Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Virus plays Random Audio with no programs open

This is a discussion on Virus plays Random Audio with no programs open within the Resolved HJT Threads forums, part of the Tech Support Forum category. I'm running a 64 bit windows 7 home premium computer. I started getting random clips of music/ads/speech when I turn


 
 
Thread Tools Search this Thread
Old 07-10-2012, 11:07 AM   #1
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



I'm running a 64 bit windows 7 home premium computer.

I started getting random clips of music/ads/speech when I turn my computer on. It doesn't matter if I open a browser or not click anything, it just happens.

I tried system restore which I thought worked, but it came back, which made me think 1 I didn't delete it or 2 it came back when Microsoft Security Essentials updated its virus definitions somehow giving me a virus.

Either way...here is my info. I hope you can help.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by iRoss at 10:47:56 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3832.2314 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\MAFWTray.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Users\iRoss\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Codecv Class: {9ac9f197-9066-4861-b7f5-32b6a098a372} - C:\ProgramData\Codecv\bhoclass.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\05F425455425D20534F5E4564777F627B6 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\05F425455425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\2456C6B696E6F5E4B2F5936414433434 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\2456C6B696E6F5E4B2F5936414433434 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\84F6573756 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\84F6573756 : DhcpNameServer = 192.168.2.1 192.168.2.1
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Codecv Class: {9AC9F197-9066-4861-B7F5-32B6A098A372} - C:\ProgramData\Codecv\bhoclass.dll
BHO-X64: Codecv - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\iRoss\AppData\Roaming\Mozilla\Firefox\Profiles\nhgrwoev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\iRoss\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 9c584034-8296-4e54-99ee-637524c98c3e
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-5-8 8704]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MAFW;Service for M-Audio FireWire;C:\Windows\system32\DRIVERS\mafw.sys --> C:\Windows\system32\DRIVERS\mafw.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-7-1 689492]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 253600]
S3 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2010-1-19 23536]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-10 17:27:36 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E647A9BF-0250-4B14-AD69-FFE2C12D9A21}\offreg.dll
2012-07-10 17:24:21 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E647A9BF-0250-4B14-AD69-FFE2C12D9A21}\mpengine.dll
2012-07-10 17:19:12 116016 ----a-w- C:\Windows\System32\drivers\03923145.sys
2012-07-10 17:11:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-09 07:41:15 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-05 20:56:13 -------- d--h--w- C:\KMSEMUTEMP
2012-07-05 20:47:55 -------- d-----w- C:\Users\iRoss\AppData\Local\Microsoft Help
2012-07-04 15:50:04 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-07-04 15:49:59 -------- d-----w- C:\Program Files (x86)\Outsim
2012-07-04 05:43:09 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F3F890B-502A-4A8C-8145-FE71A5E99CA5}\gapaengine.dll
2012-07-01 16:40:20 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-07-01 13:39:49 689492 ----a-w- C:\Windows\SysWow64\adbcnsl.exe
2012-06-27 17:51:27 -------- dc-h--w- C:\ProgramData\{39752E59-CE7D-4919-9B7F-020F8C66116C}
2012-06-27 17:48:12 -------- d-----w- C:\Users\iRoss\AppData\Roaming\Lexicon PCM Native
2012-06-22 17:45:29 -------- d-----w- C:\Program Files (x86)\URS
2012-06-21 19:27:45 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 19:27:33 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 19:27:22 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 19:27:22 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 18:12:31 -------- dc-h--w- C:\ProgramData\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-19 18:09:21 -------- dc-h--w- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 17:37:21 -------- d-----w- C:\Users\iRoss\AppData\Roaming\FabFilter
2012-06-17 17:36:29 -------- d-----w- C:\Program Files\Steinberg
2012-06-17 17:36:27 -------- d-----w- C:\Program Files\FabFilter
2012-06-17 17:35:52 -------- d-----w- C:\Program Files (x86)\FabFilter
2012-06-17 17:31:25 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-06-17 17:30:20 -------- d-----w- C:\Users\iRoss\AppData\Roaming\uTorrent
2012-06-15 00:02:05 -------- d-----w- C:\ProgramData\PreSonus
2012-06-15 00:02:03 -------- d-----w- C:\Users\iRoss\AppData\Roaming\PreSonus
2012-06-14 23:57:25 -------- d-----w- C:\Program Files (x86)\PreSonus
2012-06-14 05:18:30 -------- d-----w- C:\Program Files\VstPlugins
2012-06-14 05:18:28 -------- d-----w- C:\Program Files\Celemony
2012-06-14 05:18:26 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2012-06-14 05:18:10 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2012-06-14 05:18:10 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-06-14 05:18:09 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2012-06-14 05:18:09 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-06-12 22:23:21 -------- d-----w- C:\Program Files\Common Files\Celemony
2012-06-12 19:22:39 -------- d-----w- C:\Program Files (x86)\Common Files\Celemony
2012-06-11 05:24:16 -------- d-----w- C:\Program Files (x86)\Celemony
.
==================== Find3M ====================
.
2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-20 18:28:43 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 18:28:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-20 18:28:23 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 10:48:32.16 ===============

thanks again for your time
Attached Files
File Type: txt Attach.txt (9.1 KB, 6 views)

__________________
tiger3xA is offline  
Old 07-11-2012, 10:43 AM   #2
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



I thought MSE finally got rid of it after a full scan. But this morning it started back up again. If anyone could help me out I will be grateful.

__________________
tiger3xA is offline  
Old 07-12-2012, 09:23 AM   #3
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



I really hope someone can help me? Or at least tell me I'm in the wrong place...

Thanks again
__________________
tiger3xA is offline  
Old 07-12-2012, 11:08 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



Hi,

sorry for the wait, the forum has been busy

please run the following:

Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-12-2012, 07:33 PM   #5
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



Thank you for your response CatByte I was going to wait one more day before I decided to go for a full recovery, so you were still fast enough and for that I appreciate you.

Anyway, here is the combofix log you asked for...


ComboFix 12-07-12.02 - iRoss 07/12/2012 19:12:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.2593 [GMT -7:00]
Running from: c:\users\iRoss\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Tone2.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_Adobe Licensing Console
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 02:18 . 2012-07-13 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 17:13 . 2012-07-12 17:13 -------- d-----w- c:\windows\system32\SPReview
2012-07-12 17:04 . 2010-11-20 13:27 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-07-12 17:03 . 2010-11-20 13:24 684032 ----a-w- c:\windows\system32\TabletPC.cpl
2012-07-12 17:02 . 2010-11-20 13:24 363520 ----a-w- c:\windows\system32\diskraid.exe
2012-07-12 17:01 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-07-12 17:01 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-07-12 17:01 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-07-12 17:01 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-07-12 17:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-12 17:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-12 17:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-12 16:58 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-12 16:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-12 16:58 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-12 16:26 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5ACDA57-26BC-4F93-B494-D015470CB7D9}\mpengine.dll
2012-07-11 17:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:39 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-10 18:08 . 2012-07-10 18:09 -------- d-----w- c:\program files (x86)\BHODemon 2
2012-07-10 17:11 . 2012-07-10 17:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 23:27 . 2012-07-05 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-05 20:56 . 2012-07-06 05:16 -------- d-----w- C:\KMSEMUTEMP
2012-07-05 20:47 . 2012-07-05 20:47 -------- d-----w- c:\users\iRoss\AppData\Local\Microsoft Help
2012-07-05 20:47 . 2012-07-06 06:44 -------- d-----w- c:\programdata\Microsoft Help
2012-07-04 15:50 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-04 15:49 . 2012-07-04 15:49 -------- d-----w- c:\program files (x86)\Outsim
2012-07-04 05:43 . 2012-02-10 19:13 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F3F890B-502A-4A8C-8145-FE71A5E99CA5}\gapaengine.dll
2012-07-01 16:40 . 2012-07-01 16:40 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-07-01 13:39 . 2012-07-01 13:39 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-06-27 17:51 . 2012-06-27 17:51 -------- dc-h--w- c:\programdata\{39752E59-CE7D-4919-9B7F-020F8C66116C}
2012-06-27 17:48 . 2012-06-27 17:48 -------- d-----w- c:\users\iRoss\AppData\Roaming\Lexicon PCM Native
2012-06-22 17:45 . 2012-06-22 17:45 -------- d-----w- c:\program files (x86)\URS
2012-06-21 19:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 19:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 19:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 19:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 19:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 19:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 19:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 19:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 19:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 18:12 . 2012-06-24 01:20 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-19 18:09 . 2012-06-24 01:20 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 17:37 . 2012-06-17 17:37 -------- d-----w- c:\users\iRoss\AppData\Roaming\FabFilter
2012-06-17 17:36 . 2012-06-17 17:36 -------- d-----w- c:\program files\Steinberg
2012-06-17 17:36 . 2012-06-17 17:36 -------- d-----w- c:\program files\FabFilter
2012-06-17 17:35 . 2012-06-17 17:35 -------- d-----w- c:\program files (x86)\FabFilter
2012-06-17 17:31 . 2012-07-10 18:00 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-15 00:02 . 2012-06-15 00:05 -------- d-----w- c:\programdata\PreSonus
2012-06-15 00:02 . 2012-06-15 00:02 -------- d-----w- c:\users\iRoss\AppData\Roaming\PreSonus
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\PreSonus
2012-06-14 05:18 . 2012-06-14 05:18 -------- d-----w- c:\program files\VstPlugins
2012-06-14 05:18 . 2012-06-14 05:18 -------- d-----w- c:\program files\Celemony
2012-06-14 05:18 . 2012-06-14 05:18 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-06-14 05:18 . 2011-10-28 22:20 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-14 05:18 . 2011-10-28 22:19 829264 ----a-w- c:\windows\system32\msvcr100.dll
2012-06-14 05:18 . 2011-06-11 08:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-14 05:18 . 2011-06-11 08:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-12 17:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-20 18:28 . 2012-04-08 18:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 18:28 . 2011-10-21 18:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 18:28 . 2012-04-14 00:28 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9AC9F197-9066-4861-B7F5-32B6A098A372}]
2012-04-07 17:30 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 253600]
R3 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-05-19 231224]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-05-03 8704]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 231944]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:57]
.
2012-07-13 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-24 19:24]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039857596-3664929512-2776014719-1000Core.job
- c:\users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 21:40]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039857596-3664929512-2776014719-1000UA.job
- c:\users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 21:40]
.
2012-07-12 c:\windows\Tasks\HPCeeScheduleForiRoss.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-06-22 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF31152.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\05F425455425D20534F5E4564777F627B6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\2456C6B696E6F5E4B2F5936414433434: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\84F6573756: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\iRoss\AppData\Roaming\Mozilla\Firefox\Profiles\nhgrwoev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - user.js: extentions.y2layers.installId - 9c584034-8296-4e54-99ee-637524c98c3e
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10357363.sys
SafeBoot-81071862.sys
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-07-12 19:23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 02:23
.
Pre-Run: 650,612,203,520 bytes free
Post-Run: 650,594,807,808 bytes free
.
- - End Of File - - 48FB51C0E920B8BE60027A56BA36FA3B


Again, thank you for your timely response. And also thank you for the detailed information too...if I didn't read all of that I would have freaked out a little bit when I realized my programs all were coming up with that error message about the registry and deletion I simply rebooted like you said and here I am.

thank you thank you thank you and I hope we can fix this with your expertise .
__________________
tiger3xA is offline  
Old 07-12-2012, 07:49 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-13-2012, 12:42 AM   #7
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



2211.0953 3592 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
2212.0542 3592 ============================================================
2212.0542 3592 Current date / time: 2012/07/12 2212.0542
2212.0542 3592 SystemInfo:
2212.0542 3592
2212.0542 3592 OS Version: 6.1.7601 ServicePack: 1.0
2212.0542 3592 Product type: Workstation
2212.0542 3592 ComputerName: IROSS-HP
2212.0542 3592 UserName: iRoss
2212.0542 3592 Windows directory: C:\Windows
2212.0542 3592 System windows directory: C:\Windows
2212.0542 3592 Running under WOW64
2212.0542 3592 Processor architecture: Intel x64
2212.0542 3592 Number of processors: 4
2212.0542 3592 Page size: 0x1000
2212.0542 3592 Boot type: Normal boot
2212.0542 3592 ============================================================
2213.0819 3592 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
2213.0860 3592 ============================================================
2213.0860 3592 \Device\Harddisk0\DR0:
2213.0860 3592 MBR partitions:
2213.0860 3592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
2213.0860 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55DD4800
2213.0860 3592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55E07000, BlocksNum 0x16F4000
2213.0860 3592 ============================================================
2213.0879 3592 C: <-> \Device\Harddisk0\DR0\Partition1
2213.0986 3592 D: <-> \Device\Harddisk0\DR0\Partition2
2213.0987 3592 ============================================================
2213.0987 3592 Initialize success
2213.0987 3592 ============================================================
2232.0039 4620 ============================================================
2232.0039 4620 Scan started
2232.0039 4620 Mode: Manual; TDLFS;
2232.0039 4620 ============================================================
2232.0575 4620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2232.0578 4620 1394ohci - ok
2232.0604 4620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2232.0608 4620 ACPI - ok
2232.0619 4620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2232.0637 4620 AcpiPmi - ok
2232.0756 4620 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
2232.0761 4620 AdobeFlashPlayerUpdateSvc - ok
2232.0819 4620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2232.0824 4620 adp94xx - ok
2232.0843 4620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2232.0846 4620 adpahci - ok
2232.0859 4620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2232.0862 4620 adpu320 - ok
2232.0889 4620 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
2232.0890 4620 AeLookupSvc - ok
2232.0967 4620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
2233.0002 4620 AFD - ok
2233.0041 4620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2233.0043 4620 agp440 - ok
2233.0075 4620 ahcix64s (b7103982196eb826be70f29405c566db) C:\Windows\system32\DRIVERS\ahcix64s.sys
2233.0076 4620 ahcix64s - ok
2233.0087 4620 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
2233.0089 4620 ALG - ok
2233.0116 4620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2233.0117 4620 aliide - ok
2233.0160 4620 AMD External Events Utility (2fdcb3e855076ce97ccb58e2cf8f2a09) C:\Windows\system32\atiesrxx.exe
2233.0165 4620 AMD External Events Utility - ok
2233.0187 4620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2233.0189 4620 amdide - ok
2233.0211 4620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2233.0213 4620 AmdK8 - ok
2233.0848 4620 amdkmdag (9920704bf815a5b42da5264f013aaeb7) C:\Windows\system32\DRIVERS\atikmdag.sys
2234.0000 4620 amdkmdag - ok
2234.0191 4620 amdkmdap (0d1055a47a8f5dc1caa2701831293ebb) C:\Windows\system32\DRIVERS\atikmpag.sys
2234.0198 4620 amdkmdap - ok
2234.0206 4620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2234.0207 4620 AmdPPM - ok
2234.0283 4620 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2234.0301 4620 amdsata - ok
2234.0398 4620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2234.0402 4620 amdsbs - ok
2234.0491 4620 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2234.0492 4620 amdxata - ok
2234.0619 4620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2234.0653 4620 AppID - ok
2234.0736 4620 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
2234.0738 4620 AppIDSvc - ok
2234.0895 4620 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
2234.0897 4620 Appinfo - ok
2235.0137 4620 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2235.0140 4620 Apple Mobile Device - ok
2235.0234 4620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2235.0238 4620 arc - ok
2235.0308 4620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2235.0311 4620 arcsas - ok
2235.0334 4620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2235.0335 4620 AsyncMac - ok
2235.0363 4620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2235.0365 4620 atapi - ok
2235.0410 4620 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
2235.0411 4620 AtiPcie - ok
2235.0480 4620 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
2235.0536 4620 AudioEndpointBuilder - ok
2235.0544 4620 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
2235.0548 4620 AudioSrv - ok
2235.0572 4620 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
2235.0602 4620 AxInstSV - ok
2235.0636 4620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2235.0641 4620 b06bdrv - ok
2235.0659 4620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2235.0662 4620 b57nd60a - ok
2235.0691 4620 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
2235.0693 4620 BDESVC - ok
2235.0699 4620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2235.0699 4620 Beep - ok
2235.0755 4620 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
2235.0783 4620 BFE - ok
2235.0825 4620 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
2235.0834 4620 BITS - ok
2235.0872 4620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2235.0873 4620 blbdrive - ok
2235.0942 4620 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
2235.0952 4620 Bonjour Service - ok
2235.0982 4620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2235.0983 4620 bowser - ok
2235.0999 4620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2236.0000 4620 BrFiltLo - ok
2236.0010 4620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2236.0012 4620 BrFiltUp - ok
2236.0069 4620 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2236.0071 4620 BridgeMP - ok
2236.0097 4620 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
2236.0118 4620 Browser - ok
2236.0144 4620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2236.0148 4620 Brserid - ok
2236.0164 4620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2236.0165 4620 BrSerWdm - ok
2236.0171 4620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2236.0172 4620 BrUsbMdm - ok
2236.0188 4620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2236.0189 4620 BrUsbSer - ok
2236.0225 4620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2236.0228 4620 BTHMODEM - ok
2236.0265 4620 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
2236.0269 4620 bthserv - ok
2236.0306 4620 catchme - ok
2236.0345 4620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2236.0348 4620 cdfs - ok
2236.0413 4620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2236.0448 4620 cdrom - ok
2236.0491 4620 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
2236.0519 4620 CertPropSvc - ok
2236.0585 4620 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
2236.0589 4620 CinemaNow Service - ok
2236.0605 4620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2236.0608 4620 circlass - ok
2236.0646 4620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2236.0654 4620 CLFS - ok
2236.0745 4620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2236.0748 4620 clr_optimization_v2.0.50727_32 - ok
2236.0789 4620 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
2236.0793 4620 clr_optimization_v2.0.50727_64 - ok
2236.0852 4620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
2236.0856 4620 clr_optimization_v4.0.30319_32 - ok
2236.0909 4620 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
2236.0913 4620 clr_optimization_v4.0.30319_64 - ok
2236.0928 4620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2236.0929 4620 CmBatt - ok
2236.0946 4620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2236.0947 4620 cmdide - ok
2236.0990 4620 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
2236.0996 4620 CNG - ok
2237.0024 4620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2237.0025 4620 Compbatt - ok
2237.0037 4620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2237.0051 4620 CompositeBus - ok
2237.0067 4620 COMSysApp - ok
2237.0083 4620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2237.0085 4620 crcdisk - ok
2237.0124 4620 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
2237.0159 4620 CryptSvc - ok
2237.0236 4620 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
2237.0247 4620 DcomLaunch - ok
2237.0289 4620 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
2237.0293 4620 defragsvc - ok
2237.0322 4620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2237.0324 4620 DfsC - ok
2237.0349 4620 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
2237.0383 4620 Dhcp - ok
2237.0407 4620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2237.0408 4620 discache - ok
2237.0440 4620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2237.0441 4620 Disk - ok
2237.0487 4620 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
2237.0527 4620 Dnscache - ok
2237.0563 4620 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
2237.0587 4620 dot3svc - ok
2237.0616 4620 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
2237.0659 4620 DPS - ok
2237.0687 4620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2237.0688 4620 drmkaud - ok
2237.0742 4620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2237.0752 4620 DXGKrnl - ok
2237.0793 4620 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
2237.0795 4620 EapHost - ok
2237.0929 4620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2237.0981 4620 ebdrv - ok
2238.0065 4620 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
2238.0102 4620 EFS - ok
2238.0137 4620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2238.0144 4620 elxstor - ok
2238.0183 4620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2238.0203 4620 ErrDev - ok
2238.0273 4620 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
2238.0282 4620 EventSystem - ok
2238.0314 4620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2238.0320 4620 exfat - ok
2238.0351 4620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2238.0357 4620 fastfat - ok
2238.0414 4620 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
2238.0503 4620 Fax - ok
2238.0518 4620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2238.0519 4620 fdc - ok
2238.0529 4620 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
2238.0530 4620 fdPHost - ok
2238.0542 4620 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
2238.0544 4620 FDResPub - ok
2238.0558 4620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2238.0559 4620 FileInfo - ok
2238.0564 4620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2238.0565 4620 Filetrace - ok
2238.0570 4620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2238.0571 4620 flpydisk - ok
2238.0607 4620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2238.0610 4620 FltMgr - ok
2238.0681 4620 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
2238.0748 4620 FontCache - ok
2238.0798 4620 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
2238.0801 4620 FontCache3.0.0.0 - ok
2238.0904 4620 FreemakeVideoCapture (93b5cd0ac126be95f65b28af3d9542dc) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
2238.0936 4620 FreemakeVideoCapture - ok
2238.0966 4620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2238.0968 4620 FsDepends - ok
2238.0982 4620 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
2238.0983 4620 Fs_Rec - ok
2239.0025 4620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2239.0028 4620 fvevol - ok
2239.0046 4620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2239.0048 4620 gagp30kx - ok
2239.0077 4620 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2239.0079 4620 GEARAspiWDM - ok
2239.0128 4620 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
2239.0167 4620 gpsvc - ok
2239.0190 4620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2239.0191 4620 hcw85cir - ok
2239.0272 4620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2239.0309 4620 HdAudAddService - ok
2239.0339 4620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2239.0341 4620 HDAudBus - ok
2239.0346 4620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2239.0348 4620 HidBatt - ok
2239.0365 4620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2239.0367 4620 HidBth - ok
2239.0373 4620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2239.0375 4620 HidIr - ok
2239.0403 4620 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
2239.0405 4620 hidserv - ok
2239.0418 4620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2239.0436 4620 HidUsb - ok
2239.0462 4620 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
2239.0500 4620 hkmsvc - ok
2239.0537 4620 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
2239.0573 4620 HomeGroupListener - ok
2239.0601 4620 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
2239.0623 4620 HomeGroupProvider - ok
2239.0723 4620 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
2239.0729 4620 hpqwmiex - ok
2239.0763 4620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2239.0767 4620 HpSAMD - ok
2239.0849 4620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2239.0908 4620 HTTP - ok
2239.0923 4620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2239.0923 4620 hwpolicy - ok
2239.0949 4620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2239.0969 4620 i8042prt - ok
2239.0989 4620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2239.0999 4620 iaStorV - ok
2240.0056 4620 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
2240.0071 4620 idsvc - ok
2240.0102 4620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2240.0102 4620 iirsp - ok
2240.0149 4620 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
2240.0190 4620 IKEEXT - ok
2240.0360 4620 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
2240.0400 4620 IntcAzAudAddService - ok
2240.0490 4620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2240.0490 4620 intelide - ok
2240.0500 4620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2240.0500 4620 intelppm - ok
2240.0520 4620 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
2240.0530 4620 IPBusEnum - ok
2240.0550 4620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2240.0580 4620 IpFilterDriver - ok
2240.0650 4620 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
2240.0690 4620 iphlpsvc - ok
2240.0720 4620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2240.0730 4620 IPMIDRV - ok
2240.0750 4620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2240.0750 4620 IPNAT - ok
2240.0870 4620 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
2240.0890 4620 iPod Service - ok
2240.0910 4620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2240.0910 4620 IRENUM - ok
2240.0930 4620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2240.0930 4620 isapnp - ok
2240.0964 4620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2240.0968 4620 iScsiPrt - ok
2241.0001 4620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2241.0003 4620 kbdclass - ok
2241.0010 4620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2241.0026 4620 kbdhid - ok
2241.0052 4620 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
2241.0053 4620 KeyIso - ok
2241.0077 4620 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
2241.0079 4620 KSecDD - ok
2241.0105 4620 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
2241.0107 4620 KSecPkg - ok
2241.0122 4620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2241.0123 4620 ksthunk - ok
2241.0151 4620 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
2241.0156 4620 KtmRm - ok
2241.0204 4620 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
2241.0235 4620 LanmanServer - ok
2241.0287 4620 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
2241.0332 4620 LanmanWorkstation - ok
2241.0357 4620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2241.0358 4620 lltdio - ok
2241.0391 4620 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
2241.0395 4620 lltdsvc - ok
2241.0408 4620 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
2241.0409 4620 lmhosts - ok
2241.0439 4620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2241.0440 4620 LSI_FC - ok
2241.0447 4620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2241.0449 4620 LSI_SAS - ok
2241.0455 4620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2241.0456 4620 LSI_SAS2 - ok
2241.0464 4620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2241.0466 4620 LSI_SCSI - ok
2241.0484 4620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2241.0485 4620 luafv - ok
2241.0530 4620 MAFW (3404abc72d1075b171231d4169207312) C:\Windows\system32\DRIVERS\mafw.sys
2241.0583 4620 MAFW - ok
2241.0600 4620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2241.0601 4620 megasas - ok
2241.0625 4620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2241.0629 4620 MegaSR - ok
2241.0646 4620 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
2241.0648 4620 MMCSS - ok
2241.0654 4620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2241.0655 4620 Modem - ok
2241.0664 4620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2241.0665 4620 monitor - ok
2241.0709 4620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2241.0711 4620 mouclass - ok
2241.0727 4620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2241.0729 4620 mouhid - ok
2241.0765 4620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2241.0768 4620 mountmgr - ok
2241.0812 4620 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
2241.0817 4620 MpFilter - ok
2241.0844 4620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2241.0847 4620 mpio - ok
2241.0866 4620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2241.0868 4620 mpsdrv - ok
2241.0922 4620 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
2241.0956 4620 MpsSvc - ok
2241.0982 4620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2241.0997 4620 MRxDAV - ok
2242.0021 4620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2242.0022 4620 mrxsmb - ok
2242.0036 4620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2242.0038 4620 mrxsmb10 - ok
2242.0051 4620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2242.0052 4620 mrxsmb20 - ok
2242.0065 4620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2242.0066 4620 msahci - ok
2242.0082 4620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2242.0084 4620 msdsm - ok
2242.0110 4620 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
2242.0113 4620 MSDTC - ok
2242.0125 4620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2242.0126 4620 Msfs - ok
2242.0156 4620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2242.0157 4620 mshidkmdf - ok
2242.0167 4620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2242.0167 4620 msisadrv - ok
2242.0185 4620 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
2242.0185 4620 MSiSCSI - ok
2242.0195 4620 msiserver - ok
2242.0215 4620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2242.0215 4620 MSKSSRV - ok
2242.0295 4620 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
2242.0295 4620 MsMpSvc - ok
2242.0305 4620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2242.0305 4620 MSPCLOCK - ok
2242.0325 4620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2242.0335 4620 MSPQM - ok
2242.0386 4620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2242.0391 4620 MsRPC - ok
2242.0420 4620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2242.0421 4620 mssmbios - ok
2242.0435 4620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2242.0437 4620 MSTEE - ok
2242.0447 4620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2242.0448 4620 MTConfig - ok
2242.0468 4620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2242.0469 4620 Mup - ok
2242.0507 4620 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
2242.0514 4620 napagent - ok
2242.0553 4620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2242.0557 4620 NativeWifiP - ok
2242.0678 4620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2242.0693 4620 NDIS - ok
2242.0730 4620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2242.0732 4620 NdisCap - ok
2242.0765 4620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2242.0767 4620 NdisTapi - ok
2242.0809 4620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2242.0836 4620 Ndisuio - ok
2242.0868 4620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2242.0886 4620 NdisWan - ok
2242.0912 4620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2242.0927 4620 NDProxy - ok
2242.0943 4620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2242.0943 4620 NetBIOS - ok
2242.0972 4620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2242.0992 4620 NetBT - ok
2243.0016 4620 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
2243.0018 4620 Netlogon - ok
2243.0066 4620 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
2243.0072 4620 Netman - ok
2243.0096 4620 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
2243.0102 4620 netprofm - ok
2243.0154 4620 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
2243.0164 4620 netr28x - ok
2243.0212 4620 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
2243.0216 4620 NetTcpPortSharing - ok
2243.0262 4620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2243.0264 4620 nfrd960 - ok
2243.0656 4620 NIHardwareService (fdcfe6c98fcd64aa6d8411f44faa2c29) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
2243.0963 4620 NIHardwareService - ok
2244.0031 4620 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2244.0033 4620 NisDrv - ok
2244.0069 4620 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
2244.0072 4620 NisSrv - ok
2244.0125 4620 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
2244.0175 4620 NlaSvc - ok
2244.0188 4620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2244.0189 4620 Npfs - ok
2244.0225 4620 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
2244.0226 4620 nsi - ok
2244.0233 4620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2244.0234 4620 nsiproxy - ok
2244.0320 4620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2244.0353 4620 Ntfs - ok
2244.0400 4620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2244.0401 4620 Null - ok
2244.0438 4620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2244.0440 4620 nvraid - ok
2244.0457 4620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2244.0459 4620 nvstor - ok
2244.0476 4620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2244.0478 4620 nv_agp - ok
2244.0494 4620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2244.0509 4620 ohci1394 - ok
2244.0533 4620 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
2244.0538 4620 p2pimsvc - ok
2244.0566 4620 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
2244.0573 4620 p2psvc - ok
2244.0617 4620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2244.0621 4620 Parport - ok
2244.0653 4620 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
2244.0655 4620 partmgr - ok
2244.0674 4620 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
2244.0678 4620 PcaSvc - ok
2244.0727 4620 PcdrNdisuio - ok
2244.0745 4620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2244.0747 4620 pci - ok
2244.0766 4620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2244.0767 4620 pciide - ok
2244.0797 4620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2244.0803 4620 pcmcia - ok
2244.0822 4620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2244.0823 4620 pcw - ok
2244.0858 4620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2244.0866 4620 PEAUTH - ok
2244.0929 4620 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
2244.0931 4620 PerfHost - ok
2245.0061 4620 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
2245.0126 4620 pla - ok
2245.0173 4620 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
2245.0212 4620 PlugPlay - ok
2245.0243 4620 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
2245.0245 4620 PNRPAutoReg - ok
2245.0264 4620 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
2245.0267 4620 PNRPsvc - ok
2245.0296 4620 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
2245.0322 4620 PolicyAgent - ok
2245.0349 4620 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
2245.0352 4620 Power - ok
2245.0418 4620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2245.0450 4620 PptpMiniport - ok
2245.0465 4620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2245.0466 4620 Processor - ok
2245.0501 4620 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
2245.0531 4620 ProfSvc - ok
2245.0541 4620 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
2245.0542 4620 ProtectedStorage - ok
2245.0581 4620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2245.0598 4620 Psched - ok
2245.0672 4620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2245.0698 4620 ql2300 - ok
2245.0768 4620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2245.0770 4620 ql40xx - ok
2245.0794 4620 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
2245.0798 4620 QWAVE - ok
2245.0810 4620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2245.0811 4620 QWAVEdrv - ok
2245.0815 4620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2245.0816 4620 RasAcd - ok
2245.0840 4620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2245.0841 4620 RasAgileVpn - ok
2245.0856 4620 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
2245.0859 4620 RasAuto - ok
2245.0883 4620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2245.0899 4620 Rasl2tp - ok
2245.0937 4620 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
2245.0967 4620 RasMan - ok
2245.0989 4620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2245.0991 4620 RasPppoe - ok
2246.0000 4620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2246.0001 4620 RasSstp - ok
2246.0034 4620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2246.0037 4620 rdbss - ok
2246.0074 4620 RDID1027 (7b345fa8191172fb719c82417154058d) C:\Windows\system32\Drivers\rdwm1027.sys
2246.0100 4620 RDID1027 - ok
2246.0109 4620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2246.0110 4620 rdpbus - ok
2246.0123 4620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2246.0124 4620 RDPCDD - ok
2246.0161 4620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2246.0163 4620 RDPENCDD - ok
2246.0179 4620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2246.0180 4620 RDPREFMP - ok
2246.0213 4620 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
2246.0236 4620 RDPWD - ok
2246.0276 4620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2246.0280 4620 rdyboost - ok
2246.0294 4620 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
2246.0298 4620 RemoteAccess - ok
2246.0308 4620 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
2246.0312 4620 RemoteRegistry - ok
2246.0320 4620 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
2246.0323 4620 RpcEptMapper - ok
2246.0335 4620 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
2246.0337 4620 RpcLocator - ok
2246.0381 4620 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
2246.0384 4620 RpcSs - ok
2246.0407 4620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2246.0408 4620 rspndr - ok
2246.0462 4620 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
2246.0470 4620 RTL8167 - ok
2246.0497 4620 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
2246.0500 4620 SamSs - ok
2246.0538 4620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2246.0542 4620 sbp2port - ok
2246.0565 4620 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
2246.0573 4620 SCardSvr - ok
2246.0641 4620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2246.0665 4620 scfilter - ok
2246.0760 4620 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
2246.0816 4620 Schedule - ok
2246.0838 4620 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
2246.0839 4620 SCPolicySvc - ok
2246.0897 4620 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
2246.0959 4620 SDRSVC - ok
2247.0042 4620 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2247.0048 4620 SeaPort - ok
2247.0110 4620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2247.0112 4620 secdrv - ok
2247.0128 4620 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
2247.0159 4620 seclogon - ok
2247.0169 4620 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
2247.0171 4620 SENS - ok
2247.0178 4620 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
2247.0180 4620 SensrSvc - ok
2247.0198 4620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2247.0200 4620 Serenum - ok
2247.0217 4620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2247.0219 4620 Serial - ok
2247.0265 4620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2247.0292 4620 sermouse - ok
2247.0339 4620 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
2247.0372 4620 SessionEnv - ok
2247.0388 4620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2247.0397 4620 sffdisk - ok
2247.0403 4620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2247.0412 4620 sffp_mmc - ok
2247.0418 4620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2247.0427 4620 sffp_sd - ok
2247.0439 4620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2247.0441 4620 sfloppy - ok
2247.0477 4620 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
2247.0481 4620 SharedAccess - ok
2247.0515 4620 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
2247.0541 4620 ShellHWDetection - ok
2247.0558 4620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2247.0559 4620 SiSRaid2 - ok
2247.0567 4620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2247.0568 4620 SiSRaid4 - ok
2247.0587 4620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2247.0589 4620 Smb - ok
2247.0605 4620 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
2247.0607 4620 SNMPTRAP - ok
2247.0619 4620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2247.0619 4620 spldr - ok
2247.0653 4620 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
2247.0681 4620 Spooler - ok
2247.0826 4620 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
2247.0882 4620 sppsvc - ok
2247.0952 4620 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
2247.0955 4620 sppuinotify - ok
2247.0988 4620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2247.0992 4620 srv - ok
2248.0012 4620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2248.0016 4620 srv2 - ok
2248.0035 4620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2248.0036 4620 srvnet - ok
2248.0077 4620 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
2248.0080 4620 SSDPSRV - ok
2248.0091 4620 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
2248.0094 4620 SstpSvc - ok
2248.0105 4620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2248.0106 4620 stexstor - ok
2248.0157 4620 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
2248.0186 4620 stisvc - ok
2248.0212 4620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2248.0214 4620 swenum - ok
2248.0255 4620 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
2248.0269 4620 swprv - ok
2248.0365 4620 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
2248.0404 4620 SysMain - ok
2248.0470 4620 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
2248.0491 4620 TabletInputService - ok
2248.0515 4620 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
2248.0542 4620 TapiSrv - ok
2248.0562 4620 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
2248.0565 4620 TBS - ok
2248.0711 4620 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
2248.0747 4620 Tcpip - ok
2248.0864 4620 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
2248.0874 4620 TCPIP6 - ok
2248.0942 4620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2248.0954 4620 tcpipreg - ok
2248.0968 4620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2248.0970 4620 TDPIPE - ok
2248.0995 4620 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
2249.0005 4620 TDTCP - ok
2249.0058 4620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2249.0106 4620 tdx - ok
2249.0150 4620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2249.0153 4620 TermDD - ok
2249.0203 4620 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
2249.0242 4620 TermService - ok
2249.0276 4620 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
2249.0277 4620 Themes - ok
2249.0307 4620 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
2249.0310 4620 THREADORDER - ok
2249.0336 4620 TPkd - ok
2249.0373 4620 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
2249.0379 4620 TrkWks - ok
2249.0435 4620 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
2249.0488 4620 TrustedInstaller - ok
2249.0512 4620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2249.0527 4620 tssecsrv - ok
2249.0555 4620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2249.0572 4620 TsUsbFlt - ok
2249.0615 4620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2249.0670 4620 tunnel - ok
2249.0702 4620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2249.0705 4620 uagp35 - ok
2249.0744 4620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2249.0787 4620 udfs - ok
2249.0816 4620 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
2249.0822 4620 UI0Detect - ok
2249.0843 4620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2249.0845 4620 uliagpkx - ok
2249.0865 4620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2249.0879 4620 umbus - ok
2249.0893 4620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2249.0894 4620 UmPass - ok
2249.0920 4620 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
2249.0927 4620 upnphost - ok
2249.0961 4620 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2249.0983 4620 usbaudio - ok
2249.0997 4620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2250.0014 4620 usbccgp - ok
2250.0040 4620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2250.0058 4620 usbcir - ok
2250.0078 4620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2250.0092 4620 usbehci - ok
2250.0129 4620 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
2250.0131 4620 usbfilter - ok
2250.0167 4620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2250.0203 4620 usbhub - ok
2250.0219 4620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2250.0232 4620 usbohci - ok
2250.0260 4620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2250.0262 4620 usbprint - ok
2250.0284 4620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2250.0302 4620 USBSTOR - ok
2250.0322 4620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2250.0331 4620 usbuhci - ok
2250.0343 4620 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
2250.0345 4620 UxSms - ok
2250.0360 4620 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
2250.0361 4620 VaultSvc - ok
2250.0374 4620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2250.0375 4620 vdrvroot - ok
2250.0420 4620 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
2250.0444 4620 vds - ok
2250.0472 4620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2250.0473 4620 vga - ok
2250.0492 4620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2250.0494 4620 VgaSave - ok
2250.0529 4620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2250.0535 4620 vhdmp - ok
2250.0551 4620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2250.0553 4620 viaide - ok
2250.0575 4620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2250.0576 4620 volmgr - ok
2250.0623 4620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2250.0628 4620 volmgrx - ok
2250.0662 4620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2250.0667 4620 volsnap - ok
2250.0696 4620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2250.0699 4620 vsmraid - ok
2250.0791 4620 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
2250.0908 4620 VSS - ok
2250.0996 4620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2250.0999 4620 vwifibus - ok
2251.0034 4620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2251.0036 4620 vwififlt - ok
2251.0073 4620 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
2251.0080 4620 W32Time - ok
2251.0100 4620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2251.0102 4620 WacomPen - ok
2251.0132 4620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2251.0174 4620 WANARP - ok
2251.0180 4620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2251.0181 4620 Wanarpv6 - ok
2251.0323 4620 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
2251.0355 4620 WatAdminSvc - ok
2251.0436 4620 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
2251.0546 4620 wbengine - ok
2251.0609 4620 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
2251.0612 4620 WbioSrvc - ok
2251.0642 4620 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
2251.0666 4620 wcncsvc - ok
2251.0679 4620 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
2251.0681 4620 WcsPlugInService - ok
2251.0697 4620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2251.0698 4620 Wd - ok
2251.0737 4620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2251.0743 4620 Wdf01000 - ok
2251.0752 4620 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
2251.0755 4620 WdiServiceHost - ok
2251.0758 4620 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
2251.0759 4620 WdiSystemHost - ok
2251.0784 4620 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
2251.0809 4620 WebClient - ok
2251.0833 4620 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
2251.0837 4620 Wecsvc - ok
2251.0851 4620 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
2251.0854 4620 wercplsupport - ok
2251.0910 4620 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
2251.0916 4620 WerSvc - ok
2251.0965 4620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2251.0966 4620 WfpLwf - ok
2251.0984 4620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2251.0986 4620 WIMMount - ok
2252.0022 4620 WinDefend - ok
2252.0037 4620 WinHttpAutoProxySvc - ok
2252.0088 4620 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
2252.0091 4620 Winmgmt - ok
2252.0194 4620 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
2252.0250 4620 WinRM - ok
2252.0356 4620 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
2252.0372 4620 Wlansvc - ok
2252.0521 4620 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2252.0557 4620 wlidsvc - ok
2252.0622 4620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2252.0623 4620 WmiAcpi - ok
2252.0655 4620 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
2252.0658 4620 wmiApSrv - ok
2252.0668 4620 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
2252.0672 4620 WPCSvc - ok
2252.0745 4620 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
2252.0804 4620 WPDBusEnum - ok
2252.0824 4620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2252.0825 4620 ws2ifsl - ok
2252.0872 4620 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
2252.0879 4620 wscsvc - ok
2252.0901 4620 WSearch - ok
2253.0078 4620 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
2253.0129 4620 wuauserv - ok
2253.0213 4620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2253.0237 4620 WudfPf - ok
2253.0252 4620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2253.0268 4620 WUDFRd - ok
2253.0296 4620 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
2253.0318 4620 wudfsvc - ok
2253.0344 4620 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
2253.0348 4620 WwanSvc - ok
2253.0413 4620 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2253.0417 4620 xusb21 - ok
2253.0462 4620 MBR (0x1B8) (337259aa90976e2dbce3ef197f9dfcc9) \Device\Harddisk0\DR0
2253.0671 4620 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
2253.0671 4620 \Device\Harddisk0\DR0 - detected TDSS File System (1)
2253.0675 4620 Boot (0x1200) (828996c32aaf89faec659c0e8ef08b13) \Device\Harddisk0\DR0\Partition0
2253.0678 4620 \Device\Harddisk0\DR0\Partition0 - ok
2253.0708 4620 Boot (0x1200) (3cb867afd1bcfc2a3a701c3fca9684e0) \Device\Harddisk0\DR0\Partition1
2253.0710 4620 \Device\Harddisk0\DR0\Partition1 - ok
2253.0735 4620 Boot (0x1200) (0e5abad2d2c1866da3fa7c48c15be190) \Device\Harddisk0\DR0\Partition2
2253.0737 4620 \Device\Harddisk0\DR0\Partition2 - ok
2253.0738 4620 ============================================================
2253.0738 4620 Scan finished
2253.0738 4620 ============================================================
2253.0751 4524 Detected object count: 1
2253.0751 4524 Actual detected object count: 1
22:08:24.0995 4524 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
22:08:24.0999 4524 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:08:25.0078 4524 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:08:25.0078 4524 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:08:25.0118 4524 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:08:25.0148 4524 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:08:25.0598 4524 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:08:25.0668 4524 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:08:25.0739 4524 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:08:26.0037 4524 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
22:08:26.0041 4524 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
22:10:29.0770 5116 Deinitialize success


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.07.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
iRoss :: IROSS-HP [administrator]

Protection: Enabled

7/12/2012 10:23:24 PM
mbam-log-2012-07-12 (22-23-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212268
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{9AC9F197-9066-4861-B7F5-32B6A098A372} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AC9F197-9066-4861-B7F5-32B6A098A372} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\Windows\System32\adbcnsl.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

(end)


C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Codecv\uninstall.exe Win32/Adware.MultiPlug.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Codecv\uninstall.exe Win32/Adware.MultiPlug.A application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\iRoss\AppData\Roaming\SuperPump\FileHunter.exe a variant of Win32/Adware.WinPump.AF application
C:\Users\iRoss\Desktop\NIU\VSTIs\CMSE3222IKAR.rar probably a variant of Win32/Agent.KZPCPEY trojan
C:\Users\iRoss\Desktop\NIU\VSTIs\fl10.5b.rar multiple threats
__________________
tiger3xA is offline  
Old 07-13-2012, 07:14 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



Hi,

there's a suspicious file I'd like to get a look at,

please run the following:

submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\Windows\SysWow64\adbcnsl.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-13-2012, 10:11 AM   #9
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



It doesn't appear to be there anymore. Not in syswow64 or 32.

I did notice this in the script I posted yesterday toward the end...

C:\Windows\System32\adbcnsl.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

It must have been deleted.

As for the random audio...that stopped completely after the tdsskiller quarantined those items.

Is there any additional deletions I should do? Or should I just leave those items in quarantine?
__________________
tiger3xA is offline  
Old 07-13-2012, 12:57 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



ok,

I noticed the MBAM deletion from the System32 folder, but it didn't show removal from Syswow64,

did you have a look with hidden files and folders showing? it's not showing as a hidden file, but just in case.

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
File::
C:\Program Files (x86)\Yontoo\YontooIEClient.dll 
C:\ProgramData\Codecv\uninstall.exe 
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
C:\Users\All Users\Codecv\uninstall.exe 
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
C:\Users\iRoss\AppData\Roaming\SuperPump\FileHunter.exe 
C:\Users\iRoss\Desktop\NIU\VSTIs\CMSE3222IKAR.rar 
C:\Users\iRoss\Desktop\NIU\VSTIs\fl10.5b.rar 

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


P2P - I see you have P2P software µTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.

I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Programs and Features.


NEXT


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: Download Free Java Software


NEXT


Please advise if there are any outstanding issues
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-13-2012, 06:20 PM   #11
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



Everything is definitely running like new. I honestly thought I deleted utorrent...it's not in my programs list anymore to uninstall.

Also, should I use Malware bytes or MSE?

Thank you for all of your help.

ComboFix 12-07-12.02 - iRoss 07/12/2012 19:12:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.2593 [GMT -7:00]
Running from: c:\users\iRoss\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Tone2.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_Adobe Licensing Console
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 02:18 . 2012-07-13 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 17:13 . 2012-07-12 17:13 -------- d-----w- c:\windows\system32\SPReview
2012-07-12 17:04 . 2010-11-20 13:27 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-07-12 17:03 . 2010-11-20 13:24 684032 ----a-w- c:\windows\system32\TabletPC.cpl
2012-07-12 17:02 . 2010-11-20 13:24 363520 ----a-w- c:\windows\system32\diskraid.exe
2012-07-12 17:01 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-07-12 17:01 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-07-12 17:01 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-07-12 17:01 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-07-12 17:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-12 17:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-12 17:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-12 16:58 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-12 16:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-12 16:58 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-12 16:26 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5ACDA57-26BC-4F93-B494-D015470CB7D9}\mpengine.dll
2012-07-11 17:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:39 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-10 18:08 . 2012-07-10 18:09 -------- d-----w- c:\program files (x86)\BHODemon 2
2012-07-10 17:11 . 2012-07-10 17:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 23:27 . 2012-07-05 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-05 20:56 . 2012-07-06 05:16 -------- d-----w- C:\KMSEMUTEMP
2012-07-05 20:47 . 2012-07-05 20:47 -------- d-----w- c:\users\iRoss\AppData\Local\Microsoft Help
2012-07-05 20:47 . 2012-07-06 06:44 -------- d-----w- c:\programdata\Microsoft Help
2012-07-04 15:50 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-04 15:49 . 2012-07-04 15:49 -------- d-----w- c:\program files (x86)\Outsim
2012-07-04 05:43 . 2012-02-10 19:13 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F3F890B-502A-4A8C-8145-FE71A5E99CA5}\gapaengine.dll
2012-07-01 16:40 . 2012-07-01 16:40 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-07-01 13:39 . 2012-07-01 13:39 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-06-27 17:51 . 2012-06-27 17:51 -------- dc-h--w- c:\programdata\{39752E59-CE7D-4919-9B7F-020F8C66116C}
2012-06-27 17:48 . 2012-06-27 17:48 -------- d-----w- c:\users\iRoss\AppData\Roaming\Lexicon PCM Native
2012-06-22 17:45 . 2012-06-22 17:45 -------- d-----w- c:\program files (x86)\URS
2012-06-21 19:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 19:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 19:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 19:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 19:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 19:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 19:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 19:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 19:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 18:12 . 2012-06-24 01:20 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-19 18:09 . 2012-06-24 01:20 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 17:37 . 2012-06-17 17:37 -------- d-----w- c:\users\iRoss\AppData\Roaming\FabFilter
2012-06-17 17:36 . 2012-06-17 17:36 -------- d-----w- c:\program files\Steinberg
2012-06-17 17:36 . 2012-06-17 17:36 -------- d-----w- c:\program files\FabFilter
2012-06-17 17:35 . 2012-06-17 17:35 -------- d-----w- c:\program files (x86)\FabFilter
2012-06-17 17:31 . 2012-07-10 18:00 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-15 00:02 . 2012-06-15 00:05 -------- d-----w- c:\programdata\PreSonus
2012-06-15 00:02 . 2012-06-15 00:02 -------- d-----w- c:\users\iRoss\AppData\Roaming\PreSonus
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\PreSonus
2012-06-14 05:18 . 2012-06-14 05:18 -------- d-----w- c:\program files\VstPlugins
2012-06-14 05:18 . 2012-06-14 05:18 -------- d-----w- c:\program files\Celemony
2012-06-14 05:18 . 2012-06-14 05:18 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2012-06-14 05:18 . 2011-10-28 22:20 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-06-14 05:18 . 2011-10-28 22:19 829264 ----a-w- c:\windows\system32\msvcr100.dll
2012-06-14 05:18 . 2011-06-11 08:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-06-14 05:18 . 2011-06-11 08:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-12 17:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-20 18:28 . 2012-04-08 18:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 18:28 . 2011-10-21 18:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 18:28 . 2012-04-14 00:28 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9AC9F197-9066-4861-B7F5-32B6A098A372}]
2012-04-07 17:30 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 253600]
R3 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-05-19 231224]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-05-03 8704]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 231944]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:57]
.
2012-07-13 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-24 19:24]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039857596-3664929512-2776014719-1000Core.job
- c:\users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 21:40]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039857596-3664929512-2776014719-1000UA.job
- c:\users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 21:40]
.
2012-07-12 c:\windows\Tasks\HPCeeScheduleForiRoss.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-06-22 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF31152.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\05F425455425D20534F5E4564777F627B6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\2456C6B696E6F5E4B2F5936414433434: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\84F6573756: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\iRoss\AppData\Roaming\Mozilla\Firefox\Profiles\nhgrwoev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - user.js: extentions.y2layers.installId - 9c584034-8296-4e54-99ee-637524c98c3e
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10357363.sys
SafeBoot-81071862.sys
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-07-12 19:23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 02:23
.
Pre-Run: 650,612,203,520 bytes free
Post-Run: 650,594,807,808 bytes free
.
- - End Of File - - 48FB51C0E920B8BE60027A56BA36FA3B
__________________
tiger3xA is offline  
Old 07-13-2012, 06:39 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



Hi,
that doesn't appear to be the current log, please look for it at c:\combofix.txt

please run the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://www.techsupportforum.com/forums/f50/virus-plays-random-audio-with-no-programs-open-654679.html#post3804857

Collect::
c:\windows\SysWow64\adbcnsl.exe

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


You can use MSE and Malwarebytes together (one is antivirus, the other is antimalware) they work very well together
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-14-2012, 03:02 AM   #13
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



Here ya go

ComboFix 12-07-13.03 - iRoss 07/14/2012 2:33.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.2654 [GMT -7:00]
Running from: c:\users\iRoss\Desktop\ComboFix.exe
Command switches used :: c:\users\iRoss\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 09:42 . 2012-07-14 09:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 09:26 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDD02BB1-2734-47CD-B780-A09F5EB4239E}\mpengine.dll
2012-07-14 01:56 . 2011-11-18 20:53 2181120 ----a-w- c:\windows\system32\ReWire.dll
2012-07-14 01:56 . 2012-07-14 01:56 -------- d-----w- c:\users\Public\Waves Audio
2012-07-14 01:40 . 2012-07-14 01:41 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-14 01:24 . 2012-07-14 01:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-14 01:24 . 2012-07-14 01:24 -------- d-----w- c:\program files (x86)\Oracle
2012-07-14 01:23 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-14 01:22 . 2012-07-14 01:22 -------- d-----w- c:\programdata\McAfee
2012-07-13 17:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-13 17:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-13 07:47 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 05:32 . 2012-07-13 05:32 -------- d-----w- c:\program files (x86)\ESET
2012-07-13 05:20 . 2012-07-13 05:20 -------- d-----w- c:\users\iRoss\AppData\Roaming\Malwarebytes
2012-07-13 05:19 . 2012-07-13 05:19 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 05:19 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 05:19 . 2012-07-13 05:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 17:13 . 2012-07-12 17:13 -------- d-----w- c:\windows\system32\SPReview
2012-07-12 17:04 . 2010-11-20 13:27 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-07-12 17:03 . 2010-11-20 13:24 684032 ----a-w- c:\windows\system32\TabletPC.cpl
2012-07-12 17:02 . 2010-11-20 13:24 363520 ----a-w- c:\windows\system32\diskraid.exe
2012-07-12 17:01 . 2010-11-20 13:01 2560 ----a-w- c:\windows\system32\drivers\en-US\rdpwd.sys.mui
2012-07-12 17:01 . 2010-11-20 12:57 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-07-12 17:01 . 2010-11-20 13:10 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2012-07-12 17:01 . 2010-11-20 13:11 6144 ----a-w- c:\windows\system32\drivers\en-US\IPMIDrv.sys.mui
2012-07-12 17:01 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-12 17:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-12 17:01 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-12 17:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-12 16:58 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-12 16:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-12 16:58 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-11 17:51 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 18:08 . 2012-07-10 18:09 -------- d-----w- c:\program files (x86)\BHODemon 2
2012-07-10 17:11 . 2012-07-14 08:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-05 23:27 . 2012-07-05 23:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-05 20:56 . 2012-07-06 05:16 -------- d-----w- C:\KMSEMUTEMP
2012-07-05 20:47 . 2012-07-05 20:47 -------- d-----w- c:\users\iRoss\AppData\Local\Microsoft Help
2012-07-05 20:47 . 2012-07-06 06:44 -------- d-----w- c:\programdata\Microsoft Help
2012-07-04 15:50 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-04 15:49 . 2012-07-04 15:49 -------- d-----w- c:\program files (x86)\Outsim
2012-07-04 05:43 . 2012-02-10 19:13 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F3F890B-502A-4A8C-8145-FE71A5E99CA5}\gapaengine.dll
2012-07-01 16:40 . 2012-07-01 16:40 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-06-27 17:51 . 2012-06-27 17:51 -------- dc-h--w- c:\programdata\{39752E59-CE7D-4919-9B7F-020F8C66116C}
2012-06-27 17:48 . 2012-06-27 17:48 -------- d-----w- c:\users\iRoss\AppData\Roaming\Lexicon PCM Native
2012-06-22 17:45 . 2012-06-22 17:45 -------- d-----w- c:\program files (x86)\URS
2012-06-21 19:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 19:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 19:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 19:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 19:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 19:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 19:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 19:27 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 19:27 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 18:12 . 2012-06-24 01:20 -------- dc-h--w- c:\programdata\{A9158F4E-7914-4019-808A-D4D4993E9958}
2012-06-19 18:09 . 2012-06-24 01:20 -------- dc-h--w- c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2012-06-17 17:37 . 2012-06-17 17:37 -------- d-----w- c:\users\iRoss\AppData\Roaming\FabFilter
2012-06-17 17:36 . 2012-06-17 17:36 -------- d-----w- c:\program files\Steinberg
2012-06-17 17:36 . 2012-06-17 17:36 -------- d-----w- c:\program files\FabFilter
2012-06-17 17:35 . 2012-06-17 17:35 -------- d-----w- c:\program files (x86)\FabFilter
2012-06-17 17:31 . 2012-07-10 18:00 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-15 00:02 . 2012-06-15 00:05 -------- d-----w- c:\programdata\PreSonus
2012-06-15 00:02 . 2012-06-15 00:02 -------- d-----w- c:\users\iRoss\AppData\Roaming\PreSonus
2012-06-14 23:57 . 2012-06-14 23:57 -------- d-----w- c:\program files (x86)\PreSonus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-12 17:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-06 05:06 . 2011-11-29 00:17 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 22:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 22:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 22:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 22:22 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 22:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 22:22 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 22:22 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 22:22 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 22:22 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 22:22 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 22:22 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 22:22 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 22:22 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 22:22 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 18:28 . 2012-04-08 18:57 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-20 18:28 . 2011-10-21 18:45 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 18:28 . 2012-04-14 00:28 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-13_23.08.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-21 06:40 . 2012-07-14 09:18 45646 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-14 09:18 39426 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-21 07:04 . 2012-07-14 09:18 16206 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4039857596-3664929512-2776014719-1000_UserData.bin
- 2011-10-27 20:38 . 2012-06-23 23:46 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-10-27 20:38 . 2012-07-14 08:35 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-07-14 05:30 . 2012-07-12 17:41 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-14 01:41 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-10-21 08:20 . 2012-07-13 17:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-21 08:20 . 2012-07-14 08:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-21 08:20 . 2012-07-14 08:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-21 08:20 . 2012-07-13 17:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 08:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 17:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-21 22:12 . 2012-07-14 09:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-21 22:12 . 2012-07-13 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-21 22:12 . 2012-07-14 09:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-21 22:12 . 2012-07-13 22:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-14 09:43 . 2012-07-14 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 23:08 . 2012-07-13 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 09:43 . 2012-07-14 09:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-13 23:08 . 2012-07-13 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-14 01:23 . 2012-07-06 05:06 227760 c:\windows\SysWOW64\javaws.exe
+ 2012-07-14 01:23 . 2012-07-14 01:23 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-07-14 01:23 . 2012-07-14 01:23 174064 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2012-07-13 22:47 626262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-14 09:21 626262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-14 09:21 107538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-13 22:47 107538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-12 17:41 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-14 01:41 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-14 01:41 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-12 17:41 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-07-14 01:40 . 2012-07-14 01:41 283200 c:\windows\system32\DriverStore\FileRepository\dtsoftbus01.inf_amd64_neutral_d141c6ab4285e7b9\dtsoftbus01.sys
- 2009-07-14 05:01 . 2012-07-13 23:07 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-14 09:42 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-14 01:24 . 2012-07-14 01:24 179200 c:\windows\Installer\77883.msi
+ 2012-07-14 01:23 . 2012-07-14 01:23 461312 c:\windows\Installer\77873.msi
+ 2011-11-07 23:54 . 2011-11-18 20:53 1431552 c:\windows\SysWOW64\ReWire.dll
- 2011-11-07 23:54 . 2011-10-11 14:45 1431552 c:\windows\SysWOW64\rewire.dll
+ 2009-07-14 02:34 . 2012-07-14 09:47 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-12 17:34 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-07-14 01:22 . 2012-07-14 01:22 17379840 c:\windows\Installer\7786f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 253600]
R3 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-21 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-05-19 231224]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-14 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-05-03 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 231944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 18:57]
.
2012-07-14 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-24 19:24]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039857596-3664929512-2776014719-1000Core.job
- c:\users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 21:40]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039857596-3664929512-2776014719-1000UA.job
- c:\users\iRoss\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 21:40]
.
2012-07-12 c:\windows\Tasks\HPCeeScheduleForiRoss.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-07-13 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\05F425455425D20534F5E4564777F627B6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\2456C6B696E6F5E4B2F5936414433434: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{9612AE70-6163-4705-84F9-071EEBF6D390}\84F6573756: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\iRoss\AppData\Roaming\Mozilla\Firefox\Profiles\nhgrwoev.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=gama&hl=en
FF - user.js: extentions.y2layers.installId - 9c584034-8296-4e54-99ee-637524c98c3e
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-07-14 02:54:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 09:54
ComboFix2.txt 2012-07-14 00:00
ComboFix3.txt 2012-07-13 23:11
ComboFix4.txt 2012-07-13 02:23
.
Pre-Run: 645,582,909,440 bytes free
Post-Run: 645,367,816,192 bytes free
.
- - End Of File - - 2363BF5E857DBC92E70E884481B357D0
__________________
tiger3xA is offline  
Old 07-14-2012, 07:15 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



that looks better

how is the computer running now?

are there any outstanding issues?
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-14-2012, 01:44 PM   #15
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



Awesome. No signs of any problems ever since we ran our first scans.

I'm running both MSE and Malware Bytes now so I feel better protected. I cleared up some more hard drive space, defraged and now have 615gb free of 750gb. I was at 598 before I believe.

I guess I didn't notice that it had slowed down until we cleaned it up. Even with the audio virus it was still fast as heck (Amd 2.8ghz quad 4gb ram).

But over these past couple days my computer has been noticeably faster and like I said, no signs of any other problems.

Thank you for all of your help. I learned more than I ever thought I would beyond system restore and recovery and plain old MSE. I appreciate you and your time.
__________________
tiger3xA is offline  
Old 07-14-2012, 02:14 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



That's good to hear,

we just have some housekeeping to do now,

please do the following:


You can delete the DDS and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-14-2012, 10:14 PM   #17
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



Ok, I did all of that. I'm surprised I never heard of WOT before...great program.

What exactly is TFC doing? Whatever it does I like it a lot because my ram was hovering around 28% on startup. Now it's around 21% on startup consistently.

I forgot about erunt. I never had it on this computer. Definitely the perfect opportunity to start again =)

You helped me out more than I imagined. This was 100x better than going with plan B. This is the best my cpu has ever been with all of the programs I use on here for music production.

Thank you and I hope good things come your way =)
__________________
tiger3xA is offline  
Old 07-14-2012, 10:25 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



glad to hear it is working well

TFC clears out all the temp folders

it's good to clear out all the junk every once in a while

and yes, Web of Trust is really good

stay safe

~CB
__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
Old 07-15-2012, 12:01 AM   #19
Registered Member
 
Join Date: Jul 2012
Posts: 11
OS: Window 7 64-bit



I just realized your badge there...you most definitely are Microsoft MVP. and 3 years running too...impressive.

Is there a "comment box" or something that can allow us to show our appreciation for you? Or maybe some kind of voting?

If there is let me know, otherwise, I hope I never need you again
__________________
tiger3xA is offline  
Old 07-15-2012, 05:34 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,846
OS: XP, Vista, Win7



well thank-you for your kind words, I don't believe there is anywhere to leave a comment here or on my MS MVP profile, there are comments on my profile at BC
(I belong to several forums, TSF is one of my favourites :))

but it's nice to know I'm appreciated, thanks :D

__________________


Microsoft MVP 2010, 2011, 2012, 2013
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Start menu programs gone, Icons, files and folders hidden, random audio, IE redirect
Start menu programs gone, Icons, files and folders hidden, random audio, IE redirect Last night, I was surfing the net. Suddenly audio started playing on my speakers, and desktop icons started disappearing. I hit control+alt+delete, and it said task manager has been disabled by the...
911never4get Resolved HJT Threads 28 01-18-2012 05:59 PM
PC Performance Lapse - advice please?
Good evening chaps, I've tried a couple of things myself but my PC performance just won't return to its normal self. When I first bought my PC a couple of years ago, it was able to run games like WoW on consistent 60+ (sometimes way higher) FPS and even capable of running Crysis on fairly decent...
FlyingWolves PC Gaming Support 5 05-30-2011 06:32 AM
Random audio clips virus malware???
I've recently (2 days ago) noticed random audio clip/s starting up in the backround and playing for anything from a few seconds(4-5) right up to about 30 seconds. I know there are posts on this website relating to this problem but I thought I'd keep my issues specific so as not to confuse with...
JonnyCD Inactive Malware Help Topics 11 02-21-2011 09:26 PM
[SOLVED] VCExpress Problem, Probably AppData\Permissions Problem?
I think it should be related to this forum because I think the problem is something with AppData \ Permissions which is related to Windows 7. I'm having a problem while running\installing Visual C++. The problem started 2 days ago, it did work before. When I'm trying to run I'm getting this...
benben12 Windows 7 Support, Windows Vista Support 8 02-09-2011 12:45 PM
How to disable your security applications
Note: Those which do not have the instructions for re-enabling are usually re-enabled by a reboot. Once the scans are completed, be sure to Turn On "Real-Time Scanning". Adaware 10 Free/Pro Antivirus Open Ad-aware 10 Click on "Real-time Protection" in the left panel, and toggle it...
amateur Virus/Trojan/Spyware Help 0 06-14-2010 01:12 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 11:40 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts