016-11-01 23:35 - 2016-11-01 23:36 - 29284022 ____R C:\Users\Nir\Downloads\KMPlayer Pro v2.0.4 (Paid) APK [SadeemPC].zip
2016-11-01 23:35 - 2016-11-01 23:36 - 12513158 ____R C:\Users\Nir\Downloads\The_KMPlayer_1434.exe
2016-11-01 23:35 - 2016-11-01 23:36 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-11-01 23:35 - 2016-11-01 23:35 - 00001038 _____ C:\Users\Nir\Desktop\KMPlayer.lnk
2016-11-01 23:35 - 2016-11-01 23:35 - 00000000 ____D C:\Users\Nir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-11-01 23:33 - 2016-11-01 23:35 - 14914809 ____R C:\Users\Nir\Downloads\kmp.exe
2016-11-01 11:43 - 2016-11-01 11:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-01 11:41 - 2016-11-01 11:41 - 00000000 ____D C:\Users\Nir\AppData\Local\VS Revo Group
2016-11-01 11:41 - 2016-11-01 11:41 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-11-01 11:41 - 2016-11-01 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-11-01 11:41 - 2016-11-01 11:41 - 00000000 ____D C:\Program Files\VS Revo Group
2016-11-01 11:41 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-10-31 01:44 - 2016-10-31 01:50 - 00000000 ____D C:\Users\Nir\AppData\Roaming\CoolerMaster
2016-10-31 01:44 - 2016-10-31 01:44 - 00055806 _____ C:\Windows\uninsMasterKeys Pro L.dat
2016-10-31 01:44 - 2016-10-31 01:44 - 00054198 _____ C:\Windows\uninsCooler Master Portal.dat
2016-10-31 01:44 - 2016-10-31 01:44 - 00002120 _____ C:\Users\Public\Desktop\Cooler Master Portal.lnk
2016-10-31 01:44 - 2016-10-31 01:44 - 00000000 ____D C:\Users\Nir\AppData\Roaming\CoolerMaster Portal
2016-10-31 01:44 - 2016-10-31 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooler Master
2016-10-31 01:44 - 2016-10-31 01:44 - 00000000 ____D C:\Program Files (x86)\Cooler Master
2016-10-31 01:44 - 2016-06-19 17:25 - 06177792 _____ (Cooler Master) C:\Windows\uninsCooler Master Portal.exe
2016-10-31 01:44 - 2016-02-21 19:55 - 06178816 _____ (Cooler Master) C:\Windows\uninsMasterKeys Pro L.exe
2016-10-29 15:23 - 2016-10-29 15:23 - 00383010 _____ C:\TDSSKiller.3.1.0.11_29.10.2016_16.23.10_log.txt
2016-10-28 15:44 - 2016-10-28 15:44 - 00123752 _____ C:\Users\Nir\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-28 15:44 - 2016-10-28 15:44 - 00000000 ____D C:\Users\Nir\AppData\Local\VirtualStore
2016-10-28 15:22 - 2016-10-28 15:29 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-28 15:22 - 2016-10-28 15:22 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-28 15:19 - 2016-11-07 17:59 - 02261448 _____ C:\Windows\ntbtlog.txt
2016-10-28 15:19 - 2016-10-28 15:21 - 00000000 ____D C:\Users\Nir\AppData\Local\NPE
2016-10-28 15:19 - 2016-10-28 15:20 - 00000000 ____D C:\NPE
2016-10-28 15:19 - 2016-10-28 15:19 - 00000000 ____D C:\ProgramData\Norton
2016-10-26 21:19 - 2016-10-26 21:19 - 00001609 _____ C:\Users\Nir\Desktop\The Witcher 3 - Shortcut.lnk
2016-10-26 17:32 - 2016-10-26 17:34 - 00008107 _____ C:\Windows\w7dsd.reg
2016-10-26 17:32 - 2016-10-26 17:34 - 00008089 _____ C:\Windows\w7dse.reg
2016-10-26 17:32 - 2016-10-26 17:32 - 00275360 _____ (Microsoft Corporation) C:\Windows\system32\DreamScene.dll
2016-10-26 16:50 - 2016-10-26 16:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-25 21:21 - 2016-10-25 21:22 - 00000000 ____D C:\ProgramData\TEMP
2016-10-25 21:21 - 2016-10-25 21:21 - 00000000 ____D C:\Users\Nir\AppData\Roaming\URSoft
2016-10-25 18:10 - 2016-10-28 19:13 - 00000000 ____D C:\Users\Nir\Documents\The Witcher 3
2016-10-25 18:10 - 2008-10-15 05:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-10-25 18:10 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-10-25 18:10 - 2008-10-15 05:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-10-25 18:10 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-10-25 18:10 - 2008-10-15 05:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-10-25 18:10 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-10-25 16:55 - 2016-11-07 18:02 - 00000000 ____D C:\AdwCleaner
2016-10-24 17:27 - 2016-10-24 17:28 - 145799477 ____R C:\Users\Nir\Downloads\SpyHunter Portable.rar
2016-10-24 17:16 - 2016-10-24 17:16 - 00000000 _____ C:\autoexec.bat
2016-10-23 17:04 - 2016-10-23 17:04 - 00021198 _____ C:\ComboFix.txt
2016-10-22 21:38 - 2016-10-17 17:35 - 00223464 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-10-15 19:19 - 2016-10-15 19:19 - 00000000 ____D C:\Windows\PCHEALTH
2016-10-15 19:19 - 2016-10-15 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-10-15 19:19 - 2016-10-15 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-10-15 19:19 - 2016-10-15 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-10-15 19:18 - 2016-10-15 19:19 - 00000000 ____D C:\Windows\SHELLNEW
2016-10-15 19:18 - 2016-10-15 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-15 19:18 - 2016-10-15 19:18 - 00000000 ___RD C:\MSOCache
2016-10-15 19:18 - 2016-10-15 19:18 - 00000000 ____D C:\Users\Nir\AppData\Local\Microsoft Help
2016-10-15 19:18 - 2016-10-15 19:18 - 00000000 ____D C:\Program Files\Microsoft Office
2016-10-15 19:18 - 2016-10-15 19:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-10-14 19:00 - 2016-10-14 19:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-14 18:10 - 2016-10-23 17:04 - 00000000 ____D C:\Qoobox
2016-10-14 18:10 - 2016-10-14 18:12 - 00000000 ____D C:\Windows\erdnt
2016-10-14 18:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-14 18:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-14 18:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-14 18:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-14 18:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-14 18:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-14 18:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-14 18:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-13 21:00 - 2016-10-13 21:00 - 00000000 ____D C:\Users\Nir\AppData\Roaming\MPC-HC
2016-10-13 18:09 - 2016-10-26 06:03 - 00000000 ____D C:\Users\Nir\AppData\Local\Discord
2016-10-13 18:09 - 2016-10-26 06:02 - 00000000 ____D C:\Users\Nir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-10-13 18:09 - 2016-10-13 18:11 - 00000000 ____D C:\Users\Nir\AppData\Roaming\discord
2016-10-13 18:09 - 2016-10-13 18:09 - 00000000 ____D C:\Users\Nir\AppData\Local\SquirrelTemp
2016-10-13 12:34 - 2016-10-13 14:03 - 00000000 ____D C:\Users\Nir\Documents\Overwatch
2016-10-13 12:34 - 2016-10-13 12:34 - 00001097 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-10-13 12:34 - 2016-10-13 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-10-12 18:54 - 2016-10-12 18:54 - 00000000 ____D C:\ProgramData\Nexon
2016-10-12 18:44 - 2016-10-12 18:44 - 00000000 ____D C:\Users\Nir\AppData\Local\Efktion
2016-10-12 18:43 - 2016-10-29 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Loader
2016-10-12 18:43 - 2016-10-12 18:43 - 00003508 _____ C:\Windows\System32\Tasks\PPI Update 3
2016-10-12 18:43 - 2016-10-12 18:43 - 00003504 _____ C:\Windows\System32\Tasks\PPI Update 2
2016-10-12 18:25 - 2016-09-30 22:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 18:25 - 2016-09-30 21:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 18:25 - 2016-09-30 17:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 18:25 - 2016-09-30 17:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 18:25 - 2016-09-30 17:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 18:25 - 2016-09-30 09:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 18:25 - 2016-09-30 08:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 18:25 - 2016-09-30 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 18:25 - 2016-09-30 08:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 18:25 - 2016-09-30 08:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 18:25 - 2016-09-30 08:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 18:25 - 2016-09-30 08:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 18:25 - 2016-09-30 08:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 18:25 - 2016-09-30 08:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 18:25 - 2016-09-30 08:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 18:25 - 2016-09-30 08:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 18:25 - 2016-09-30 08:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 18:25 - 2016-09-30 08:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 18:25 - 2016-09-30 08:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 18:25 - 2016-09-30 08:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 18:25 - 2016-09-30 08:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 18:25 - 2016-09-30 08:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 18:25 - 2016-09-30 08:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 18:25 - 2016-09-30 08:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 18:25 - 2016-09-30 07:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 18:25 - 2016-09-30 07:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 18:25 - 2016-09-30 07:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 18:25 - 2016-09-30 07:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 18:25 - 2016-09-30 07:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 18:25 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 18:25 - 2016-09-30 07:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 18:25 - 2016-09-30 07:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 18:25 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 18:25 - 2016-09-30 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 18:25 - 2016-09-30 07:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 18:25 - 2016-09-30 07:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 18:25 - 2016-09-30 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 18:25 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 18:25 - 2016-09-30 07:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 18:25 - 2016-09-30 07:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 18:25 - 2016-09-30 07:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 18:25 - 2016-09-30 07:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 18:25 - 2016-09-30 07:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 18:25 - 2016-09-30 07:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 18:25 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 18:25 - 2016-09-30 07:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 18:25 - 2016-09-30 07:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 18:25 - 2016-09-30 07:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 18:25 - 2016-09-30 07:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 18:25 - 2016-09-30 07:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 18:25 - 2016-09-30 07:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 18:25 - 2016-09-30 07:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 18:25 - 2016-09-30 07:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 18:25 - 2016-09-30 07:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 18:25 - 2016-09-30 07:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 18:25 - 2016-09-30 07:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 18:25 - 2016-09-30 07:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 18:25 - 2016-09-30 07:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 18:25 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 18:25 - 2016-09-30 07:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 18:25 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 18:25 - 2016-09-30 07:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 18:25 - 2016-09-30 07:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 18:25 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 18:25 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 18:25 - 2016-09-30 06:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 18:25 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 18:25 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 18:25 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 18:25 - 2016-09-15 17:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 18:25 - 2016-09-15 17:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 18:25 - 2016-09-15 17:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 18:25 - 2016-09-15 17:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 18:25 - 2016-09-12 23:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 18:25 - 2016-09-12 23:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 18:25 - 2016-09-12 23:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 18:25 - 2016-09-12 23:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 18:25 - 2016-09-12 22:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 18:25 - 2016-09-12 22:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 18:25 - 2016-09-12 22:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 18:25 - 2016-09-12 22:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 18:25 - 2016-09-12 22:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 18:25 - 2016-09-12 22:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 18:25 - 2016-09-12 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 18:25 - 2016-09-12 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 18:25 - 2016-09-12 22:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 18:25 - 2016-09-12 21:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 18:25 - 2016-09-12 20:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 18:25 - 2016-09-12 20:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 18:25 - 2016-09-10 18:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 18:25 - 2016-09-10 17:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 18:25 - 2016-09-09 20:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 18:25 - 2016-09-09 20:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 18:25 - 2016-09-09 20:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 20:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 18:25 - 2016-09-09 20:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 18:25 - 2016-09-09 20:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 18:25 - 2016-09-09 20:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 18:25 - 2016-09-09 20:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 18:25 - 2016-09-09 19:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 18:25 - 2016-09-09 19:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 18:25 - 2016-09-09 19:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 18:25 - 2016-09-09 19:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 18:25 - 2016-09-09 19:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 18:25 - 2016-09-09 19:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 18:25 - 2016-09-09 19:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 18:25 - 2016-09-09 19:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 18:25 - 2016-09-09 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 18:25 - 2016-09-09 19:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 18:25 - 2016-09-09 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 18:25 - 2016-09-08 22:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 18:25 - 2016-09-08 22:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 18:25 - 2016-09-08 22:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 18:25 - 2016-09-08 22:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 18:25 - 2016-09-08 16:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 18:25 - 2016-09-08 16:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 18:24 - 2016-09-12 23:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 18:24 - 2016-09-12 23:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 18:24 - 2016-09-09 17:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-12 18:24 - 2016-07-22 16:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 18:24 - 2016-07-22 16:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-11 13:58 - 2016-10-11 13:58 - 00000000 ____D C:\Nexon
2016-10-11 13:57 - 2016-10-11 13:57 - 00000000 ____D C:\Users\Nir\AppData\Local\Crashpad
2016-10-11 13:56 - 2016-10-26 06:02 - 00000000 ____D C:\Users\Nir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2016-10-11 13:56 - 2016-10-26 06:02 - 00000000 ____D C:\Program Files (x86)\Nexon
2016-10-08 23:12 - 2016-10-14 02:15 - 00000000 ____D C:\Users\Nir\AppData\Roaming\BSplayer PRO
2016-10-08 23:12 - 2016-10-13 21:01 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-10-08 16:27 - 2016-10-08 16:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-08 16:27 - 2016-10-01 21:24 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-08 16:27 - 2016-09-09 20:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-10-08 16:27 - 2016-09-09 20:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-10-08 16:27 - 2016-09-09 20:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-10-08 16:27 - 2016-09-09 20:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-10-08 16:26 - 2016-10-01 23:15 - 40068544 _____ C:\Windows\system32\nvcompiler.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 35180992 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 34808768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 17464952 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 17272008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 14126528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-08 16:26 - 2016-10-01 23:15 - 10868472 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 10745848 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 10286296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 09091648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 08877808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 03594176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 03161024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 01935808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437306.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437306.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 01018816 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00958520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00943672 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00893376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00493792 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00409296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00180136 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00157464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-10-08 16:26 - 2016-10-01 23:15 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-07 18:04 - 2016-09-11 18:36 - 00000000 ____D C:\Users\Nir\AppData\Roaming\DMCache
2016-11-07 18:03 - 2009-07-14 07:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-07 18:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-11-07 17:59 - 2016-09-11 18:11 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-07 17:59 - 2016-09-11 18:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-07 17:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-07 10:16 - 2016-09-11 18:11 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-07 09:27 - 2016-09-20 23:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-07 07:09 - 2009-07-14 06:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-07 07:09 - 2009-07-14 06:45 - 00019680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-07 02:06 - 2016-09-11 19:22 - 00000000 ____D C:\Users\Nir\AppData\Local\Battle.net
2016-11-07 02:06 - 2016-09-11 18:47 - 00000000 ____D C:\Users\Nir\AppData\Roaming\TS3Client
2016-11-06 21:58 - 2016-09-11 18:36 - 00000000 ____D C:\Users\Nir\Downloads\Video
2016-11-06 20:54 - 2016-09-11 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-06 01:53 - 2016-09-20 23:27 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-06 01:53 - 2016-09-20 23:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-05 13:44 - 2009-07-14 06:45 - 00451728 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-04 16:23 - 2016-09-11 18:40 - 00000000 ____D C:\Users\Nir\AppData\Local\CrashDumps
2016-11-03 19:26 - 2016-09-11 18:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 07:04 - 2016-10-05 00:46 - 00000000 ____D C:\Users\Nir\AppData\Roaming\uTorrent
2016-11-02 07:04 - 2009-07-14 07:08 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-02 01:20 - 2016-09-11 18:36 - 00000000 ____D C:\Users\Nir\Downloads\Compressed
2016-11-01 11:43 - 2016-09-11 18:11 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-01 11:43 - 2016-09-11 18:11 - 00000000 ____D C:\Users\Nir\AppData\Local\Google
2016-11-01 11:43 - 2016-09-11 18:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-28 19:14 - 2016-09-11 18:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-28 17:27 - 2016-09-11 17:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-28 11:41 - 2016-09-11 18:36 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-10-27 19:29 - 2016-09-11 18:36 - 00000000 ____D C:\Users\Nir\AppData\Roaming\IDM
2016-10-26 17:18 - 2016-09-11 17:53 - 00000000 ____D C:\Users\Nir
2016-10-26 16:55 - 2016-09-11 19:16 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-10-26 16:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Globalization
2016-10-26 16:29 - 2016-09-13 16:33 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-26 16:27 - 2016-09-20 23:27 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 16:27 - 2016-09-20 23:27 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 16:27 - 2016-09-20 23:27 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-26 16:27 - 2016-09-20 23:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 16:27 - 2016-09-20 23:27 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-25 18:12 - 2016-09-11 22:38 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-10-24 17:14 - 2016-09-11 18:47 - 00000000 ____D C:\Users\Nir\AppData\Roaming\Skype
2016-10-23 17:04 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-10-15 19:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-10-15 19:19 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-15 19:18 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-10-14 19:04 - 2016-09-11 18:16 - 00000000 ____D C:\Windows\pss
2016-10-14 13:14 - 2016-09-11 18:05 - 00000000 ____D C:\Users\Nir\AppData\Local\NVIDIA Corporation
2016-10-14 13:14 - 2016-09-11 18:03 - 00000000 ____D C:\Users\Nir\AppData\Local\NVIDIA
2016-10-14 13:14 - 2016-09-11 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-14 13:14 - 2016-09-11 18:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-14 13:14 - 2016-09-11 18:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-14 13:14 - 2016-09-11 18:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-13 14:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-10-12 22:28 - 2016-09-11 18:34 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-12 18:42 - 2016-09-11 18:47 - 00000000 ____D C:\ProgramData\Skype
2016-10-12 18:39 - 2016-09-11 18:39 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-12 18:39 - 2016-09-11 18:39 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 18:38 - 2016-09-11 18:26 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 18:36 - 2016-09-11 18:26 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-08 16:23 - 2016-10-03 17:37 - 00000000 ____D C:\Users\Nir\AppData\Roaming\NVIDIA
 
Some files in TEMP:
====================
C:\Users\Nir\AppData\Local\Temp\libeay32.dll
C:\Users\Nir\AppData\Local\Temp\msvcr120.dll
C:\Users\Nir\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 00:50
 
==================== End of FRST.txt ============================
 
 
i deleted the maleware adwcleaner found but did nothing in Farbar 
 
 
Thanks
 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 AM

Posted 08 November 2016 - 09:26 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2722746626-904562578-2051315880-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {B0B5D7D5-65C1-40F5-B238-0D85FBE88FDB} - System32\Tasks\PPI Update 2 => "hxxp://vlcdownload.online/download.php?mn=3333" <==== ATTENTION
Task: {BD722FC4-AE8A-41B2-90D5-F2636B65D80C} - System32\Tasks\PPI Update 3 => "hxxp://vlcdownload.online/downloadv2.php?mn=3333" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the Fixlog.txt file and let me know if the problem persists.

#6 nircc

nircc
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 08 November 2016 - 11:09 AM

@nasdaq 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Nir (08-11-2016 18:06:14) Run:1
Running from C:\Users\Nir\Desktop\farbar
Loaded Profiles: Nir (Available Profiles: Nir)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2722746626-904562578-2051315880-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {B0B5D7D5-65C1-40F5-B238-0D85FBE88FDB} - System32\Tasks\PPI Update 2 => "hxxp://vlcdownload.online/download.php?mn=3333" <==== ATTENTION
Task: {BD722FC4-AE8A-41B2-90D5-F2636B65D80C} - System32\Tasks\PPI Update 3 => "hxxp://vlcdownload.online/downloadv2.php?mn=3333" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2722746626-904562578-2051315880-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
catchme => service removed successfully
nvvad_WaveExtensible => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B5D7D5-65C1-40F5-B238-0D85FBE88FDB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B5D7D5-65C1-40F5-B238-0D85FBE88FDB}" => key removed successfully
C:\Windows\System32\Tasks\PPI Update 2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update 2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD722FC4-AE8A-41B2-90D5-F2636B65D80C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD722FC4-AE8A-41B2-90D5-F2636B65D80C}" => key removed successfully
C:\Windows\System32\Tasks\PPI Update 3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPI Update 3" => key removed successfully
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
"C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\Nir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50564101 B
Java, Flash, Steam htmlcache => 380868635 B
Windows/system/drivers => 1894225 B
Edge => 0 B
Chrome => 347151392 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 18492 B
Nir => 214557306 B
 
RecycleBin => 0 B
EmptyTemp: => 949.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:06:19 ====
 
 
 
ill update if the problem presist : ) 
 
thanks for the help


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 AM

Posted 09 November 2016 - 09:33 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users