Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix log


  • This topic is locked This topic is locked
7 replies to this topic

#1 marcovich

marcovich

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 20 August 2016 - 08:13 AM

Hi,

I'm new to the forums and possibly posting in wrong place. I have run Combofix for suspected malware (there was one deleted by Malwarebytes) and have received the log.

Can someone explain what is on the log and should i do something else?

 

Thank you in advance

Attached Files

  • Attached File  log.txt   20.61KB   8 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 PM

Posted 22 August 2016 - 07:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more information.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems you are having with this computer.

#3 marcovich

marcovich
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 23 August 2016 - 06:50 AM

Hi nasdaq,

I have just recently reinstalled my windows 7 and somehow malwarebyte have found malware already. I have removed one but still would like to know that my PC is clean now. See FRST64 report:

Thank you for your help

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Ingelevic (administrator) on INGELEVIC-PC (23-08-2016 12:41:07)
Running from C:\Users\Ingelevic\Downloads
Loaded Profiles: Ingelevic & UpdatusUser (Available Profiles: Ingelevic & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-16] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2016-08-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2016-08-19] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-19] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-23] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-19] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{599A1AAA-937C-4127-97F6-DFA1106D0F79}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839460531-2015291538-3735150374-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839460531-2015291538-3735150374-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19] (AVAST Software)
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-19] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-19]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-19]
CHR Extension: (Google Drive) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-19]
CHR Extension: (YouTube) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-19]
CHR Extension: (Avast SafePrice) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-21]
CHR Extension: (Google Sheets) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-19]
CHR Extension: (Avast Online Security) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Gmail) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-19]
CHR Extension: (Chrome Media Router) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-19] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-08-18] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-19] (AVAST Software)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 12:41 - 2016-08-23 12:41 - 00015016 _____ C:\Users\Ingelevic\Downloads\FRST.txt
2016-08-23 12:40 - 2016-08-23 12:41 - 00000000 ____D C:\FRST
2016-08-23 12:40 - 2016-08-23 12:40 - 02396672 _____ (Farbar) C:\Users\Ingelevic\Downloads\FRST64.exe
2016-08-22 00:01 - 2016-08-22 00:01 - 01715464 _____ ( ) C:\Users\Ingelevic\Downloads\cpu-z_1.77-en.exe
2016-08-22 00:01 - 2016-08-22 00:01 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-08-22 00:01 - 2016-08-22 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-08-22 00:01 - 2016-08-22 00:01 - 00000000 ____D C:\Program Files\CPUID
2016-08-20 14:15 - 2016-08-20 14:15 - 08227032 _____ (Piriform Ltd) C:\Users\Ingelevic\Downloads\ccsetup521.exe
2016-08-20 14:15 - 2016-08-20 14:15 - 00002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-20 14:15 - 2016-08-20 14:15 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-20 14:15 - 2016-08-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-20 14:15 - 2016-08-20 14:15 - 00000000 ____D C:\Program Files\CCleaner
2016-08-20 13:57 - 2016-08-20 13:57 - 00021107 _____ C:\ComboFix.txt
2016-08-20 13:32 - 2016-08-21 23:56 - 00000000 ____D C:\Windows\erdnt
2016-08-20 13:06 - 2016-08-20 13:06 - 00000000 ____D C:\Windows\pss
2016-08-20 12:46 - 2016-08-20 12:46 - 22851472 _____ (Malwarebytes ) C:\Users\Ingelevic\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-20 12:46 - 2016-08-20 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-20 02:01 - 2016-08-20 14:15 - 00000000 ____D C:\Windows\Panther
2016-08-19 22:23 - 2016-08-19 22:23 - 00002661 _____ C:\Users\Ingelevic\Desktop\µTorrent.lnk
2016-08-19 22:23 - 2016-08-19 22:23 - 00002661 _____ C:\Users\Ingelevic\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-08-19 22:21 - 2016-08-20 14:16 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\uTorrent
2016-08-19 22:08 - 2016-08-19 22:08 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1471640896
2016-08-19 22:08 - 2016-08-19 22:08 - 00001043 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-19 22:08 - 2016-08-19 22:08 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-19 22:08 - 2016-08-19 22:08 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\CEF
2016-08-19 22:07 - 2016-08-19 22:07 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-08-19 22:06 - 2016-08-22 00:10 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\Skype
2016-08-19 22:06 - 2016-08-19 22:06 - 00002721 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-19 22:06 - 2016-08-19 22:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-19 22:06 - 2016-08-19 22:06 - 00000000 ____D C:\Users\Ingelevic\Tracing
2016-08-19 22:06 - 2016-08-19 22:06 - 00000000 ____D C:\ProgramData\Skype
2016-08-19 22:06 - 2016-08-19 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-19 22:05 - 2016-08-20 12:25 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-19 22:05 - 2016-08-19 22:05 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-19 22:05 - 2016-08-19 22:05 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-08-19 22:05 - 2016-08-19 22:05 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\AVAST Software
2016-08-19 22:05 - 2016-08-19 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-19 22:05 - 2016-08-19 22:05 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-19 22:05 - 2016-08-19 22:04 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-08-19 22:05 - 2016-08-19 22:04 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-08-19 22:04 - 2016-08-19 22:04 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-08-19 22:04 - 2016-08-19 22:04 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-08-19 22:04 - 2016-08-19 22:04 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-08-19 22:04 - 2016-08-19 22:04 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-08-19 22:03 - 2016-08-19 22:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-19 22:03 - 2016-08-19 22:07 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-19 22:03 - 2016-08-19 22:03 - 06253640 _____ (AVAST Software) C:\Users\Ingelevic\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-08-19 22:02 - 2016-08-19 22:02 - 00001594 __RSH C:\ProgramData\Client Monitor
2016-08-19 22:02 - 2016-08-19 22:02 - 00000000 _RSHD C:\Users\Ingelevic\AppData\Roaming\Monitor
2016-08-19 21:57 - 2016-08-19 21:57 - 00003266 _____ C:\Windows\System32\Tasks\UpdateService
2016-08-19 21:57 - 2016-08-19 21:57 - 00000032 ___SH C:\Windows\SysWOW64\capid
2016-08-19 21:44 - 2016-08-23 12:33 - 00000986 _____ C:\Windows\Tasks\Bing Powered Search mened.job
2016-08-19 21:44 - 2016-08-23 12:33 - 00000000 ____D C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}
2016-08-19 21:44 - 2016-08-20 12:24 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\{F3A0C51B-D6F2-A86D-BDC4-8FBF61167281}
2016-08-19 21:44 - 2016-08-19 21:44 - 00004024 _____ C:\Windows\System32\Tasks\Bing Powered Search mened
2016-08-19 21:44 - 2016-08-19 21:44 - 00000812 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-08-19 21:44 - 2016-08-19 21:44 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\{F3FDC5A1-D755-A919-BACD-8CF19EA57069}
2016-08-19 21:44 - 2016-08-19 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-08-19 21:44 - 2016-08-19 21:44 - 00000000 ____D C:\Program Files\PowerISO
2016-08-19 21:44 - 2016-05-25 00:06 - 00137280 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-08-19 21:38 - 2016-08-22 00:20 - 00007603 _____ C:\Users\Ingelevic\AppData\Local\Resmon.ResmonCfg
2016-08-19 21:37 - 2016-08-23 12:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 21:37 - 2016-08-23 12:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 21:37 - 2016-08-20 15:13 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\Google
2016-08-19 21:37 - 2016-08-19 21:44 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-19 21:37 - 2016-08-19 21:44 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-19 21:37 - 2016-08-19 21:37 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-19 21:37 - 2016-08-19 21:37 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-19 21:37 - 2016-08-19 21:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-19 21:36 - 2016-08-19 21:37 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\Deployment
2016-08-19 21:36 - 2016-08-19 21:36 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\Apps\2.0
2016-08-19 21:32 - 2016-08-19 21:32 - 00000000 ____D C:\ProgramData\Energy Management
2016-08-19 21:29 - 2016-08-19 21:29 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys
2016-08-19 21:29 - 2016-08-19 21:29 - 00019872 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoSDKEmSubSystem.dll
2016-08-19 21:29 - 2016-08-19 21:29 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-08-19 21:29 - 2016-08-19 21:29 - 00000000 ____D C:\Program Files\DIFX
2016-08-19 21:29 - 2016-08-19 21:29 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-08-19 21:28 - 2016-08-19 21:28 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-08-19 21:24 - 2016-08-19 21:24 - 00000000 ____D C:\Windows\SysWOW64\SDA
2016-08-19 21:24 - 2016-08-19 21:24 - 00000000 ____D C:\Program Files (x86)\JMicron
2016-08-19 21:24 - 2011-08-25 03:21 - 00173656 _____ (JMicron Technology Corporation) C:\Windows\system32\Drivers\jmcr.sys
2016-08-19 21:24 - 2010-07-27 03:08 - 00203352 _____ (JMicron Technology Corporation) C:\Windows\SysWOW64\jmcricon.dll
2016-08-19 21:24 - 2010-07-27 03:08 - 00203352 _____ (JMicron Technology Corporation) C:\Windows\system32\jmcricon.dll
2016-08-19 21:20 - 2016-08-19 21:20 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\ElevatedDiagnostics
2016-08-19 21:16 - 2016-08-19 21:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2016-08-19 21:16 - 2012-03-12 01:59 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2016-08-19 21:15 - 2012-03-12 01:59 - 00788760 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2016-08-19 21:15 - 2012-03-12 01:59 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2016-08-19 21:11 - 2016-08-19 21:11 - 00000000 ____D C:\Program Files (x86)\Vimicro
2016-08-19 21:11 - 2016-08-19 21:11 - 00000000 ____D C:\Program Files (x86)\USB Camera
2016-08-19 21:11 - 2011-12-07 03:43 - 00001822 _____ C:\Windows\vm331Rmv.ini
2016-08-19 21:11 - 2011-12-07 03:43 - 00001822 _____ C:\Windows\SysWOW64\vm331Rmv.ini
2016-08-19 21:11 - 2011-12-06 08:31 - 00952832 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys
2016-08-19 21:11 - 2011-08-11 06:53 - 01069056 _____ C:\Windows\system32\vmprp331x64.ax
2016-08-19 21:11 - 2011-08-11 06:53 - 00659456 _____ C:\Windows\SysWOW64\vmprp331.ax
2016-08-19 21:11 - 2011-06-15 10:20 - 00311296 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll
2016-08-19 21:11 - 2010-08-31 11:00 - 00208896 _____ (Vimicro) C:\Windows\SysWOW64\Reg331Unstal.dll
2016-08-19 21:11 - 2010-08-31 11:00 - 00208896 _____ (Vimicro) C:\Windows\Reg331Unstal.dll
2016-08-19 21:11 - 2010-06-30 10:38 - 00000356 _____ C:\Windows\system\vm331avs.rsf
2016-08-19 21:07 - 2016-08-19 21:07 - 00764126 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-08-19 21:04 - 2016-08-19 21:04 - 00000000 ____D C:\Users\Ingelevic\Documents\Bluetooth Exchange Folder
2016-08-19 21:04 - 2016-08-19 21:04 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\Broadcom
2016-08-19 21:04 - 2012-02-02 04:07 - 00615976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2016-08-19 21:03 - 2016-08-19 21:29 - 00000000 ____D C:\Program Files\Lenovo
2016-08-19 21:03 - 2012-02-02 04:07 - 00211496 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2016-08-19 21:03 - 2012-02-02 04:07 - 00184360 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2016-08-19 21:03 - 2012-02-02 04:07 - 00134696 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2016-08-19 21:03 - 2012-02-02 04:07 - 00046265 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.0226.0251.hex
2016-08-19 21:03 - 2012-02-02 04:07 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2016-08-19 21:03 - 2012-02-02 04:07 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2016-08-19 21:02 - 2016-08-19 21:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-08-19 21:02 - 2016-08-19 21:02 - 00000000 ____D C:\Program Files\Synaptics
2016-08-19 21:02 - 2011-12-16 02:04 - 00411920 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2016-08-19 21:02 - 2011-12-16 02:03 - 00421648 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00280336 _____ (Synaptics Incorporated) C:\Windows\system32\SynCtrl.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00229648 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00224528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00183568 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00150800 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo9.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00113936 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2016-08-19 21:02 - 2011-12-16 02:03 - 00068880 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPEnhPS.dll
2016-08-19 21:02 - 2011-09-14 12:11 - 01048576 _____ C:\Windows\system32\syndata.bin
2016-08-19 21:01 - 2016-08-19 21:01 - 00015348 _____ C:\Windows\system32\results.xml
2016-08-19 20:58 - 2012-03-02 22:48 - 00511768 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2016-08-19 20:58 - 2012-03-02 22:48 - 00170264 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2016-08-19 20:52 - 2011-11-15 04:12 - 00111216 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\L1C62x64.sys
2016-08-19 20:51 - 2016-08-19 20:51 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2016-08-19 20:50 - 2016-08-19 20:51 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-19 20:50 - 2016-08-19 20:50 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-08-19 20:50 - 2016-08-19 20:50 - 00000000 ____D C:\Program Files\Realtek
2016-08-19 20:50 - 2016-08-19 20:50 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-08-19 20:50 - 2012-01-03 11:55 - 04730344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-08-19 20:50 - 2012-01-03 09:35 - 00206088 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-08-19 20:50 - 2012-01-02 06:25 - 03747944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-08-19 20:50 - 2011-12-27 12:00 - 02765312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-08-19 20:50 - 2011-12-23 06:30 - 00823912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-08-19 20:50 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-08-19 20:50 - 2011-12-19 22:43 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-08-19 20:50 - 2011-12-18 10:58 - 05996376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2016-08-19 20:50 - 2011-12-18 10:58 - 02603864 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-08-19 20:50 - 2011-12-18 10:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-08-19 20:50 - 2011-12-18 10:58 - 01247576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2016-08-19 20:50 - 2011-12-18 10:58 - 00955736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-08-19 20:50 - 2011-12-15 05:39 - 00100968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-08-19 20:50 - 2011-12-13 13:22 - 02528832 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-08-19 20:50 - 2011-12-13 09:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-08-19 20:50 - 2011-12-13 04:01 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-08-19 20:50 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-08-19 20:50 - 2011-11-22 04:36 - 02615400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-08-19 20:50 - 2011-11-22 02:17 - 00376936 _____ (Realtek Semiconductor) C:\Windows\system32\RtkGuiCompLib.dll
2016-08-19 20:50 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-08-19 20:50 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-08-19 20:50 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-08-19 20:50 - 2011-07-22 12:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-08-19 20:50 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-08-19 20:50 - 2011-05-02 07:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-08-19 20:50 - 2011-05-02 07:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-08-19 20:50 - 2011-05-02 07:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-08-19 20:50 - 2011-05-02 07:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-08-19 20:50 - 2011-05-02 07:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-08-19 20:50 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-08-19 20:50 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-08-19 20:50 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-08-19 20:50 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-08-19 20:50 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-08-19 20:50 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-08-19 20:50 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-08-19 20:50 - 2010-10-03 06:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-08-19 20:50 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-08-19 20:50 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-08-19 20:50 - 2010-07-22 09:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-08-19 20:50 - 2010-05-06 10:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-08-19 20:50 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-08-19 20:50 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-08-19 20:50 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-08-19 20:50 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-08-19 20:50 - 2009-11-17 11:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-08-19 20:46 - 2016-08-19 20:46 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-08-19 20:46 - 2016-08-19 20:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2016-08-19 20:46 - 2016-08-19 20:46 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\Intel
2016-08-19 20:45 - 2016-08-19 20:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-08-19 20:45 - 2016-08-19 20:45 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-08-19 20:41 - 2016-08-19 20:41 - 00058016 _____ C:\Users\Ingelevic\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-19 20:41 - 2016-08-19 20:41 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\Intel Corporation
2016-08-19 20:40 - 2016-08-19 21:00 - 00000000 ____D C:\Windows\SysWOW64\NV
2016-08-19 20:40 - 2016-08-19 21:00 - 00000000 ____D C:\Windows\system32\NV
2016-08-19 20:38 - 2016-08-19 21:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-19 20:38 - 2016-08-19 20:46 - 00000000 ____D C:\Users\UpdatusUser
2016-08-19 20:38 - 2016-08-19 20:38 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2016-08-19 20:38 - 2016-08-19 20:38 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2016-08-19 20:38 - 2016-08-19 20:38 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2016-08-19 20:38 - 2016-08-19 20:38 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2016-08-19 20:38 - 2016-08-19 20:38 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2016-08-19 20:38 - 2016-08-19 20:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-08-19 20:38 - 2016-08-19 20:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-19 20:38 - 2012-02-23 08:44 - 00014669 _____ C:\Windows\system32\nvinfo.pb
2016-08-19 20:38 - 2012-02-23 06:54 - 01737536 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2016-08-19 20:38 - 2012-02-23 06:54 - 01466176 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco64.dll
2016-08-19 20:38 - 2012-02-23 05:26 - 03090752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 06083392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 02561856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 02506620 _____ C:\Windows\system32\nvcoproc.bin
2016-08-19 20:38 - 2012-02-23 05:25 - 00889664 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-08-19 20:38 - 2012-02-23 05:25 - 00850752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 00427328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 00118080 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 00063296 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-08-19 20:38 - 2012-02-23 05:25 - 00055616 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-08-19 20:38 - 2011-04-12 09:28 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Media Center Programs
2016-08-19 20:37 - 2012-02-23 06:54 - 25554752 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 25222464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 19454272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 17660224 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 17543488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 15025984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 14312256 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-08-19 20:37 - 2012-02-23 06:54 - 09731392 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 08037696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 07724864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 05919040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 02873664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 02676544 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 02673984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 02518336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 02438464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 02316608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00963392 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00813376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00364352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00301376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00260928 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00215360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-08-19 20:37 - 2012-02-23 06:54 - 00030016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2016-08-19 20:36 - 2016-08-19 20:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-19 20:35 - 2016-08-19 20:58 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-08-19 20:35 - 2011-12-06 12:23 - 00331264 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2016-08-19 20:35 - 2011-12-06 12:22 - 00014848 _____ (Intel® Corporation) C:\Windows\system32\IntcDAuC.dll
2016-08-19 20:34 - 2012-03-02 22:48 - 05886232 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2016-08-19 20:34 - 2012-03-02 22:48 - 00440600 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2016-08-19 20:34 - 2012-03-02 22:48 - 00398616 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2016-08-19 20:34 - 2012-03-02 22:48 - 00276248 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2016-08-19 20:34 - 2012-03-02 22:48 - 00250136 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-08-19 20:34 - 2012-03-02 22:48 - 00184600 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-08-19 20:34 - 2012-02-17 18:42 - 00018508 _____ C:\Windows\system32\iglhxs64.vp
2016-08-19 20:34 - 2012-02-17 18:35 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2656.dll
2016-08-19 20:34 - 2012-02-17 18:33 - 00735796 _____ C:\Windows\SysWOW64\igkrng700.bin
2016-08-19 20:34 - 2012-02-17 18:33 - 00735796 _____ C:\Windows\system32\igkrng700.bin
2016-08-19 20:34 - 2012-02-17 18:33 - 00561508 _____ C:\Windows\SysWOW64\igfcg700m.bin
2016-08-19 20:34 - 2012-02-17 18:33 - 00561508 _____ C:\Windows\system32\igfcg700m.bin
2016-08-19 20:34 - 2012-02-17 18:28 - 14692896 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-08-19 20:34 - 2012-02-17 18:28 - 08087040 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2016-08-19 20:34 - 2012-02-17 18:27 - 00079360 _____ C:\Windows\system32\igdde64.dll
2016-08-19 20:34 - 2012-02-17 18:24 - 06121472 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2016-08-19 20:34 - 2012-02-17 18:24 - 00058880 _____ C:\Windows\SysWOW64\igdde32.dll
2016-08-19 20:34 - 2012-02-17 18:21 - 09605632 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2016-08-19 20:34 - 2012-02-17 18:13 - 07794688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2016-08-19 20:34 - 2012-02-17 18:05 - 03747840 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2016-08-19 20:34 - 2012-02-17 18:05 - 00588800 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2016-08-19 20:34 - 2012-02-17 18:05 - 00236032 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2016-08-19 20:34 - 2012-02-17 18:03 - 02866688 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2016-08-19 20:34 - 2012-02-17 18:03 - 00516608 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2016-08-19 20:34 - 2012-02-17 18:03 - 00188416 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2016-08-19 20:34 - 2012-02-17 17:59 - 28979200 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2016-08-19 20:34 - 2012-02-17 17:50 - 23463424 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2016-08-19 20:34 - 2012-02-17 17:42 - 17213440 _____ C:\Windows\system32\ig7icd64.dll
2016-08-19 20:34 - 2012-02-17 17:32 - 13020160 _____ C:\Windows\SysWOW64\ig7icd32.dll
2016-08-19 20:34 - 2012-02-17 17:26 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00430592 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2016-08-19 20:34 - 2012-02-17 17:26 - 00221099 _____ C:\Windows\system32\Gfxres.th-TH.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00207830 _____ C:\Windows\system32\Gfxres.el-GR.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00191775 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00164334 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00161613 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00157226 _____ C:\Windows\system32\Gfxres.he-IL.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00148033 _____ C:\Windows\system32\Gfxres.it-IT.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00146675 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00145687 _____ C:\Windows\system32\Gfxres.es-ES.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00145579 _____ C:\Windows\system32\Gfxres.de-DE.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00144338 _____ C:\Windows\system32\Gfxres.ro-RO.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00143805 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00143155 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00142664 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00142335 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00142189 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00141644 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00141435 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00140923 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00140885 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00140549 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00140122 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00139487 _____ C:\Windows\system32\Gfxres.hr-HR.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00136451 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00136369 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00135868 _____ C:\Windows\system32\Gfxres.da-DK.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00131317 _____ C:\Windows\system32\Gfxres.en-US.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2016-08-19 20:34 - 2012-02-17 17:26 - 00124962 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2016-08-19 20:34 - 2012-02-17 17:26 - 00123467 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2016-08-19 20:34 - 2012-02-17 17:25 - 00430080 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00386560 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00172032 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2016-08-19 20:34 - 2012-02-17 17:25 - 00009216 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2016-08-19 20:34 - 2012-02-17 17:24 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2016-08-19 20:34 - 2012-02-17 17:24 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2016-08-19 20:34 - 2012-02-17 17:24 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2016-08-19 20:34 - 2012-02-17 17:23 - 00321024 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2016-08-19 20:34 - 2012-02-17 17:23 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2016-08-19 20:34 - 2012-02-17 17:22 - 00000264 _____ C:\Windows\system32\GfxUI.exe.config
2016-08-19 20:34 - 2012-02-17 17:21 - 02967040 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 02321408 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 01981696 _____ C:\Windows\system32\iglhxa64.cpa
2016-08-19 20:34 - 2012-02-17 17:21 - 00524800 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00519680 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00237056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00213504 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00193024 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00177152 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00059425 _____ C:\Windows\system32\iglhxo64.vp
2016-08-19 20:34 - 2012-02-17 17:21 - 00059398 _____ C:\Windows\system32\iglhxg64.vp
2016-08-19 20:34 - 2012-02-17 17:21 - 00059230 _____ C:\Windows\system32\iglhxc64.vp
2016-08-19 20:34 - 2012-02-17 17:21 - 00059104 _____ C:\Windows\system32\iglhxc64_dev.vp
2016-08-19 20:34 - 2012-02-17 17:21 - 00058796 _____ C:\Windows\system32\iglhxg64_dev.vp
2016-08-19 20:34 - 2012-02-17 17:21 - 00058109 _____ C:\Windows\system32\iglhxo64_dev.vp
2016-08-19 20:34 - 2012-02-17 17:21 - 00052736 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-08-19 20:34 - 2012-02-17 17:21 - 00051200 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-08-19 20:32 - 2016-08-19 21:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-19 20:32 - 2016-08-19 20:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-08-19 20:32 - 2011-11-29 19:40 - 00568600 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2016-08-19 20:30 - 2016-08-19 20:46 - 00000000 ____D C:\Program Files\Intel
2016-08-19 20:30 - 2016-08-19 20:45 - 00000000 ____D C:\ProgramData\Intel
2016-08-19 20:30 - 2012-02-21 05:10 - 00015128 ____R C:\Windows\system32\Drivers\IntelMEFWVer.dll
2016-08-19 20:27 - 2016-08-19 21:15 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-19 20:27 - 2016-08-19 20:57 - 00000000 ____D C:\Intel
2016-08-19 20:27 - 2011-12-06 08:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-08-19 17:15 - 2016-08-19 17:15 - 00001417 _____ C:\Users\Ingelevic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-19 17:15 - 2016-08-19 17:15 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\Adobe
2016-08-19 17:14 - 2016-08-19 22:06 - 00000000 ____D C:\Users\Ingelevic
2016-08-19 17:14 - 2016-08-19 17:14 - 00000020 ___SH C:\Users\Ingelevic\ntuser.ini
2016-08-19 17:14 - 2016-08-19 17:14 - 00000000 _SHDL C:\Users\Ingelevic\My Documents
2016-08-19 17:14 - 2016-08-19 17:14 - 00000000 _SHDL C:\Users\Ingelevic\Documents\My Videos
2016-08-19 17:14 - 2016-08-19 17:14 - 00000000 _SHDL C:\Users\Ingelevic\Documents\My Pictures
2016-08-19 17:14 - 2016-08-19 17:14 - 00000000 _SHDL C:\Users\Ingelevic\Documents\My Music
2016-08-19 17:14 - 2016-08-19 17:14 - 00000000 ____D C:\Users\Ingelevic\AppData\Local\VirtualStore
2016-08-19 17:14 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-08-19 17:14 - 2011-04-12 09:28 - 00000000 ____D C:\Users\Ingelevic\AppData\Roaming\Media Center Programs
2016-08-19 17:13 - 2015-07-16 20:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-19 17:13 - 2015-07-16 20:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-08-19 17:13 - 2015-07-16 20:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-08-19 17:13 - 2015-07-16 20:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-19 17:13 - 2015-07-16 20:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-08-19 17:13 - 2015-07-16 20:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-08-19 17:13 - 2015-07-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-08-19 17:09 - 2016-08-19 17:09 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-08-19 17:09 - 2016-08-19 17:09 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-08-19 17:07 - 2016-08-19 17:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-22 07:12 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-22 07:12 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-22 00:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-08-22 00:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-20 14:20 - 2009-07-14 06:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-20 13:46 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-08-20 13:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2016-08-20 12:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-20 02:01 - 2009-07-14 06:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-08-19 21:44 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-19 21:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-08-19 21:29 - 2011-12-15 14:09 - 00030816 _____ (Lenovo Corporation) C:\Windows\system32\Drivers\AcpiVpc.sys
2016-08-19 20:49 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-19 20:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2016-08-19 20:29 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-08-19 17:14 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\Setup
2016-08-19 17:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-08-19 17:08 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-19 17:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-08-19 17:05 - 2011-04-12 09:28 - 00000000 ____D C:\Windows\CSC
2016-08-19 17:05 - 2009-07-14 05:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2016-08-19 21:38 - 2016-08-22 00:20 - 0007603 _____ () C:\Users\Ingelevic\AppData\Local\Resmon.ResmonCfg
2016-08-19 22:02 - 2016-08-19 22:02 - 0001594 __RSH () C:\ProgramData\Client Monitor
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-20 14:37
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 PM

Posted 23 August 2016 - 08:27 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {130BDC8E-3DFD-4670-BC9A-E32A93957EFA} - System32\Tasks\Bing Powered Search mened => Wscript.exe "C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b42424544374538452d333141462d463434382d423736392d3641304132443242453143347d5c6c6166657461" "433a5c50726f6772616d446174615c7b42424544374538452d333141462d463434382d423736 (the data entry has 78 more characters).
Task: C:\Windows\Tasks\Bing Powered Search mened.job => Wscript.exe  C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt <==== ATTENTION
C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt
C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 marcovich

marcovich
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 23 August 2016 - 05:55 PM

Hi,
I would like to understand what i'm fixing by uplosding this whole code you have provided. Can you explain this briefly?
Cheers

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 PM

Posted 24 August 2016 - 08:30 AM

This is my suggested fix for what I believe must be done.

A Restore point will be created if something goes wrong you will be able to restore your system.

#7 marcovich

marcovich
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 24 August 2016 - 09:20 AM

Hi,

Fix deployed. Haven't noticed difference much yet. fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Ingelevic (24-08-2016 15:13:44) Run:1
Running from C:\Users\Ingelevic\Downloads
Loaded Profiles: Ingelevic & UpdatusUser (Available Profiles: Ingelevic & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-21]
CHR Extension: (Avast Online Security) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {130BDC8E-3DFD-4670-BC9A-E32A93957EFA} - System32\Tasks\Bing Powered Search mened => Wscript.exe "C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b42424544374538452d333141462d463434382d423736392d3641304132443242453143347d5c6c6166657461" "433a5c50726f6772616d446174615c7b42424544374538452d333141462d463434382d423736 (the data entry has 78 more characters).
Task: C:\Windows\Tasks\Bing Powered Search mened.job => Wscript.exe  C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt <==== ATTENTION
C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt
C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3839460531-2015291538-3735150374-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
catchme => service removed successfully
MBAMSwissArmy => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{130BDC8E-3DFD-4670-BC9A-E32A93957EFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{130BDC8E-3DFD-4670-BC9A-E32A93957EFA}" => key removed successfully
C:\Windows\System32\Tasks\Bing Powered Search mened => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bing Powered Search mened" => key removed successfully
C:\Windows\Tasks\Bing Powered Search mened.job => moved successfully
C:\ProgramData\{BBED7E8E-31AF-F448-B769-6A0A2D2BE1C4}\celo.txt => moved successfully
"C:\Users\Ingelevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20459176 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 303282 B
Edge => 0 B
Chrome => 196588513 B
Firefox => 60577494 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 0 B
Ingelevic => 7389184868 B
UpdatusUser => 0 B
 
RecycleBin => 45105323 B
EmptyTemp: => 7.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:14:10 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:20 PM

Posted 24 August 2016 - 09:36 AM

Let me know what Malwarebytes finds.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users