Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Program Name+mgr.exe Malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 mhnahid

mhnahid

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 03 July 2016 - 12:34 PM

Got this virus from a pendrive. Malwarebytes is always blocking requests to supnewdwm.com and another website through iexplorer.exe when I start running some programs and a prog name+mgr.exe file automatically creates. Chrome extentions get corrupted as a result and svchost.exe eats up huge memory. 

 

 

I saw this topic http://www.bleepingcomputer.com/forums/t/548977/programmgrexe-problem/ which looks like this malware. 

So I collected logs of rougekiller, adwcleaner and furball

 

RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : wpcomm [Administrator]
Started from : G:\july2\roguekillerx64.exe
Mode : Delete -- Date : 07/03/2016 22:59:45
 
¤¤¤ Processes : 45 ¤¤¤
[Proc.Injected] smss.exe(280) -- C:\Windows\System32\smss.exe[x] -> [NoKill]
[Proc.Injected] csrss.exe(436) -- C:\Windows\System32\csrss.exe[x] -> [NoKill]
[Proc.Injected] wininit.exe(736) -- C:\Windows\System32\wininit.exe[x] -> [NoKill]
[Proc.Injected] csrss.exe(760) -- C:\Windows\System32\csrss.exe[x] -> [NoKill]
[Proc.Injected] services.exe(804) -- C:\Windows\System32\services.exe[x] -> [NoKill]
[Proc.Injected] lsass.exe(812) -- C:\Windows\System32\lsass.exe[x] -> [NoKill]
[Proc.Injected] lsm.exe(820) -- C:\Windows\System32\lsm.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(924) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(1004) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(292) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(456) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(496) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] winlogon.exe(520) -- C:\Windows\System32\winlogon.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(864) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] igfxCUIService.exe(1056) -- C:\Windows\System32\igfxCUIService.exe[7] -> Killed [TermProc]
[Proc.Injected] svchost.exe(1220) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] spoolsv.exe(1384) -- C:\Windows\System32\spoolsv.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(1412) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] Windows8FirewallService.exe(1484) -- C:\Program Files (x86)\Windows8FirewallControl\Windows8FirewallService.exe[-] -> Killed [TermProc]
[Proc.Injected] AdminService.exe(1568) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe[-] -> Killed [TermProc]
[Proc.Injected] DUMeterSvc.exe(1624) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe[-] -> Killed [TermProc]
[Proc.Injected] gdipp_svc_32.exe(1700) -- C:\Program Files (x86)\gdipp\gdipp_svc_32.exe[-] -> Killed [TermProc]
[Proc.Injected] gdipp_svc_64.exe(1744) -- C:\Program Files (x86)\gdipp\gdipp_svc_64.exe[-] -> Killed [TermProc]
[Proc.Injected] mbamscheduler.exe(1776) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[7] -> Killed [TermProc]
[Proc.Injected] svchost.exe(2128) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(2380) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] taskhost.exe(952) -- C:\Windows\System32\taskhost.exe[7] -> Killed [TermProc]
[Proc.Injected] gdipp_hook_32.exe(2484) -- C:\Program Files (x86)\gdipp\gdipp_hook_32.exe[-] -> Killed [TermProc]
[Proc.Injected] PresentationFontCache.exe(2708) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[7] -> Killed [TermProc]
[Proc.Injected] gdipp_hook_64.exe(2768) -- C:\Program Files (x86)\gdipp\gdipp_hook_64.exe[-] -> Killed [TermProc]
[Proc.Injected] explorer.exe(2972) -- C:\Windows\explorer.exe[7] -> Killed [TermProc]
[Proc.Injected] igfxHK.exe(2936) -- C:\Windows\System32\igfxHK.exe[7] -> Killed [TermProc]
[Proc.Injected] igfxTray.exe(2568) -- C:\Windows\System32\igfxTray.exe[7] -> Killed [TermProc]
[Proc.Injected] DUMeter.exe(2680) -- C:\Program Files (x86)\DU Meter\DUMeter.exe[-] -> Killed [TermProc]
[Proc.Injected] igfxEM.exe(2620) -- C:\Windows\System32\igfxEM.exe[7] -> Killed [TermProc]
[Proc.Injected] BtvStack.exe(2732) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[-] -> Killed [TermProc]
[Proc.Injected] RAVCpl64.exe(3356) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7] -> Killed [TermProc]
[Proc.Injected] Windows8FirewallControl.exe(3648) -- C:\Program Files (x86)\Windows8FirewallControl\Windows8FirewallControl.exe[-] -> Killed [TermProc]
[Proc.Injected] IEMonitor.exe(3644) -- C:\Program Files (x86)\Tonec\IEMonitor.exe[7] -> Killed [TermProc]
[Proc.Injected] SearchIndexer.exe(3508) -- C:\Windows\System32\SearchIndexer.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(2612) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(3412) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] taskhost.exe(5100) -- C:\Windows\System32\taskhost.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(4564) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(4724) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 4 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hgtdml (System32\drivers\kwtu.sys) -> Not selected
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\htmm (System32\drivers\krskbti.sys) -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path|Suspicious.Startup][File] C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubeeqwyn.exe -> Deleted
 
¤¤¤ Hosts File : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   keystone.mwbsys.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   sirius.mwbsys.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   bactem.mwbsys.com
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 ATA Device +++++
--- User ---
[MBR] 8a5a68c572b2f2004a99203965d05d88
[BSP] ad78c7992fd173770fcd1ccab074958e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 206848 | Size: 40961 MB
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 84094976 | Size: 912806 MB
User = LL1 ... OK
User = LL2 ... OK
 
============================
 
# AdwCleaner v5.119 - Logfile created 03/07/2016 at 23:04:13
# Updated 30/05/2016 by Xplode
# Database : 2016-05-25.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : wpcomm - WPCOMM-PC
# Running from : C:\Users\wpcomm\Desktop\adwcleaner_5.119.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
 
***** [ Web browsers ] *****
 
[-] [C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dpjamkmjmigaoobjbekmfgabipmfilij
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1280 bytes] - [03/07/2016 23:04:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [1313 bytes] - [03/07/2016 23:01:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1426 bytes] ##########
=====================
 
# AdwCleaner v5.119 - Logfile created 03/07/2016 at 23:01:54
# Updated 30/05/2016 by Xplode
# Database : 2016-05-25.2 [Local]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : wpcomm - WPCOMM-PC
# Running from : C:\Users\wpcomm\Desktop\adwcleaner_5.119.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Trymedia Systems
 
***** [ Web browsers ] *****
 
[C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dpjamkmjmigaoobjbekmfgabipmfilij
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [1161 bytes] - [03/07/2016 23:01:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1234 bytes] ##########
==============
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by wpcomm (administrator) on WPCOMM-PC (03-07-2016 23:10:27)
Running from C:\Users\wpcomm\Desktop
Loaded Profiles: wpcomm (Available Profiles: wpcomm)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sphinx Software) C:\Program Files (x86)\Windows8FirewallControl\Windows8FirewallService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(gdipp Project) C:\Program Files (x86)\gdipp\gdipp_svc_32.exe
(gdipp Project) C:\Program Files (x86)\gdipp\gdipp_svc_64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(gdipp Project) C:\Program Files (x86)\gdipp\gdipp_hook_32.exe
(gdipp Project) C:\Program Files (x86)\gdipp\gdipp_hook_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeter.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Tonec\IDMan.exe
(OmicronLab) C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe
(Sphinx Software) C:\Program Files (x86)\Windows8FirewallControl\Windows8FirewallControl.exe
(Tonec Inc.) C:\Program Files (x86)\Tonec\IEMonitor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [Windows8FirewallControl] => C:\Program Files (x86)\Windows8FirewallControl\Windows8FirewallControl.exe [856064 2013-09-30] (Sphinx Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-3418895115-1502458751-1228961159-1000\...\Run: [IDMan] => C:\Program Files (x86)\Tonec\IDMan.exe [3413400 2011-08-20] (Tonec Inc.)
HKU\S-1-5-21-3418895115-1502458751-1228961159-1000\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [4245400 2016-07-02] (Hagel Technologies Ltd.)
HKU\S-1-5-21-3418895115-1502458751-1228961159-1000\...\Run: [Avro Keyboard] => C:\Program Files (x86)\Avro Keyboard\Avro Keyboard.exe [4703600 2014-02-22] (OmicronLab)
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Tonec\IDMShellExt64.dll [2011-05-30] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\S-1-5-21-3418895115-1502458751-1228961159-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Tonec\IDMIECC64.dll [2011-08-01] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Tonec\IDMIECC.dll [2011-08-01] (Internet Download Manager, Tonec Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1EEFFAC8-E1E8-4CC3-AD1F-D7C8C619025F}: [DhcpNameServer] 192.168.43.1
 
FireFox:
========
FF ProfilePath: C:\Users\wpcomm\AppData\Roaming\Mozilla\Firefox\Profiles\2p80hmt8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2016-07-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2016-07-02] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Extension: ImgLikeOpera - C:\Users\wpcomm\AppData\Roaming\Mozilla\Firefox\Profiles\2p80hmt8.default\Extensions\imglikeopera@imfo.ru.xpi [2016-07-02]
FF Extension: YouTube™ Flash® Player - C:\Users\wpcomm\AppData\Roaming\Mozilla\Firefox\Profiles\2p80hmt8.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-07-02]
FF Extension: uBlock Origin - C:\Users\wpcomm\AppData\Roaming\Mozilla\Firefox\Profiles\2p80hmt8.default\Extensions\uBlock0@raymondhill.net.xpi [2016-07-02]
FF HKU\S-1-5-21-3418895115-1502458751-1228961159-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\wpcomm\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\wpcomm\AppData\Roaming\IDM\idmmzcc5 [2016-07-02]
FF HKU\S-1-5-21-3418895115-1502458751-1228961159-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\wpcomm\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://bdtop.in/earthflight.php"
CHR Profile: C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-07-03]
CHR Extension: (Google Drive) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-07-03]
CHR Extension: (YouTube) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-03]
CHR Extension: (uBlock Origin) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-07-03]
CHR Extension: (Google Search) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-03]
CHR Extension: (Lumin - Best Document Viewer) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbkidnlfklnjanneifjjojofckpcogcl [2016-07-03]
CHR Extension: (Empty New Tab Page) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03]
CHR Extension: (Gmail) - C:\Users\wpcomm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]
R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [2385304 2016-07-02] (Hagel Technologies Ltd.) [File not signed]
R2 gdipp_svc_32; C:\Program Files (x86)\gdipp\gdipp_svc_32.exe [93696 2010-09-20] (gdipp Project) [File not signed]
R2 gdipp_svc_64; C:\Program Files (x86)\gdipp\gdipp_svc_64.exe [106496 2010-09-20] (gdipp Project) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 Windows8FirewallService; C:\Program Files (x86)\Windows8FirewallControl\Windows8FirewallService.exe [2031616 2013-09-30] (Sphinx Software) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20968 2013-03-01] (Hagel Technologies Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [44272 2016-05-26] (XOSLAB.COM)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-03 23:10 - 2016-07-03 23:10 - 00010900 _____ C:\Users\wpcomm\Desktop\FRST.txt
2016-07-03 23:10 - 2016-07-03 23:10 - 00000000 ____D C:\FRST
2016-07-03 23:01 - 2016-07-03 23:04 - 00000000 ____D C:\AdwCleaner
2016-07-03 22:46 - 2016-07-03 23:00 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-03 22:46 - 2016-07-03 22:46 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-03 22:41 - 2016-07-03 22:41 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-03 22:41 - 2016-07-03 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-07-03 22:40 - 2016-07-03 23:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 22:40 - 2016-07-03 22:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-03 22:40 - 2016-07-03 22:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-03 22:40 - 2016-07-03 22:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-03 22:40 - 2016-07-03 22:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-03 15:18 - 2016-07-03 20:32 - 00000000 ____D C:\Users\wpcomm\Documents\18 WoS American Long Haul
2016-07-03 15:17 - 2016-07-03 15:17 - 00001269 _____ C:\Users\wpcomm\Desktop\18 Wheels of Steel American Long Haul.lnk
2016-07-03 15:17 - 2016-07-03 15:17 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul
2016-07-03 15:17 - 2016-07-03 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul
2016-07-03 15:16 - 2016-07-03 22:15 - 00000000 ____D C:\Program Files (x86)\18 Wheels of Steel American Long Haul
2016-07-03 03:21 - 2016-07-02 13:32 - 00000000 ____D C:\Windows\Panther
2016-07-03 02:25 - 2016-07-03 02:25 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-03 02:24 - 2016-07-03 02:24 - 00001355 _____ C:\Windows\TSSysprep.log
2016-07-03 02:24 - 2016-07-03 02:24 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-03 02:24 - 2016-07-02 14:52 - 00017980 _____ C:\Windows\WindowsUpdate.log
2016-07-03 00:35 - 2016-07-03 00:36 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Mp3tag
2016-07-02 23:46 - 2016-07-03 00:34 - 00000000 ____D C:\Users\wpcomm\Documents\iWisoft Free Video Converter
2016-07-02 23:45 - 2016-07-02 23:50 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Notepad++
2016-07-02 23:45 - 2016-07-02 23:49 - 00000000 ____D C:\ProgramData\Avro Keyboard
2016-07-02 23:45 - 2016-07-02 23:45 - 00001187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avro Keyboard.lnk
2016-07-02 23:45 - 2016-07-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-07-02 23:45 - 2016-07-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWisoft Free Video Converter
2016-07-02 23:45 - 2016-07-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avro Keyboard
2016-07-02 23:45 - 2016-07-02 23:45 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-07-02 23:45 - 2016-07-02 23:45 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Converter
2016-07-02 23:45 - 2016-07-02 23:45 - 00000000 ____D C:\Program Files (x86)\Avro Keyboard
2016-07-02 23:45 - 2014-02-22 00:05 - 01891184 _____ (OmicronLab) C:\Windows\SysWOW64\AvroSpell.dll
2016-07-02 23:45 - 2008-10-08 10:16 - 00139264 _____ (http://www.xvid.org) C:\Windows\SysWOW64\xvid.ax
2016-07-02 23:44 - 2016-07-02 23:44 - 00001815 _____ C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Notepad2-mod.lnk
2016-07-02 23:44 - 2016-07-02 23:44 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Notepad2
2016-07-02 23:44 - 2016-07-02 23:44 - 00000000 ____D C:\Program Files\Notepad2
2016-07-02 19:47 - 2016-07-03 00:49 - 00000000 ____D C:\Users\wpcomm\AppData\Local\Sublime Text 3
2016-07-02 19:47 - 2016-07-02 19:47 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Sublime Text 3
2016-07-02 19:46 - 2016-07-02 19:46 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2016-07-02 19:46 - 2016-07-02 19:46 - 00000000 ____D C:\Program Files (x86)\Sublime Text 3
2016-07-02 14:47 - 2016-07-02 14:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
2016-07-02 14:47 - 2016-07-02 14:48 - 00000000 ____D C:\Program Files (x86)\DU Meter
2016-07-02 14:32 - 2016-07-02 14:32 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\MPC-HC
2016-07-02 14:32 - 2016-07-02 14:32 - 00000000 ____D C:\Users\wpcomm\AppData\Local\CrashDumps
2016-07-02 14:27 - 2016-07-02 14:27 - 00000244 _____ C:\Windows\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2016-07-02 14:27 - 2016-07-02 14:27 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Atheros
2016-07-02 14:27 - 2016-07-02 14:27 - 00000000 ____D C:\Users\wpcomm\AppData\Local\BMExplorer
2016-07-02 14:27 - 2016-07-02 14:27 - 00000000 ____D C:\ProgramData\Atheros
2016-07-02 14:22 - 2016-07-02 14:22 - 00000000 ____D C:\ProgramData\Hagel Technologies
2016-07-02 14:19 - 2016-07-03 23:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-02 14:17 - 2016-07-02 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-07-02 14:15 - 2016-07-03 00:49 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\FileZilla
2016-07-02 14:15 - 2016-07-02 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-07-02 14:15 - 2016-07-02 14:15 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-07-02 14:14 - 2016-07-02 14:14 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-07-02 14:14 - 2016-07-02 14:14 - 00000983 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-07-02 14:14 - 2016-07-02 14:14 - 00000000 ____D C:\Program Files (x86)\WinSCP
2016-07-02 14:13 - 2016-07-02 14:17 - 00000000 ____D C:\xampp
2016-07-02 14:12 - 2016-07-02 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows8FirewallControl
2016-07-02 14:12 - 2016-07-02 14:12 - 00000000 ____D C:\Program Files (x86)\Windows8FirewallControl
2016-07-02 14:11 - 2016-07-02 23:37 - 00000000 ____D C:\Users\Public\Documents\EFL
2016-07-02 14:11 - 2016-07-02 14:11 - 00000036 _____ C:\Windows\xlkfs.log
2016-07-02 14:11 - 2016-07-02 14:11 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy File Locker
2016-07-02 14:11 - 2016-07-02 14:11 - 00000000 ____D C:\Program Files\Easy File Locker
2016-07-02 14:08 - 2016-07-02 14:08 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-02 14:08 - 2016-07-02 14:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-02 14:08 - 2016-07-02 14:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-02 14:08 - 2016-07-02 14:08 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-02 14:07 - 2016-07-02 14:07 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-02 14:07 - 2016-07-02 14:07 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Mozilla
2016-07-02 14:07 - 2016-07-02 14:07 - 00000000 ____D C:\Users\wpcomm\AppData\Local\Mozilla
2016-07-02 14:07 - 2016-07-02 14:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-02 14:07 - 2016-07-02 14:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-02 14:06 - 2016-07-02 14:06 - 00003574 _____ C:\Windows\System32\Tasks\klcp_update
2016-07-02 14:06 - 2016-07-02 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-07-02 14:06 - 2016-07-02 14:06 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-07-02 14:06 - 2016-05-08 15:27 - 03613696 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2016-07-02 14:06 - 2016-05-08 15:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-07-02 14:06 - 2015-12-18 15:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2016-07-02 14:06 - 2015-12-18 15:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2016-07-02 14:06 - 2015-10-24 22:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-07-02 14:06 - 2015-10-24 22:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-07-02 14:06 - 2012-07-21 16:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-07-02 14:06 - 2012-07-21 16:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2016-07-02 14:06 - 2011-12-07 23:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-07-02 14:06 - 2011-12-07 23:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2016-07-02 14:06 - 2009-09-29 20:57 - 00758018 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-07-02 14:06 - 2008-12-04 21:46 - 00180224 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-07-02 14:05 - 2016-07-02 14:06 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\vlc
2016-07-02 14:05 - 2016-07-02 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-02 14:05 - 2016-07-02 14:05 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-07-02 14:04 - 2016-07-03 22:45 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\AIMP
2016-07-02 14:04 - 2016-07-02 14:04 - 00000000 ____D C:\Users\wpcomm\Documents\The KMPlayer
2016-07-02 14:04 - 2016-07-02 14:04 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-07-02 14:04 - 2016-07-02 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2016-07-02 14:04 - 2016-07-02 14:04 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2016-07-02 14:04 - 2016-07-02 14:04 - 00000000 ____D C:\Program Files (x86)\AIMP
2016-07-02 14:03 - 2016-07-03 22:41 - 00000000 ____D C:\Users\wpcomm\AppData\Local\Google
2016-07-02 14:03 - 2016-07-02 14:03 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-07-02 14:03 - 2016-07-02 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2016-07-02 14:03 - 2016-07-02 14:03 - 00000000 ____D C:\Program Files\Media Preview
2016-07-02 14:03 - 2016-07-02 14:03 - 00000000 ____D C:\Program Files (x86)\Media Preview
2016-07-02 14:02 - 2016-07-02 19:43 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\IDM
2016-07-02 14:02 - 2016-07-02 14:49 - 00000000 ____D C:\Users\wpcomm\Downloads\Compressed
2016-07-02 14:02 - 2016-07-02 14:02 - 00000000 ____D C:\Users\wpcomm\Downloads\Video
2016-07-02 14:02 - 2016-07-02 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2016-07-02 14:02 - 2016-07-02 14:02 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2016-07-02 14:01 - 2016-07-03 22:45 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\DMCache
2016-07-02 14:01 - 2016-07-02 23:49 - 00000000 ____D C:\Users\wpcomm\AppData\Roaming\TeraCopy
2016-07-02 14:01 - 2016-07-02 14:02 - 00000000 ____D C:\Program Files (x86)\Tonec
2016-07-02 14:01 - 2016-07-02 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-07-02 14:01 - 2011-07-06 20:14 - 00145008 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\Program Files\TeraCopy
2016-07-02 14:00 - 2016-07-02 14:00 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-07-02 13:59 - 2016-07-02 13:59 - 00000000 ____D C:\Program Files (x86)\gdipp
2016-07-02 13:57 - 2016-07-02 13:57 - 00000000 ____D C:\dm2
2016-07-02 13:56 - 2016-07-03 00:11 - 00058312 _____ C:\Users\wpcomm\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-02 13:53 - 2016-07-02 13:53 - 00758128 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-02 13:48 - 2016-07-02 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-02 13:48 - 2016-07-02 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-02 13:48 - 2016-07-02 13:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-02 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-02 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-02 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-02 13:47 - 2016-07-02 13:47 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-07-02 13:47 - 2016-07-02 13:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-07-02 13:47 - 2016-07-02 13:47 - 00000000 ____D C:\Program Files\Realtek
2016-07-02 13:47 - 2014-03-21 14:44 - 00004996 _____ C:\Windows\system32\Drivers\SAMSFPA.DAT
2016-07-02 13:47 - 2014-03-21 11:20 - 00000112 ____R C:\Windows\system32\Drivers\rtkhdaud.dat
2016-07-02 13:47 - 2014-03-20 07:53 - 00000852 ____R C:\Windows\system32\Drivers\RTKHDRC.dat
2016-07-02 13:47 - 2014-03-20 07:53 - 00000712 ____R C:\Windows\system32\Drivers\RTEQEX0.dat
2016-07-02 13:47 - 2014-03-19 14:07 - 03897944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-07-02 13:47 - 2014-03-19 14:03 - 00905218 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-07-02 13:47 - 2014-03-17 15:18 - 00948440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-07-02 13:47 - 2014-03-17 14:50 - 02832088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-07-02 13:47 - 2014-03-14 15:03 - 02100528 _____ C:\Windows\system32\SStudio.dll
2016-07-02 13:47 - 2014-03-14 14:26 - 02796760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-07-02 13:47 - 2014-03-06 14:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-07-02 13:47 - 2014-03-05 03:11 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2016-07-02 13:47 - 2014-03-05 03:11 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2016-07-02 13:47 - 2014-03-05 03:11 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2016-07-02 13:47 - 2014-03-05 03:11 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2016-07-02 13:47 - 2014-03-04 15:19 - 00627928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-07-02 13:47 - 2014-03-03 18:21 - 01019608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-07-02 13:47 - 2014-02-27 18:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2016-07-02 13:47 - 2014-02-16 18:30 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-07-02 13:47 - 2014-02-06 09:28 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-07-02 13:47 - 2014-01-28 09:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-07-02 13:47 - 2013-10-11 09:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-07-02 13:47 - 2013-08-20 15:37 - 00605496 _____ C:\Windows\system32\audioLibVc.dll
2016-07-02 13:47 - 2013-06-25 10:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2016-07-02 13:47 - 2013-06-25 10:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2016-07-02 13:47 - 2013-06-25 10:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2016-07-02 13:47 - 2013-05-31 19:57 - 00249524 ____R C:\Windows\system32\Drivers\RtPCEE4.DAT
2016-07-02 13:47 - 2012-01-30 09:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2016-07-02 13:47 - 2012-01-10 08:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2016-07-02 13:47 - 2011-12-20 13:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-07-02 13:47 - 2011-11-22 14:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-07-02 13:47 - 2011-09-02 12:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-07-02 13:47 - 2011-09-02 12:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-07-02 13:47 - 2011-09-02 12:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-07-02 13:47 - 2011-03-17 10:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-07-02 13:47 - 2011-03-07 15:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-07-02 13:47 - 2010-11-08 05:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-07-02 13:47 - 2010-11-08 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-07-02 13:47 - 2010-11-08 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-07-02 13:47 - 2010-11-08 05:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-07-02 13:47 - 2010-11-08 05:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-07-02 13:47 - 2010-11-08 05:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-07-02 13:47 - 2010-11-03 16:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-07-02 13:47 - 2010-09-23 15:21 - 00039672 ____R C:\Windows\system32\Drivers\RtPCEE3.DAT
2016-07-02 13:47 - 2010-07-22 14:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-07-02 13:47 - 2010-03-22 11:21 - 00247560 ____R C:\Windows\system32\Drivers\RTConvEQ.dat
2016-07-02 13:47 - 2010-03-22 11:21 - 00001448 ____R C:\Windows\system32\Drivers\RtHdatEx.dat
2016-07-02 13:47 - 2009-11-24 07:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-07-02 13:47 - 2009-11-24 07:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-07-02 13:47 - 2009-11-24 07:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-07-02 13:47 - 2009-11-24 07:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-07-02 13:46 - 2016-07-02 13:48 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-07-02 13:46 - 2016-07-02 13:46 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-07-02 13:46 - 2014-03-19 16:04 - 56628224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-07-02 13:46 - 2014-02-26 13:16 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-07-02 13:46 - 2014-02-26 06:48 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2016-07-02 13:46 - 2014-02-26 06:47 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-07-02 13:46 - 2014-02-18 16:12 - 01042520 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-07-02 13:46 - 2014-02-18 16:12 - 00882776 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2016-07-02 13:46 - 2014-02-18 15:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-07-02 13:46 - 2014-02-18 12:48 - 02396760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-07-02 13:46 - 2014-02-18 12:48 - 01424984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-07-02 13:46 - 2014-02-18 12:48 - 01423960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-07-02 13:46 - 2014-02-16 18:30 - 28314200 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2016-07-02 13:46 - 2014-02-16 18:30 - 14742104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2016-07-02 13:46 - 2014-02-16 18:30 - 12816472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-07-02 13:46 - 2014-02-16 18:30 - 03927640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2016-07-02 13:46 - 2014-02-16 18:30 - 02040920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-07-02 13:46 - 2014-02-16 18:30 - 01933400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2016-07-02 13:46 - 2014-01-31 15:28 - 00938608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-07-02 13:46 - 2014-01-31 15:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2016-07-02 13:46 - 2013-10-16 01:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-07-02 13:46 - 2013-10-11 10:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-07-02 13:46 - 2013-10-06 22:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2016-07-02 13:46 - 2013-10-06 22:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2016-07-02 13:46 - 2013-10-06 22:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2016-07-02 13:46 - 2013-09-10 02:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-07-02 13:46 - 2013-09-10 02:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-07-02 13:46 - 2013-09-10 02:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-07-02 13:46 - 2013-09-10 02:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-07-02 13:46 - 2013-08-14 13:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-07-02 13:46 - 2013-08-14 13:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-07-02 13:46 - 2013-06-21 09:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-07-02 13:46 - 2013-04-03 12:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-07-02 13:46 - 2012-08-31 17:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-07-02 13:46 - 2012-08-31 17:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-07-02 13:46 - 2012-08-31 17:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-07-02 13:46 - 2012-08-31 17:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-07-02 13:46 - 2012-08-31 17:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-07-02 13:46 - 2012-03-08 09:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-07-02 13:46 - 2011-08-23 15:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-07-02 13:46 - 2011-05-31 07:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-07-02 13:46 - 2010-09-27 07:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-07-02 13:42 - 2016-07-02 13:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2016-07-02 13:40 - 2016-07-02 14:27 - 00000000 ____D C:\Users\wpcomm\Documents\Bluetooth Folder
2016-07-02 13:40 - 2016-07-02 13:41 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-07-02 13:40 - 2016-07-02 13:40 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2016-07-02 13:39 - 2016-07-02 13:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-02 13:39 - 2016-07-02 13:42 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2016-07-02 13:39 - 2014-02-21 00:49 - 04044800 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2016-07-02 13:38 - 2016-07-02 13:39 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2016-07-02 13:36 - 2016-07-02 13:36 - 00000000 ____D C:\Program Files\Intel
2016-07-02 13:36 - 2016-07-02 13:36 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-02 13:36 - 2014-03-07 21:59 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-07-02 13:36 - 2014-03-07 21:59 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2016-07-02 13:34 - 2016-07-02 13:34 - 00001447 _____ C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-02 13:34 - 2016-07-02 13:34 - 00001413 _____ C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-07-02 13:34 - 2016-07-02 13:34 - 00000000 ____D C:\Intel
2016-07-02 13:32 - 2016-07-02 14:27 - 00000000 ____D C:\Users\wpcomm
2016-07-02 13:32 - 2016-07-02 13:32 - 00000020 ___SH C:\Users\wpcomm\ntuser.ini
2016-07-02 13:32 - 2016-07-02 13:32 - 00000000 __SHD C:\Recovery
2016-07-02 13:32 - 2016-07-02 13:32 - 00000000 ____D C:\Users\wpcomm\AppData\Local\VirtualStore
2016-07-02 13:32 - 2009-07-14 10:54 - 00000000 ___RD C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-07-02 13:32 - 2009-07-14 10:49 - 00000000 ___RD C:\Users\wpcomm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-07-02 11:01 - 2014-03-07 22:18 - 00186638 __RSH C:\Windows\system32\resTHA.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00179511 __RSH C:\Windows\system32\resELL.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00175392 __RSH C:\Windows\system32\resRUS.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00161268 __RSH C:\Windows\system32\resARA.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00160719 __RSH C:\Windows\system32\resHEB.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00160698 __RSH C:\Windows\system32\resJPN.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00156105 __RSH C:\Windows\system32\resFRA.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00156088 __RSH C:\Windows\system32\resHUN.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00154381 __RSH C:\Windows\system32\resKOR.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00154314 __RSH C:\Windows\system32\resITA.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00154287 __RSH C:\Windows\system32\resDEU.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00154148 __RSH C:\Windows\system32\resROM.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00154037 __RSH C:\Windows\system32\resESN.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00153601 __RSH C:\Windows\system32\resPLK.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00153459 __RSH C:\Windows\system32\resSKY.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00153260 __RSH C:\Windows\system32\resNLD.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00152700 __RSH C:\Windows\system32\resPTB.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00152545 __RSH C:\Windows\system32\resTRK.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00152536 __RSH C:\Windows\system32\resCSY.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00152411 __RSH C:\Windows\system32\resPTG.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00151989 __RSH C:\Windows\system32\resFIN.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00151552 __RSH C:\Windows\system32\resHRV.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00151097 __RSH C:\Windows\system32\resSVE.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00150924 __RSH C:\Windows\system32\resSLV.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00150001 __RSH C:\Windows\system32\resNOR.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00149488 __RSH C:\Windows\system32\resDAN.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00148173 __RSH C:\Windows\system32\resENU.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00146403 __RSH C:\Windows\system32\resCHT.cui
2016-07-02 11:01 - 2014-03-07 22:18 - 00145574 __RSH C:\Windows\system32\resCHS.cui
2016-07-02 11:00 - 2014-03-19 00:39 - 04340720 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 04337136 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00929776 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00543728 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00543216 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00501744 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00440816 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00393200 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00392688 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00282096 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00279024 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00243696 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00191472 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-07-02 11:00 - 2014-03-19 00:39 - 00153072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-07-02 11:00 - 2014-03-07 22:26 - 00450520 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2016-07-02 11:00 - 2014-03-07 22:26 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3496.dll
2016-07-02 11:00 - 2014-03-07 22:22 - 00002576 _____ C:\Windows\system32\iglhxs64.vp
2016-07-02 11:00 - 2014-03-07 22:21 - 27362968 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 26996776 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 26168168 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 25710824 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 04532472 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 03608032 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 01137080 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 01132960 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00425856 _____ C:\Windows\system32\igdmd64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00342944 _____ C:\Windows\SysWOW64\igdmd32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00218808 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00187408 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00183800 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00158032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2016-07-02 11:00 - 2014-03-07 22:21 - 00080312 _____ C:\Windows\system32\igfxexps.dll
2016-07-02 11:00 - 2014-03-07 22:18 - 08160256 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2016-07-02 11:00 - 2014-03-07 22:18 - 03729920 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-07-02 11:00 - 2014-03-07 22:18 - 00223744 _____ C:\Windows\system32\igdde64.dll
2016-07-02 11:00 - 2014-03-07 22:18 - 00160256 _____ C:\Windows\system32\igdail64.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00734208 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00653824 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00267264 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00254976 _____ C:\Windows\system32\igfxCPL.cpl
2016-07-02 11:00 - 2014-03-07 22:17 - 00209920 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00151040 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00068608 _____ C:\Windows\system32\igfxCUIServicePS.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00057344 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00010240 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2016-07-02 11:00 - 2014-03-07 22:17 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2016-07-02 11:00 - 2014-03-07 22:15 - 06448128 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2016-07-02 11:00 - 2014-03-07 22:15 - 00183296 _____ C:\Windows\SysWOW64\igdde32.dll
2016-07-02 11:00 - 2014-03-07 22:14 - 00142848 _____ C:\Windows\SysWOW64\igdail32.dll
2016-07-02 11:00 - 2014-03-07 22:14 - 00068608 _____ C:\Windows\SysWOW64\igfxexps32.dll
2016-07-02 11:00 - 2014-03-07 22:08 - 18028544 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2016-07-02 11:00 - 2014-03-07 22:08 - 01555456 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2016-07-02 11:00 - 2014-03-07 22:08 - 00291840 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2016-07-02 11:00 - 2014-03-07 22:08 - 00265216 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2016-07-02 11:00 - 2014-03-07 22:07 - 23046144 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2016-07-02 11:00 - 2014-03-07 22:07 - 01673728 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2016-07-02 11:00 - 2014-03-07 22:07 - 00330752 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2016-07-02 11:00 - 2014-03-07 22:07 - 00320512 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2016-07-02 11:00 - 2014-03-07 21:59 - 02020864 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 01753088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 00155136 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2016-07-02 11:00 - 2014-03-07 21:59 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2016-07-02 11:00 - 2014-03-07 21:59 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2016-07-02 11:00 - 2014-03-07 21:59 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2016-07-02 11:00 - 2014-03-07 21:59 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2016-07-02 11:00 - 2014-03-07 21:59 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2016-07-02 11:00 - 2014-03-07 21:59 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2016-07-02 11:00 - 2014-03-07 21:59 - 00001125 _____ C:\Windows\system32\iglhxa64.vp
2016-06-14 11:26 - 2016-06-14 11:28 - 02170368 _____ (Farbar) C:\Users\wpcomm\Desktop\frst64.exe
2016-06-14 11:02 - 2016-06-14 11:02 - 03677248 _____ C:\Users\wpcomm\Desktop\adwcleaner_5.119.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-03 23:09 - 2009-07-14 11:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 23:05 - 2009-07-14 11:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-03 23:05 - 2009-07-14 10:51 - 00023302 _____ C:\Windows\setupact.log
2016-07-03 23:04 - 2010-11-21 09:47 - 00006552 _____ C:\Windows\PFRO.log
2016-07-03 23:04 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\Speech
2016-07-03 23:04 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\Cursors
2016-07-03 14:01 - 2009-07-14 10:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 14:01 - 2009-07-14 10:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 13:53 - 2009-07-14 10:45 - 00271896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-03 03:21 - 2009-07-14 11:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2016-07-03 03:21 - 2009-07-14 11:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-07-03 03:20 - 2009-07-14 10:45 - 00000000 ____D C:\Windows\Setup
2016-07-03 02:32 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\rescache
2016-07-03 02:26 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\system32\oobe
2016-07-03 02:25 - 2009-07-14 11:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-03 02:24 - 2009-07-14 10:46 - 00002790 _____ C:\Windows\DtcInstall.log
2016-07-03 02:24 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-07-03 02:22 - 2010-11-21 13:16 - 00000000 ____D C:\Windows\CSC
2016-07-02 14:53 - 2009-07-14 09:20 - 00000000 ____D C:\Windows\security
2016-07-02 13:41 - 2009-07-14 09:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-07-02 13:39 - 2009-07-14 09:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-02 13:38 - 2009-07-14 11:32 - 00000000 ____D C:\Windows\system32\restore
 
==================== Files in the root of some directories =======
 
2016-07-02 13:47 - 2016-07-02 13:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\wpcomm\AppData\Local\Temp\dllnt_dump.dll
C:\Users\wpcomm\AppData\Local\Temp\libeay32.dll
C:\Users\wpcomm\AppData\Local\Temp\MediaPreviewSetup.exe
C:\Users\wpcomm\AppData\Local\Temp\msvcr120.dll
C:\Users\wpcomm\AppData\Local\Temp\SetupHelper.dll
C:\Users\wpcomm\AppData\Local\Temp\sqlite3.dll
C:\Users\wpcomm\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-02 15:13
 
==================== End of log ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 08 July 2016 - 12:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/618870 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mhnahid

mhnahid
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 11 July 2016 - 10:55 AM

Hello, bot!

Thanks for replying. Looks like the problem is solved. Mbytes and other malware checkers were fixing all the infected exe and dll files but the problem came back again and again driving me nauts! Finally I ran MSE and what it discovered is interesting. Most of the html files of my hdd got infected and every html file was the same size [259kb], which I didn't notice before. I couldn't upload or see the contents of those files as I was getting some error. 1 file was open in sublime text and it looked like long encrypted html. Unfortunately I lost the paste it could help you maybe. Anyway, after a full scan of the pc all html files were fixed and everything is fine now.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:59 PM

Posted 13 July 2016 - 12:40 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users