Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads playing in background


  • This topic is locked This topic is locked
51 replies to this topic

#1 Leelee21

Leelee21

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 December 2013 - 01:36 AM

Hello there, I'm having an issue with my computer that started today. It restarted by itself and when it rebooted these ads in the background started playing. I've already tried malwarebytes, and TDSS killer but it couldn't find anything :( If someone could please help me it'd be much appreciated, I already ran DDS so I'll post the log I got from that.

 

If there's anything else you guys need from me please let me know. Thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.9.2
Run by Fred at 0:05:59 on 2013-12-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.798 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Users\Fred\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Fred\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\notepad.exe
C:\windows\system32\taskeng.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>;127.0.0.1:9421;
mWinlogon: Userinit = userinit.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Fred\AppData\Local\Akamai\netsession_win.exe"
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [toctic] "C:\windows\System32\rundll32.exe" "C:\Users\Fred\AppData\Roaming\toctic.dll",read_update_info
uRun: [Facebook Update] "C:\Users\Fred\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Samsung LBP SM] "C:\windows\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{958DC4A3-BC44-45C1-9BE5-4AECA7E570F5} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{958DC4A3-BC44-45C1-9BE5-4AECA7E570F5}\2375942554335353 : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\rygsdnid.default-1373710539901\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Fred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-10-24 202752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2013-1-23 16896]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-17 701512]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-7-1 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-12-6 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.SYS [2011-2-12 11576]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2010-10-24 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-12-28 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-24 35008]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-1-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 HP8207_8307;HP-HP8207_8307;C:\windows\System32\drivers\HP8207_8307.sys [2010-2-4 15360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-24 232992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]
.
=============== Created Last 30 ================
.
2013-12-22 10:06:15    --------    d-----w-    C:\Users\Fred\AppData\Local\{38FD4F11-A4C1-4881-B80B-CAF828682D1B}
2013-12-21 10:55:11    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE3D59C9-DF14-4EBF-A226-0BC6AE5F56D1}\offreg.dll
2013-12-21 10:53:58    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE3D59C9-DF14-4EBF-A226-0BC6AE5F56D1}\mpengine.dll
2013-12-15 05:20:19    --------    d-----w-    C:\Users\Fred\AppData\Local\{807AED14-C7FC-490F-A01B-B9C09368D903}
2013-12-05 05:29:43    --------    d-----w-    C:\Users\Fred\AppData\Local\{7B463B0A-2FF7-499F-AA87-C0D00EFF35FE}
2013-12-04 05:30:40    --------    d-----w-    C:\Users\Fred\.android
2013-12-04 05:30:38    --------    d-----w-    C:\Users\Fred\AppData\Roaming\BackupTrans
.
==================== Find3M  ====================
.
2013-12-10 20:25:12    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:25:12    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH:  0:07:34.01 ===============
 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:47 AM

Posted 30 December 2013 - 02:41 AM


Hello Leelee21

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 December 2013 - 03:31 AM

Hello thank you for responding so quickly, I am in the process of scanning it with jrt I will get back to you with my results asap.

Edited by Leelee21, 30 December 2013 - 03:33 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:47 AM

Posted 30 December 2013 - 03:41 AM

I will be leaving soon so I may respond later
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 December 2013 - 04:44 AM

Ok I have the two reports, I noticed, not sure if it was after the adwcleaner reboot or when jrt finished, that the mixer at the bottom where the unkown sounds were coming from are now showing up with a name. It says Host process for windows services, whatever that means. Before that it had something like no name service or unknown service. I still hear the ads in the background, but I thought that info would be helpful.

 

Here's the JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Fred on Mon 12/30/2013 at  2:28:05.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\veohplugin
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    toctic    REG_SZ    "C:\Windows\System32\rundll32.exe" "C:\Users\Fred\AppData\Roaming\toctic.dll",read_update_info

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    toctic    REG_SZ    "C:\Windows\System32\rundll32.exe" "C:\Users\Fred\AppData\Roaming\toctic.dll",read_update_info




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4104356295-4208945506-87001488-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\sho428C.tmp
Successfully deleted: [File] "C:\windows\syswow64\wscm64.dll"
Successfully deleted: [File] "C:\Users\Fred\AppData\Local\Temp\iwantthis.exe"
Successfully deleted: [File] C:\Users\Fred\appdata\local\{610C5E46-E8F3-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]



~~~ Folders

Failed to delete: [Folder] "C:\Users\Fred\appdata\locallow\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{1890DC1B-2636-4034-BBF9-271F110C909E}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{192B43D1-32A1-408C-9E7D-953AB5B48A6F}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{36CEE67E-445F-43F2-A345-BBE24B7CE06A}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{38FD4F11-A4C1-4881-B80B-CAF828682D1B}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{3CE4373F-55B1-4C85-A90C-0954D1BA8838}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{42776C55-9456-4CF5-A554-77D912CE8D69}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{489CAD94-CBC5-4D86-8D1A-056E703EF011}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{4ED6061B-674C-4C0D-9BF6-0C8A92B7B6EE}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{59ECF2FA-8B3D-44FF-BD84-5B628C8E3AAE}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{5F5FB3D0-DFE5-4B91-9390-65B1ACA5AEC6}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{610E3975-86F7-4079-943A-9965338352E1}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{6F71B26D-DCD5-4456-BB10-AFBDD2566CCE}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{72F91EF2-5BAB-45D2-9E21-DFDAD21CDEA0}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{79735AB2-BD2E-4CB0-BACB-841882373662}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{7B463B0A-2FF7-499F-AA87-C0D00EFF35FE}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{807AED14-C7FC-490F-A01B-B9C09368D903}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{823FB862-DB63-47AA-848A-0359C6C93023}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{86B3C4AF-2B99-4AE8-B1F6-167DA615E3C3}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{92B73DC5-2658-454F-B0AA-E5C769DA0C63}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{B64F8BF1-D775-4CD0-A4CD-133DE4547CB0}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{DB5A81C5-CB87-44A9-800D-C77692C74025}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{DDD66790-1DEC-4425-8C30-A4815F35BB00}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{E21CC667-173E-4586-AD6D-6D9480261665}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{E581AA76-3913-47F2-A2DB-A9B9CDBD92D4}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{E64FB979-8C22-4F2A-9F23-79164E72DF71}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{E6F03013-3510-4232-879B-FA6F90C7BE13}
Successfully deleted: [Empty Folder] C:\Users\Fred\appdata\local\{FC245FEB-565D-4482-89D1-E4095479897D}
Successfully deleted: [Folder] C:\Users\Fred\appdata\local\{610C5E46-E8F3-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]



~~~ FireFox

Emptied folder: C:\Users\Fred\AppData\Roaming\mozilla\firefox\profiles\rygsdnid.default-1373710539901\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/30/2013 at  3:37:19.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Here's the adwcleaner log

 

# AdwCleaner v3.016 - Report created 30/12/2013 at 02:14:34

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Fred - FRED-PC

# Running from : C:\Users\Fred\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\StarApp

Folder Deleted : C:\Users\Fred\AppData\Local\GamePlayLabs Plugin

Folder Deleted : C:\Users\Fred\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Fred\AppData\Roaming\pccustubinstaller

File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player

Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;127.0.0.1:9421;

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16448

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\rygsdnid.default-1373710539901\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : icon_url

Deleted : search_url

Deleted : keyword

 

*************************

 

AdwCleaner[R0].txt - [3122 octets] - [30/12/2013 02:09:08]

AdwCleaner[S0].txt - [3220 octets] - [30/12/2013 02:14:34]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3280 octets] ##########


Edited by Leelee21, 30 December 2013 - 04:47 AM.


#6 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 December 2013 - 12:47 PM

Jusy an update on how it's running, now it restarted itself ouy of the blue and now the name on the of the sounds on the moxer say 'no name available'

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:47 AM

Posted 30 December 2013 - 04:00 PM


Hello Leelee21

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 30 December 2013 - 07:37 PM

It's still playing the ads :/ here's the log

 

ComboFix 13-12-29.01 - Fred 12/30/2013  17:07:56.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2811.1252 [GMT -6:00]
Running from: c:\users\Fred\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperArbitraryInstaller.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\Updater.msi
c:\users\Fred\AppData\Roaming\Local
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\657tc6dzxwy5.ddr
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\66y348mzhihf.ddr
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\fnrr2sz0o2np.ddr
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\i7w8gw2aincy.ddr
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\657tc6dzxwy5.ddp
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\66y348mzhihf.ddp
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\fnrr2sz0o2np
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\i7w8gw2aincy.ddp
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi
c:\users\Fred\AppData\Roaming\Local\Temp\DDM\Settings\video.avi.ddr
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-28 to 2013-12-31  )))))))))))))))))))))))))))))))
.
.
2013-12-31 00:19 . 2013-12-31 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-30 17:30 . 2013-12-30 17:30 -------- d-----w- c:\users\Fred\AppData\Local\{610C5E46-E8F3-11E1-8270-B8AC6F996F26}
2013-12-30 08:28 . 2013-12-30 08:28 -------- d-----w- c:\windows\ERUNT
2013-12-30 08:08 . 2013-12-30 18:20 -------- d-----w- C:\AdwCleaner
2013-12-21 10:55 . 2013-12-30 23:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE3D59C9-DF14-4EBF-A226-0BC6AE5F56D1}\offreg.dll
2013-12-21 10:53 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE3D59C9-DF14-4EBF-A226-0BC6AE5F56D1}\mpengine.dll
2013-12-04 05:30 . 2013-12-04 05:30 -------- d-----w- c:\users\Fred\.android
2013-12-04 05:30 . 2013-12-04 05:38 -------- d-----w- c:\users\Fred\AppData\Roaming\BackupTrans
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 20:25 . 2012-10-11 00:37 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 20:25 . 2011-08-19 06:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-24 08:23 . 2013-10-24 08:23 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 0A1541FDE8C5152D183434180680D098 . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2013-10-31 35489856]
"Akamai NetSession Interface"="c:\users\Fred\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"toctic"="c:\users\Fred\AppData\Roaming\toctic.dll" [2012-08-18 459776]
"Facebook Update"="c:\users\Fred\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-01-14 69632]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-02-06 1693696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ   Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 19:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 20:25]
.
2013-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4104356295-4208945506-87001488-1001Core.job
- c:\users\Fred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 05:34]
.
2013-12-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4104356295-4208945506-87001488-1001UA.job
- c:\users\Fred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-12 05:34]
.
2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\rygsdnid.default-1373710539901\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{EBF8F924-DE1B-BAAE-1CA4-8A448FFD8728} - c:\progra~3\INSTAL~1\{1BA0E~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4104356295-4208945506-87001488-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4104356295-4208945506-87001488-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-4104356295-4208945506-87001488-1001\Software\SecuROM\License information*]
"datasecu"=hex:5c,07,ea,d8,ed,cc,06,4a,a5,f8,65,fa,2c,0a,ba,12,22,ad,80,c3,f6,
   09,e9,4b,af,d6,c6,39,be,ea,c1,10,3d,f3,bf,28,d6,c7,7d,52,75,db,a9,0c,a3,68,\
"rkeysecu"=hex:80,ac,9a,2c,56,6b,e3,04,f4,5c,ed,8f,9a,d1,95,c3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-12-30  18:32:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-31 00:32
.
Pre-Run: 180,395,409,408 bytes free
Post-Run: 185,007,636,480 bytes free
.
- - End Of File - - 01B65A854E7A1E5F13D29283F4815ADF
5B5E648D12FCADC244C1EC30318E1EB9


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:47 AM

Posted 30 December 2013 - 10:42 PM





Hello Leelee21

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 31 December 2013 - 01:41 AM

Unless I did something wrong I wasn't given two reports for the rogue killer one :/ It just gave me a report that had this at the top 'report [0]'

So far I cannot hear the sounds anymore, the no name available is not showing up in the mixer, and the performance is faster.

 

This is the report for MBAR

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.194000 GHz

Memory total: 2947440640, free: 879439872

 

Downloaded database version: v2013.12.31.01

Downloaded database version: v2013.12.18.01

=======================================

Initializing...

------------ Kernel report ------------

     12/30/2013 23:08:26

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\FwLnk.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atipmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\CHDRT64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\point64.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\??\C:\windows\system32\Drivers\PROCEXP113.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shell32.dll

\Windows\System32\gdi32.dll

\Windows\System32\imm32.dll

\Windows\System32\kernel32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\comdlg32.dll

\Windows\System32\usp10.dll

\Windows\System32\imagehlp.dll

\Windows\System32\normaliz.dll

\Windows\System32\nsi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\urlmon.dll

\Windows\System32\msctf.dll

\Windows\System32\msvcrt.dll

\Windows\System32\user32.dll

\Windows\System32\iertutil.dll

\Windows\System32\Wldap32.dll

\Windows\System32\lpk.dll

\Windows\System32\ole32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\wininet.dll

\Windows\System32\difxapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\sechost.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80030f2660

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8003084060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80030f2660, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80030f3040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80030f2660, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8003084060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D002DA7E

 

Partition information:

 

    Partition 0 type is Other (0x27)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 3072000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 3074048  Numsec = 466100224

 

    Partition 2 type is HIDDEN (0x17)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 469174272  Numsec = 19222528

    Partition is not bootable

Hidden partition VBR is not infected.

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 250059350016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...

Done!

Backup file found for a file C:\Windows\System32\rpcss.dll

Infected: C:\Windows\System32\rpcss.dll --> [Trojan.Patched]

Scan finished

Creating System Restore point...

Cleaning up...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.194000 GHz

Memory total: 2947440640, free: 1791750144

 

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

Java version: 1.6.0_31

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.194000 GHz

Memory total: 2947440640, free: 1678458880

 

=======================================

Initializing...

------------ Kernel report ------------

     12/31/2013 00:02:58

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\FwLnk.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atipmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\CHDRT64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\point64.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\normaliz.dll

\Windows\System32\usp10.dll

\Windows\System32\nsi.dll

\Windows\System32\difxapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\wininet.dll

\Windows\System32\kernel32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\lpk.dll

\Windows\System32\Wldap32.dll

\Windows\System32\iertutil.dll

\Windows\System32\user32.dll

\Windows\System32\psapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\clbcatq.dll

\Windows\System32\comdlg32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ole32.dll

\Windows\System32\sechost.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\shlwapi.dll

\Windows\System32\advapi32.dll

\Windows\System32\setupapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\shell32.dll

\Windows\System32\msctf.dll

\Windows\System32\gdi32.dll

\Windows\System32\imm32.dll

\Windows\System32\wintrust.dll

\Windows\System32\devobj.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80030db790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa800306d060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80030db790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80030db1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80030db790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800306d060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D002DA7E

 

Partition information:

 

    Partition 0 type is Other (0x27)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 3072000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 3074048  Numsec = 466100224

 

    Partition 2 type is HIDDEN (0x17)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 469174272  Numsec = 19222528

    Partition is not bootable

Hidden partition VBR is not infected.

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 250059350016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_469174272_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

 

 

This is the only report I got from the RogueKiller

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fred [Admin rights]
Mode : Remove -- Date : 12/31/2013 00:38:51
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Users\Fred\AppData\Roaming\toctic.dll [-] -> rundll32.exe KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\Users\Fred\AppData\Roaming\toctic.dll [-] -> rundll32.exe KILLED [TermProc]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : toctic ("C:\Windows\System32\rundll32.exe" "C:\Users\Fred\AppData\Roaming\toctic.dll",read_update_info [7][-][x]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2555GSXN ATA Device +++++
--- User ---
[MBR] aaa14058281bbe5f6820387335df9ff5
[BSP] b1e007170b3a94c995276f13629fa537 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227588 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469174272 | Size: 9386 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_12312013_003851.txt >>
RKreport[0]_S_12312013_003724.txt

Edited by Leelee21, 31 December 2013 - 02:03 AM.


#11 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 31 December 2013 - 01:20 PM

Update: my computer restarted itself again and the ads are back playing again. I'm not sure what happened, should I run the last two tools again? That seemed to help.
ETA: It's restarting sporadically now. I thought it was when the screensaver was supposed to come on but it just did it a minute ago even after trying to keep it from falling asleep.
Also 2 icons popped up on my desktop after the first restart. One that says my name and another that says my computer. It was never there before so I'm kinda leery of it.

Edited by Leelee21, 31 December 2013 - 02:31 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:47 AM

Posted 01 January 2014 - 09:14 PM


Hello Leelee21,

The two icons are normal and are OK

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report


send me the reports made from TDSSKiller

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 January 2014 - 01:33 PM

assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll - ok
12:08:42.0110 5016  [ 95487462D66905AAE27DDE3138CF623B ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
12:08:42.0110 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL - ok
12:08:42.0120 5016  [ 14FEA0F71CDD2CD56CB85144D5C32553 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
12:08:42.0121 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL - ok
12:08:42.0125 5016  [ A15491BE2D672FCDBFEB250E9594D7ED ] C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
12:08:42.0125 5016  C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - ok
12:08:42.0133 5016  [ 800484A3335EACDAA9600120385CCBDC ] C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
12:08:42.0133 5016  C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - ok
12:08:42.0141 5016  [ 7CF9FC62274C0A7C05CCFBB3EA5DB933 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3726.17628__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
12:08:42.0141 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3726.17628__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL - ok
12:08:42.0149 5016  [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\SysWOW64\WinSCard.dll
12:08:42.0149 5016  C:\Windows\SysWOW64\WinSCard.dll - ok
12:08:42.0157 5016  [ AF0ABE3A1DD903E71B857D6C1E35FFFF ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
12:08:42.0157 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3726.17612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL - ok
12:08:42.0171 5016  [ 5A646D67901159C3B065E24472FFF0C8 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3726.17567__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
12:08:42.0171 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3726.17567__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL - ok
12:08:42.0179 5016  [ 80770AFCFA913F39BBCA943889004B59 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
12:08:42.0180 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL - ok
12:08:42.0190 5016  [ 6F54D1C369F0A9A4598D899D7518832A ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL
12:08:42.0191 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL - ok
12:08:42.0199 5016  [ 246511D2E235B040B1456D732E52D9F6 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3726.17603__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
12:08:42.0199 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3726.17603__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL - ok
12:08:42.0199 5016  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:08:42.0199 5016  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
12:08:42.0209 5016  [ C3593F862D74FF4198920DBF0F27395C ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3726.17623__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL
12:08:42.0209 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3726.17623__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL - ok
12:08:42.0219 5016  [ E82FD3171BF413C26D7C93BD8272CBA7 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3726.17587__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
12:08:42.0219 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3726.17587__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL - ok
12:08:42.0229 5016  [ AAAEF4BFFE8AC7F583DD68A6CEC9DC78 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.DLL
12:08:42.0229 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.DLL - ok
12:08:42.0229 5016  [ 7773B889E7948A3A02B8027D8CE88899 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
12:08:42.0229 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL - ok
12:08:42.0239 5016  [ 258C457AED786E5F6360A8472BF6C176 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
12:08:42.0239 5016  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll - ok
12:08:42.0249 5016  [ 98D06080096A4AF3EC11DB2EF072CAB3 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.DLL
12:08:42.0249 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.DLL - ok
12:08:42.0259 5016  [ 5C281FFE91B8639A7448FCEC5754E123 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
12:08:42.0259 5016  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll - ok
12:08:42.0259 5016  [ 370A24C696A8E93750D96A9B9AB705F2 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
12:08:42.0259 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3726.17596__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL - ok
12:08:42.0269 5016  [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
12:08:42.0269 5016  C:\Windows\System32\msvcr100_clr0400.dll - ok
12:08:42.0279 5016  [ ACFD0D2CD67C478673F2EAB1CB4D9D79 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
12:08:42.0279 5016  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll - ok
12:08:42.0279 5016  [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
12:08:42.0279 5016  C:\Windows\System32\wbem\wmiprov.dll - ok
12:08:42.0289 5016  [ 48A6A53E6B36FF664086A3F55297105E ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Interop.TosNcCom.dll
12:08:42.0289 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Interop.TosNcCom.dll - ok
12:08:42.0303 5016  [ 26D9F1C32A2537B24159B6DE32956559 ] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCom.dll
12:08:42.0303 5016  C:\Program Files\TOSHIBA\BulletinBoard\TosNcCom.dll - ok
12:08:42.0311 5016  [ 87204B04A63E684D3FD02A7BC10741CD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll
12:08:42.0312 5016  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\f71d2f65d0f149c75ac7a569dbcc8500\System.ServiceProcess.ni.dll - ok
12:08:42.0321 5016  [ B8BE9E10DD4F53866CDA4C4E7868B15E ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\libTMachInfo.dll
12:08:42.0321 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\libTMachInfo.dll - ok
12:08:42.0321 5016  [ C94D9591F6C18267F9EE731EF740085B ] C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3726.17542__90ba9c70f846762e\APM.Server.DLL
12:08:42.0321 5016  C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3726.17542__90ba9c70f846762e\APM.Server.DLL - ok
12:08:42.0331 5016  [ 2FAD0C06D536B31F529E365CFBA98BCB ] C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3726.17535__90ba9c70f846762e\APM.Foundation.DLL
12:08:42.0331 5016  C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3726.17535__90ba9c70f846762e\APM.Foundation.DLL - ok
12:08:42.0341 5016  [ 28644B0523D64EFF2FC7312A2EE74B0A ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:08:42.0341 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe - ok
12:08:42.0351 5016  [ 953354184450334CBE651EEA9C8CBD5F ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3726.17540__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
12:08:42.0351 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3726.17540__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL - ok
12:08:42.0351 5016  [ 19811770D1A0659F6BA016336E1C53FA ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.DLL
12:08:42.0361 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.DLL - ok
12:08:42.0361 5016  [ 5CF0F707E0D7CB0B7A94585DC901239E ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
12:08:42.0361 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL - ok
12:08:42.0379 5016  [ DD8BC0612CFC86B916342E6ECCE12738 ] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3726.17657__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
12:08:42.0379 5016  C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3726.17657__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL - ok
12:08:42.0391 5016  [ 32D1D16EB9B584F990AF34BC4CD3B17B ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
12:08:42.0391 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Client.Shared.DLL - ok
12:08:42.0397 5016  [ 58FD154FF8F578EEBC878B1302F618BC ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
12:08:42.0397 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL - ok
12:08:42.0405 5016  [ 2A8623697C131D86D68F07234EDB2D7D ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
12:08:42.0406 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3726.17562__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL - ok
12:08:42.0416 5016  [ 59AC0571720868A8E9A7C9C38D4A8703 ] C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3726.17540__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
12:08:42.0416 5016  C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3726.17540__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL - ok
12:08:42.0423 5016  [ 118326902D738BA89C35D0622B43546E ] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
12:08:42.0423 5016  C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL - ok
12:08:42.0435 5016  [ B903E0FF2537533DCB96A7C9F80E1BBE ] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
12:08:42.0436 5016  C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3726.17563__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL - ok
12:08:42.0442 5016  [ 09CB1F7B6080ECEA051444580538F568 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
12:08:42.0442 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL - ok
12:08:42.0450 5016  [ 9F5085E5793007B3830EEE6AC8AF5039 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
12:08:42.0450 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3726.17650__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL - ok
12:08:42.0458 5016  [ 39E14E01C3C398E29F10607C4C1C2561 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
12:08:42.0458 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL - ok
12:08:42.0472 5016  [ EE850C95ED088E8835F2425EE551296F ] C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
12:08:42.0472 5016  C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL - ok
12:08:42.0478 5016  [ ED59CBD4D058CFF36BAE62006E080A47 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3726.17621__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
12:08:42.0478 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3726.17621__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL - ok
12:08:42.0488 5016  [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\SysWOW64\udhisapi.dll
12:08:42.0488 5016  C:\Windows\SysWOW64\udhisapi.dll - ok
12:08:42.0500 5016  [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
12:08:42.0500 5016  C:\Windows\System32\udhisapi.dll - ok
12:08:42.0510 5016  [ B464B79F82D623EAD7B559A46CC98CE5 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3726.17575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL
12:08:42.0511 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3726.17575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL - ok
12:08:42.0516 5016  [ AFD37361BB4B72253B2A79220B841EF4 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.DLL
12:08:42.0516 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3726.17684__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.DLL - ok
12:08:42.0524 5016  [ 1FC815F53BBFBEE005FE280341D0FDE9 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
12:08:42.0524 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL - ok
12:08:42.0537 5016  [ 58A0DAEAF0F340441875825E50CB027A ] C:\Windows\System32\en-US\sppsvc.exe.mui
12:08:42.0537 5016  C:\Windows\System32\en-US\sppsvc.exe.mui - ok
12:08:42.0541 5016  [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\SysWOW64\drprov.dll
12:08:42.0541 5016  C:\Windows\SysWOW64\drprov.dll - ok
12:08:42.0548 5016  [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
12:08:42.0548 5016  C:\Windows\System32\drprov.dll - ok
12:08:42.0563 5016  [ 9FC2ABF499DFB8E6C4C2E5D03D76369D ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3726.17551__90ba9c70f846762e\CLI.Component.Dashboard.DLL
12:08:42.0563 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3726.17551__90ba9c70f846762e\CLI.Component.Dashboard.DLL - ok
12:08:42.0573 5016  [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\SysWOW64\ntlanman.dll
12:08:42.0573 5016  C:\Windows\SysWOW64\ntlanman.dll - ok
12:08:42.0584 5016  [ C1905C384E891FBBB490FD3878110A3D ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
12:08:42.0584 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3726.17536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL - ok
12:08:42.0590 5016  [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
12:08:42.0590 5016  C:\Windows\System32\ntlanman.dll - ok
12:08:42.0603 5016  [ 1D897E081DF5FF3C783B2731B53649D0 ] C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
12:08:42.0603 5016  C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3726.17550__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL - ok
12:08:42.0610 5016  [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\SysWOW64\davclnt.dll
12:08:42.0610 5016  C:\Windows\SysWOW64\davclnt.dll - ok
12:08:42.0617 5016  [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
12:08:42.0617 5016  C:\Windows\System32\davclnt.dll - ok
12:08:42.0626 5016  [ 0A7977FF7535F237C8C745AE09887C35 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
12:08:42.0626 5016  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll - ok
12:08:42.0635 5016  [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\SysWOW64\davhlpr.dll
12:08:42.0635 5016  C:\Windows\SysWOW64\davhlpr.dll - ok
12:08:42.0644 5016  [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
12:08:42.0644 5016  C:\Windows\System32\davhlpr.dll - ok
12:08:42.0655 5016  [ 2ECA21283D6F0D3084B3998905675A8C ] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3726.17556__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
12:08:42.0655 5016  C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3726.17556__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL - ok
12:08:42.0663 5016  [ A979EDAB5305A06B458DB1823AEF5B99 ] C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3726.17555__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
12:08:42.0663 5016  C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3726.17555__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL - ok
12:08:42.0679 5016  [ 462894BD6DD50F4DCCDEBD14A505B7F2 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
12:08:42.0679 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3726.17651__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL - ok
12:08:42.0690 5016  [ 7EDA7E453CE6C19E6FE3DB6A22F66B38 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
12:08:42.0690 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3726.17570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL - ok
12:08:42.0698 5016  [ 40E4B99DB86D8F269157221737276860 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3726.17680__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL
12:08:42.0698 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3726.17680__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL - ok
12:08:42.0706 5016  [ 4370B54FC11742DC5A88DC8602729459 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll
12:08:42.0706 5016  C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\fd4a8227569e64d657b80483da8ffe78\System.Management.ni.dll - ok
12:08:42.0711 5016  [ 8DAD5CFF6ABB4B2E485922F1083D4A0B ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
12:08:42.0711 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL - ok
12:08:42.0719 5016  [ 45375DF47ED4D0535739465105AAABE3 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
12:08:42.0719 5016  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
12:08:42.0728 5016  [ 3241D86B454FA7ABF3CB3182B86FBBF0 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3726.17604__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
12:08:42.0728 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3726.17604__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL - ok
12:08:42.0737 5016  [ FA663ED68D9E76C6CF08421822F6EBD6 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3726.17597__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
12:08:42.0737 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3726.17597__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL - ok
12:08:42.0745 5016  [ 075FF4C0427B25DA85ECA4C43BDB8B90 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3726.17606__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL
12:08:42.0745 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3726.17606__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL - ok
12:08:42.0753 5016  [ 39137C527968218EEAF45154A5A02440 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
12:08:42.0753 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3726.17613__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL - ok
12:08:42.0775 5016  [ D186B70173BC846BEB4A5F0AC4198B10 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3726.17571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
12:08:42.0775 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3726.17571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL - ok
12:08:42.0784 5016  [ 2FAF31446B267EBDDC7A26C1DBDBFA82 ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
12:08:42.0784 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3726.17598__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL - ok
12:08:42.0791 5016  [ 66E17D805A408FA5EE355D9787D528CF ] C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL
12:08:42.0791 5016  C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3726.17649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL - ok
12:08:42.0800 5016  [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\SysWOW64\wmi.dll
12:08:42.0800 5016  C:\Windows\SysWOW64\wmi.dll - ok
12:08:42.0811 5016  [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
12:08:42.0811 5016  C:\Windows\System32\wmi.dll - ok
12:08:42.0816 5016  [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\SysWOW64\schedcli.dll
12:08:42.0816 5016  C:\Windows\SysWOW64\schedcli.dll - ok
12:08:42.0828 5016  [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
12:08:42.0829 5016  C:\Windows\System32\schedcli.dll - ok
12:08:42.0833 5016  [ E601860AA04CE2198DBC6AC2AF80AFF7 ] C:\Windows\System32\perfos.dll
12:08:42.0833 5016  C:\Windows\System32\perfos.dll - ok
12:08:42.0840 5016  [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
12:08:42.0840 5016  C:\Windows\System32\security.dll - ok
12:08:42.0851 5016  [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
12:08:42.0851 5016  C:\Windows\System32\cabinet.dll - ok
12:08:42.0855 5016  [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\SysWOW64\mspatcha.dll
12:08:42.0855 5016  C:\Windows\SysWOW64\mspatcha.dll - ok
12:08:42.0865 5016  [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
12:08:42.0865 5016  C:\Windows\System32\mspatcha.dll - ok
12:08:42.0872 5016  [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
12:08:42.0872 5016  C:\Windows\System32\drivers\spsys.sys - ok
12:08:42.0881 5016  [ FB633DCC8664E4CCACF562DB5BAE38CF ] C:\Windows\SysWOW64\wups.dll
12:08:42.0881 5016  C:\Windows\SysWOW64\wups.dll - ok
12:08:42.0888 5016  [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
12:08:42.0888 5016  C:\Windows\System32\wups.dll - ok
12:08:42.0895 5016  [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
12:08:42.0895 5016  C:\Windows\System32\wups2.dll - ok
12:08:42.0903 5016  [ 7D4DC95A1F5E0818E74A399960569EA1 ] C:\Windows\SysWOW64\wuapi.dll
12:08:42.0903 5016  C:\Windows\SysWOW64\wuapi.dll - ok
12:08:42.0911 5016  [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
12:08:42.0911 5016  C:\Windows\System32\wuapi.dll - ok
12:08:42.0918 5016  [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
12:08:42.0918 5016  C:\Windows\System32\sppwinob.dll - ok
12:08:42.0925 5016  [ EF4ADD840FB64B62C2A0E6699925A311 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll
12:08:42.0925 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll - ok
12:08:42.0932 5016  [ 05E8652D704175D366B4B123EE26F1B8 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll
12:08:42.0932 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll - ok
12:08:42.0943 5016  [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
12:08:42.0944 5016  C:\Windows\System32\sppobjs.dll - ok
12:08:42.0949 5016  [ 58327838B09EBAED3EA86721434C0578 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll
12:08:42.0949 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll - ok
12:08:42.0957 5016  [ 4F4632082C5CA5CAD87A74930FB59644 ] C:\Windows\System32\atiu9p64.dll
12:08:42.0957 5016  C:\Windows\System32\atiu9p64.dll - ok
12:08:42.0965 5016  [ 4170556B35A38A428A626F5C0F035C3E ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\FilterLib.dll
12:08:42.0965 5016  C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\FilterLib.dll - ok
12:08:42.0978 5016  [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll
12:08:42.0978 5016  C:\Windows\SysWOW64\msisip.dll - ok
12:08:42.0989 5016  [ 74C2FA8C3765EE71A9C22182EC108457 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:08:42.0989 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe - ok
12:08:42.0998 5016  [ 82A4C81D96D429BE2F2B22AD5B6697F2 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
12:08:42.0998 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe - ok
12:08:43.0006 5016  [ CE09C5417A9B712D69F653DBC71E694F ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
12:08:43.0006 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll - ok
12:08:43.0014 5016  [ 4E07C23832C42B1ACE3317AE385A28B5 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\en-US\tossenotify.exe.mui
12:08:43.0014 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\en-US\tossenotify.exe.mui - ok
12:08:43.0022 5016  [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\SysWOW64\stdole2.tlb
12:08:43.0023 5016  C:\Windows\SysWOW64\stdole2.tlb - ok
12:08:43.0031 5016  [ 867D39EFDD18A0B9FD71C854AA042452 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
12:08:43.0031 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll - ok
12:08:43.0046 5016  [ 8B57A1AD493653BB57F281FE75DD175B ] C:\Windows\SysWOW64\NaturalLanguage6.dll
12:08:43.0046 5016  C:\Windows\SysWOW64\NaturalLanguage6.dll - ok
12:08:43.0057 5016  [ 01E2855FB06C422E721D890AF201C2D7 ] C:\Windows\System32\NaturalLanguage6.dll
12:08:43.0057 5016  C:\Windows\System32\NaturalLanguage6.dll - ok
12:08:43.0061 5016  [ 2992932C1AB1D29A1A4A9E8CB8530CBF ] C:\Windows\SysWOW64\NlsData0009.dll
12:08:43.0061 5016  C:\Windows\SysWOW64\NlsData0009.dll - ok
12:08:43.0069 5016  [ 701D9F5F3F21580936638D5C5F86B460 ] C:\Windows\System32\NlsData0009.dll
12:08:43.0069 5016  C:\Windows\System32\NlsData0009.dll - ok
12:08:43.0081 5016  [ C849E9CB02062D4179E4D2A36862A48A ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosReg.dll
12:08:43.0081 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosReg.dll - ok
12:08:43.0085 5016  [ C8CB301BF896C7C556BBE963FADF5BB6 ] C:\Windows\SysWOW64\NlsLexicons0009.dll
12:08:43.0085 5016  C:\Windows\SysWOW64\NlsLexicons0009.dll - ok
12:08:43.0093 5016  [ 148A733B93A2AC104280495DA09D3CC2 ] C:\Windows\System32\NlsLexicons0009.dll
12:08:43.0093 5016  C:\Windows\System32\NlsLexicons0009.dll - ok
12:08:43.0101 5016  [ 1993E30BBCC3EA672EF57E63D0FEEEF6 ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmart.dll
12:08:43.0101 5016  C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmart.dll - ok
12:08:43.0109 5016  [ 8444A7364D6877922049E99BF4B78C5C ] C:\Windows\SysWOW64\ELSCore.dll
12:08:43.0109 5016  C:\Windows\SysWOW64\ELSCore.dll - ok
12:08:43.0116 5016  [ 76D86E65FF7D10292886A1F2DB93A911 ] C:\Windows\System32\ELSCore.dll
12:08:43.0116 5016  C:\Windows\System32\ELSCore.dll - ok
12:08:43.0123 5016  [ 7B3FD36359DE5D2EE49D213CCAD13427 ] C:\Windows\SysWOW64\elsTrans.dll
12:08:43.0123 5016  C:\Windows\SysWOW64\elsTrans.dll - ok
12:08:43.0131 5016  [ 12929BDE96189F4E968AD035573424F0 ] C:\Windows\System32\elsTrans.dll
12:08:43.0131 5016  C:\Windows\System32\elsTrans.dll - ok
12:08:43.0142 5016  [ 02A2ED8497F437EA200DF3ACED255AFE ] C:\Windows\SysWOW64\elslad.dll
12:08:43.0142 5016  C:\Windows\SysWOW64\elslad.dll - ok
12:08:43.0146 5016  [ AEE087CF7423BA44CC2DE03CC565E399 ] C:\Windows\System32\elslad.dll
12:08:43.0146 5016  C:\Windows\System32\elslad.dll - ok
12:08:43.0153 5016  [ 28CAAA8B3DAC4604B6871F311C6B9F49 ] C:\Windows\SysWOW64\NlsData0000.dll
12:08:43.0153 5016  C:\Windows\SysWOW64\NlsData0000.dll - ok
12:08:43.0161 5016  [ 11542EC1F1C53EDB3CCF5AADF4C9972F ] C:\Windows\System32\NlsData0000.dll
12:08:43.0161 5016  C:\Windows\System32\NlsData0000.dll - ok
12:08:43.0168 5016  [ 7E5EEECD068A1508C3CE5D83BF5C50E0 ] C:\Windows\SysWOW64\dskquota.dll
12:08:43.0168 5016  C:\Windows\SysWOW64\dskquota.dll - ok
12:08:43.0183 5016  [ F1387F5674697F2D8EB6DE2266477860 ] C:\Windows\System32\dskquota.dll
12:08:43.0183 5016  C:\Windows\System32\dskquota.dll - ok
12:08:43.0192 5016  [ F175E53C7C3B25A9029A131FB578B155 ] C:\Windows\SysWOW64\wscinterop.dll
12:08:43.0192 5016  C:\Windows\SysWOW64\wscinterop.dll - ok
12:08:43.0200 5016  [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
12:08:43.0200 5016  C:\Windows\System32\wscinterop.dll - ok
12:08:43.0204 5016  [ 7FD5532C142DB6C9CC47AA4DCF71FDEC ] C:\Windows\SysWOW64\wscui.cpl
12:08:43.0204 5016  C:\Windows\SysWOW64\wscui.cpl - ok
12:08:43.0213 5016  [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
12:08:43.0213 5016  C:\Windows\System32\wscui.cpl - ok
12:08:43.0221 5016  [ F9959237F106F2B2609E61A290C0652E ] C:\Windows\System32\werconcpl.dll
12:08:43.0221 5016  C:\Windows\System32\werconcpl.dll - ok
12:08:43.0228 5016  [ 57CE9D8350B1DD76EEC596C423C3C0BC ] C:\Windows\SysWOW64\hcproviders.dll
12:08:43.0228 5016  C:\Windows\SysWOW64\hcproviders.dll - ok
12:08:43.0235 5016  [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
12:08:43.0235 5016  C:\Windows\System32\hcproviders.dll - ok
12:08:43.0242 5016  [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
12:08:43.0242 5016  C:\Windows\System32\wbem\wmipcima.dll - ok
12:08:43.0251 5016  [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\SysWOW64\slwga.dll
12:08:43.0251 5016  C:\Windows\SysWOW64\slwga.dll - ok
12:08:43.0257 5016  [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
12:08:43.0257 5016  C:\Windows\System32\slwga.dll - ok
12:08:43.0266 5016  [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\SysWOW64\sppc.dll
12:08:43.0266 5016  C:\Windows\SysWOW64\sppc.dll - ok
12:08:43.0272 5016  [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
12:08:43.0272 5016  C:\Windows\System32\sppc.dll - ok
12:08:43.0283 5016  [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\SysWOW64\wbem\WMIADAP.exe
12:08:43.0283 5016  C:\Windows\SysWOW64\wbem\WMIADAP.exe - ok
12:08:43.0290 5016  [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
12:08:43.0290 5016  C:\Windows\System32\wbem\WMIADAP.exe - ok
12:08:43.0298 5016  [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\SysWOW64\loadperf.dll
12:08:43.0298 5016  C:\Windows\SysWOW64\loadperf.dll - ok
12:08:43.0312 5016  [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
12:08:43.0312 5016  C:\Windows\System32\loadperf.dll - ok
12:08:43.0318 5016  [ 0C0DF0F05BAEA320FA301F34E256E08B ] C:\Windows\SysWOW64\dpx.dll
12:08:43.0318 5016  C:\Windows\SysWOW64\dpx.dll - ok
12:08:43.0324 5016  [ 6369F960C28A16F4502C480EEDE3652C ] C:\Windows\System32\dpx.dll
12:08:43.0325 5016  C:\Windows\System32\dpx.dll - ok
12:08:43.0334 5016  [ A81331D7EB6C5D1F7B1E4E4FC15F3EC0 ] C:\Windows\SysWOW64\srclient.dll
12:08:43.0334 5016  C:\Windows\SysWOW64\srclient.dll - ok
12:08:43.0342 5016  [ BBED6A14692C48279F88B3127206A1BA ] C:\Windows\SysWOW64\sxsstore.dll
12:08:43.0343 5016  C:\Windows\SysWOW64\sxsstore.dll - ok
12:08:43.0347 5016  [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\SysWOW64\wdscore.dll
12:08:43.0347 5016  C:\Windows\SysWOW64\wdscore.dll - ok
12:08:43.0355 5016  [ 288ADDED26C80FDC135CAB4340161686 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll
12:08:43.0355 5016  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\CbsCore.dll - ok
12:08:43.0367 5016  [ DA962E6301C2B887F545DA88BEB8D5D5 ] C:\Windows\servicing\CbsMsg.dll
12:08:43.0367 5016  C:\Windows\servicing\CbsMsg.dll - ok
12:08:43.0374 5016  [ 7957A194B8421BC070FABBF1C55DB68B ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll
12:08:43.0374 5016  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll - ok
12:08:43.0391 5016  [ CEA119C323082026583901452B14C30E ] C:\Windows\SysWOW64\makecab.exe
12:08:43.0391 5016  C:\Windows\SysWOW64\makecab.exe - ok
12:08:43.0401 5016  [ 9297F004FCE79FB7B26DAC6968FB5FEB ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll
12:08:43.0402 5016  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\DrUpdate.dll - ok
12:08:43.0409 5016  [ 971A36C4827AD1AE2A54E6407478921A ] C:\Windows\SysWOW64\spp.dll
12:08:43.0409 5016  C:\Windows\SysWOW64\spp.dll - ok
12:08:43.0417 5016  [ 943F48CC3A59169E52A054946C2F59B8 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll
12:08:43.0417 5016  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wrpint.dll - ok
12:08:43.0424 5016  [ D485D1BE97777617B186FC8095F58421 ] C:\Windows\servicing\CbsApi.dll
12:08:43.0424 5016  C:\Windows\servicing\CbsApi.dll - ok
12:08:43.0436 5016  [ C1C03EA437EDDA8A7D4D8786E5AE6751 ] C:\Windows\System32\wuauclt.exe
12:08:43.0436 5016  C:\Windows\System32\wuauclt.exe - ok
12:08:43.0441 5016  [ 387F2728BFCF50066F7F3219197918EB ] C:\Windows\System32\makecab.exe
12:08:43.0441 5016  C:\Windows\System32\makecab.exe - ok
12:08:43.0452 5016  [ FC6C5D860CDB82411DA626821201BDF0 ] C:\Windows\System32\srclient.dll
12:08:43.0452 5016  C:\Windows\System32\srclient.dll - ok
12:08:43.0456 5016  [ B7AC66C1CCD87D7C49256B5451DED4FA ] C:\Windows\System32\spp.dll
12:08:43.0456 5016  C:\Windows\System32\spp.dll - ok
12:08:43.0463 5016  [ 6685DD5CC357D45EEE30FD089E8A111A ] C:\Windows\System32\sxsstore.dll
12:08:43.0463 5016  C:\Windows\System32\sxsstore.dll - ok
12:08:43.0472 5016  [ 739E51268B4BB79AB4F9E55F0018D0BC ] C:\Windows\SysWOW64\msdelta.dll
12:08:43.0472 5016  C:\Windows\SysWOW64\msdelta.dll - ok
12:08:43.0480 5016  [ D9A5B279A8D2F8775FA254927F33DA6D ] C:\Windows\System32\msdelta.dll
12:08:43.0480 5016  C:\Windows\System32\msdelta.dll - ok
12:08:43.0490 5016  [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
12:08:43.0490 5016  C:\Windows\System32\fltLib.dll - ok
12:08:43.0494 5016  [ C9905EA4C326DAB778B9297BA5BD1889 ] C:\Windows\SysWOW64\wermgr.exe
12:08:43.0494 5016  C:\Windows\SysWOW64\wermgr.exe - ok
12:08:43.0516 5016  [ 41DF7355A5A907E2C1D7804EC028965D ] C:\Windows\System32\wermgr.exe
12:08:43.0516 5016  C:\Windows\System32\wermgr.exe - ok
12:08:43.0521 5016  [ FAF44FF8DD84BAA8E615C9B33C1D3432 ] C:\Windows\SysWOW64\verifier.dll
12:08:43.0521 5016  C:\Windows\SysWOW64\verifier.dll - ok
12:08:43.0529 5016  [ 26D652191B51854E66084DDAEE69EC65 ] C:\Windows\System32\verifier.dll
12:08:43.0529 5016  C:\Windows\System32\verifier.dll - ok
12:08:43.0538 5016  [ 9D6AA2ADD3F704134EE89C1E58BDFD1B ] C:\Windows\SysWOW64\xolehlp.dll
12:08:43.0538 5016  C:\Windows\SysWOW64\xolehlp.dll - ok
12:08:43.0551 5016  [ 88C170086371CC5716010AF223F6F780 ] C:\Windows\SysWOW64\virtdisk.dll
12:08:43.0551 5016  C:\Windows\SysWOW64\virtdisk.dll - ok
12:08:43.0556 5016  [ 5A8BF4E8810541C23F4067536FB48CA3 ] C:\Windows\SysWOW64\vss_ps.dll
12:08:43.0556 5016  C:\Windows\SysWOW64\vss_ps.dll - ok
12:08:43.0563 5016  [ E25640558E3EE4FE6201A9928990BA2A ] C:\Windows\SysWOW64\catsrvut.dll
12:08:43.0563 5016  C:\Windows\SysWOW64\catsrvut.dll - ok
12:08:43.0571 5016  [ 8C80EA0385219822BCE27485F4108444 ] C:\Windows\SysWOW64\mfcsubs.dll
12:08:43.0571 5016  C:\Windows\SysWOW64\mfcsubs.dll - ok
12:08:43.0579 5016  [ 14768274399730DC93EB2BA4E51C507D ] C:\Windows\System32\xolehlp.dll
12:08:43.0579 5016  C:\Windows\System32\xolehlp.dll - ok
12:08:43.0588 5016  [ BBB44E9207E7F5A8D931AA6C74962C77 ] C:\Windows\System32\virtdisk.dll
12:08:43.0588 5016  C:\Windows\System32\virtdisk.dll - ok
12:08:43.0596 5016  [ 4D85B1B44DC19C0C46E6DDE35895FD0F ] C:\Windows\System32\vss_ps.dll
12:08:43.0596 5016  C:\Windows\System32\vss_ps.dll - ok
12:08:43.0603 5016  [ C2F327F7881DCD88F2EF926381B35E65 ] C:\Windows\System32\catsrvut.dll
12:08:43.0603 5016  C:\Windows\System32\catsrvut.dll - ok
12:08:43.0642 5016  [ AA066E1BE74A2C9DA50092E7245BC33C ] C:\Windows\System32\mfcsubs.dll
12:08:43.0642 5016  C:\Windows\System32\mfcsubs.dll - ok
12:08:43.0646 5016  [ F343D80C26B3BDFCA8066BD5FD397E73 ] C:\Windows\SysWOW64\en-US\vsstrace.dll.mui
12:08:43.0646 5016  C:\Windows\SysWOW64\en-US\vsstrace.dll.mui - ok
12:08:43.0654 5016  [ 7A61E612B2C4ADDAC988233206201FEB ] C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
12:08:43.0654 5016  C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll - ok
12:08:43.0661 5016  [ 6B140B1382F1FE04BA57B196AEB19725 ] C:\Windows\SysWOW64\t2embed.dll
12:08:43.0662 5016  C:\Windows\SysWOW64\t2embed.dll - ok
12:08:43.0668 5016  [ 040B198DA82AC2C4DB22E088BBAFD10B ] C:\Windows\System32\t2embed.dll
12:08:43.0668 5016  C:\Windows\System32\t2embed.dll - ok
12:08:43.0675 5016  [ C68FBBF01E86CB6CF0B797748FBD6C1A ] C:\Windows\SysWOW64\dxtmsft.dll
12:08:43.0675 5016  C:\Windows\SysWOW64\dxtmsft.dll - ok
12:08:43.0682 5016  [ 7EC25F7ABF7CE6B0FE93787524EE537B ] C:\Windows\System32\dxtmsft.dll
12:08:43.0682 5016  C:\Windows\System32\dxtmsft.dll - ok
12:08:43.0693 5016  [ 4FE6AA4422BEC5DC3995051C670FFB26 ] C:\Windows\SysWOW64\advpack.dll
12:08:43.0693 5016  C:\Windows\SysWOW64\advpack.dll - ok
12:08:43.0698 5016  [ 5FBD7BEC6CD3DCAA6A87A7F70CE8AF44 ] C:\Windows\System32\advpack.dll
12:08:43.0698 5016  C:\Windows\System32\advpack.dll - ok
12:08:43.0717 5016  [ 84F6447DAF575241EDFA8A3BDB9AAB5F ] C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.165.658.0.exe
12:08:43.0718 5016  C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.165.658.0.exe - ok
12:08:43.0722 5016  [ A2631C4465BBCE72B7E371DFB924A9D3 ] C:\Windows\SysWOW64\feclient.dll
12:08:43.0722 5016  C:\Windows\SysWOW64\feclient.dll - ok
12:08:43.0729 5016  [ 137032720108BFE1A50134E0024D06B9 ] C:\Windows\System32\feclient.dll
12:08:43.0729 5016  C:\Windows\System32\feclient.dll - ok
12:08:43.0741 5016  [ B8E91CB22DCE5009E8CAC7EFF78523F0 ] C:\a8731cb2716fb454a7\MpMiniSigStub.exe
12:08:43.0741 5016  C:\a8731cb2716fb454a7\MpMiniSigStub.exe - ok
12:08:43.0745 5016  [ 333F75E5B00BC9ED263D7D0E1A8435AB ] C:\Windows\System32\MpSigStub.exe
12:08:43.0745 5016  C:\Windows\System32\MpSigStub.exe - ok
12:08:43.0753 5016  [ 1D67C776FC991FDF48DA90C2EBDB8C05 ] C:\a8731cb2716fb454a7\404E6F50-D850-4981-BF84-749A1835FF0Empasdlta.vdm
12:08:43.0753 5016  C:\a8731cb2716fb454a7\404E6F50-D850-4981-BF84-749A1835FF0Empasdlta.vdm - ok
12:08:43.0761 5016  [ 1D67C776FC991FDF48DA90C2EBDB8C05 ] C:\a8731cb2716fb454a7\mpasdlta.vdm
12:08:43.0761 5016  C:\a8731cb2716fb454a7\mpasdlta.vdm - ok
12:08:43.0770 5016  [ 1D67C776FC991FDF48DA90C2EBDB8C05 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFCCD9E9-786E-4FF2-92BF-0FE15A212A59}\mpasdlta.vdm
12:08:43.0770 5016  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFCCD9E9-786E-4FF2-92BF-0FE15A212A59}\mpasdlta.vdm - ok
12:08:43.0773 5016  [ F6A7A8F97C80655B26E9016C7EE8157E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFCCD9E9-786E-4FF2-92BF-0FE15A212A59}\mpengine.dll
12:08:43.0773 5016  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFCCD9E9-786E-4FF2-92BF-0FE15A212A59}\mpengine.dll - ok
12:08:43.0793 5016  [ 7DF75678370425F58BB752E371819FF7 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFCCD9E9-786E-4FF2-92BF-0FE15A212A59}\mpasbase.vdm
12:08:43.0793 5016  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AFCCD9E9-786E-4FF2-92BF-0FE15A212A59}\mpasbase.vdm - ok
12:08:43.0793 5016  ============================================================
12:08:43.0793 5016  Scan finished
12:08:43.0793 5016  ============================================================
12:08:43.0813 2364  Detected object count: 3
12:08:43.0813 2364  Actual detected object count: 3
12:09:55.0376 2364  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:09:55.0376 2364  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
12:09:55.0377 2364  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
12:09:55.0377 2364  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:09:55.0379 2364  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
12:09:55.0379 2364  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:27:21.0009 3308  Deinitialize success

Edited by Leelee21, 02 January 2014 - 01:36 PM.


#14 Leelee21

Leelee21
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 02 January 2014 - 01:38 PM

I'm not sure if this is the right log but I'll post it anyways I had a really hard time getting the log before it restarted itself out of the blue. Part of the other post I just posted had more to it but it only took some of it unfortunately. The top part is missing from it. 

It's still playing the ads, although before I ran this, it wasn't playing at all until tdsskiller rebooted. It said it was installing some updates and after that it was doing the same thing it had been.

Also there was no cure option on any of them.

0793 5016  Scan finished

12:08:43.0793 5016  ============================================================
12:08:43.0813 2364  Detected object count: 3
12:08:43.0813 2364  Actual detected object count: 3
12:09:55.0376 2364  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
12:09:55.0376 2364  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
12:09:55.0377 2364  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
12:09:55.0377 2364  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:09:55.0379 2364  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
12:09:55.0379 2364  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:27:21.0009 3308  Deinitialize success

Edited by Leelee21, 02 January 2014 - 01:46 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:47 AM

Posted 02 January 2014 - 08:34 PM

Hello Leelee21

What browser are you using when you hear the ads?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users