Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown source playing audio clips at random times


  • This topic is locked This topic is locked
6 replies to this topic

#1 Pyromancer56

Pyromancer56

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 18 November 2014 - 10:48 PM

This problem started about 1-2 months ago. These 2-5 sec clips of audio will play at random times. There is at least 4 different clips that I can recall and I think maybe 2 others. Sometimes a clip will play twice in quick succession. Four of the clips are: "Nothing more than feelings", "See ya sucka", a clip of marching music, and "We sign our cards and letters bff". 

 

I have run a variety of programs trying to figure out the cause only for nothing to turn up in any scan. Then last week I reformatted my hard drive and re-installed Windows. A few days later the sounds returned. So far I've run Avast pre-boot scan, ESET online scan, TDSSKiller, ComboFix, Malwarebytes Anti-Malware, and SUPERAntiSpyware. None of these have found anything. So at this point I'm at a loss for what is causing this. Any help would be greatly appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420
Run by Pyromancer at 21:26:11 on 2014-11-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16342.10124 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\PYROMA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: Interfaces\{8B7388BF-6165-43BF-BB55-B4003400F439} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{D28F4491-3302-402E-ADEE-3FD2A73C649A} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pyromancer\AppData\Roaming\Mozilla\Firefox\Profiles\meab2i1s.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-11-11 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-11-11 267632]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-11-11 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-11-11 436624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-11-11 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2014-11-11 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-11-11 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-11 50344]
R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-22 492032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-11 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-11 968504]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-11 270728]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-11 4012248]
R3 BfEdge7x64;Bigfoot Networks Killer Ethernet Service;C:\Windows\System32\drivers\Edge7x64.sys [2012-2-22 31336]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2012-2-22 157288]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-11-11 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2014-11-11 94208]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-11-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-11 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-11 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-12 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-11 20992]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-11 646248]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-11 59392]
.
=============== Created Last 30 ================
.
2014-11-18 17:32:36 -------- d-----w- C:\Windows\pss
2014-11-18 16:50:43 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\puush
2014-11-18 16:50:40 -------- d-----w- C:\Program Files (x86)\puush
2014-11-18 09:49:44 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\qBittorrent
2014-11-18 06:13:56 -------- d-----w- C:\Users\Pyromancer\AppData\Local\PAYDAY 2
2014-11-18 06:13:46 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-11-17 04:22:02 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-17 02:07:31 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-17 01:53:00 98816 ----a-w- C:\Windows\sed.exe
2014-11-17 01:53:00 256000 ----a-w- C:\Windows\PEV.exe
2014-11-17 01:53:00 208896 ----a-w- C:\Windows\MBR.exe
2014-11-17 01:24:56 -------- d-----w- C:\Program Files\HitmanPro
2014-11-17 01:24:44 -------- d-----w- C:\ProgramData\HitmanPro
2014-11-17 01:16:07 -------- d-----w- C:\Windows\ERUNT
2014-11-17 01:12:17 -------- d-----w- C:\AdwCleaner
2014-11-17 00:55:16 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-11-17 00:55:05 -------- d-----w- C:\Intel
2014-11-15 02:53:28 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\Guildwork
2014-11-15 02:53:00 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Deployment
2014-11-14 21:02:56 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-11-14 21:02:53 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{801308CE-8265-4DB3-8FA0-B973375EF016}\mpengine.dll
2014-11-13 22:53:22 -------- d-----w- C:\Windows\Migration
2014-11-13 20:24:11 67072 ----a-w- C:\Windows\splwow64.exe
2014-11-13 20:24:11 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-11-13 20:24:11 2871808 ----a-w- C:\Windows\explorer.exe
2014-11-13 20:24:11 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2014-11-13 08:21:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-11-13 08:21:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-11-13 08:21:33 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-11-13 08:21:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-11-13 08:16:03 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-11-13 08:10:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-11-13 08:10:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-11-13 08:10:06 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-11-13 08:10:05 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-11-13 08:10:00 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-11-13 08:09:59 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-11-13 08:09:59 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-11-13 08:02:03 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-11-13 08:02:03 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-11-13 03:15:58 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2014-11-13 03:14:52 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2014-11-13 03:13:57 51712 ----a-w- C:\Windows\SysWow64\esrb.rs
2014-11-13 03:13:57 51712 ----a-w- C:\Windows\System32\esrb.rs
2014-11-13 03:13:56 23552 ----a-w- C:\Windows\SysWow64\oflc.rs
2014-11-13 03:13:56 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs
2014-11-13 03:13:56 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2014-11-13 03:13:55 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2014-11-13 03:13:55 55296 ----a-w- C:\Windows\System32\cero.rs
2014-11-13 03:13:55 23552 ----a-w- C:\Windows\System32\oflc.rs
2014-11-13 03:12:22 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-11-13 03:12:21 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-11-13 03:12:21 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-11-13 03:12:21 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-11-13 03:12:20 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-11-13 03:12:18 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-11-13 03:12:18 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-11-13 02:58:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-13 02:58:30 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-13 02:58:14 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2014-11-13 02:58:13 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2014-11-13 00:24:21 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Diagnostics
2014-11-13 00:17:15 -------- d-sh--w- C:\Users\Pyromancer\AppData\Local\EmieUserList
2014-11-13 00:17:15 -------- d-sh--w- C:\Users\Pyromancer\AppData\Local\EmieSiteList
2014-11-13 00:17:15 -------- d-sh--w- C:\Users\Pyromancer\AppData\Local\EmieBrowserModeList
2014-11-13 00:15:26 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Evernote
2014-11-13 00:15:04 -------- d-----w- C:\Program Files (x86)\Evernote
2014-11-13 00:03:34 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-13 00:03:30 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-11-13 00:03:30 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-11-12 14:03:01 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-11-12 14:03:00 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-11-12 14:03:00 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-11-12 14:02:59 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-11-12 14:02:59 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-11-12 14:02:59 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-11-12 14:02:06 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-11-12 14:02:06 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-11-12 13:55:38 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-11-12 13:55:38 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-11-12 13:55:02 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\sega
2014-11-12 13:54:53 -------- d-----w- C:\Users\Pyromancer\AppData\Local\daedalic entertainment
2014-11-12 13:00:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-11-12 13:00:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-11-12 13:00:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-11-12 12:48:48 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-11-12 12:48:48 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-11-12 12:48:47 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-11-12 12:48:47 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-11-12 12:48:36 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-11-12 12:48:36 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-11-12 12:46:51 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-11-12 12:46:51 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-11-12 12:43:55 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2014-11-12 12:43:54 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2014-11-12 12:43:31 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-11-12 12:43:29 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-11-12 12:43:28 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-11-12 12:43:27 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-11-12 12:43:26 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-11-12 12:43:23 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-12 12:40:59 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2014-11-12 12:39:54 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2014-11-12 12:38:42 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2014-11-12 12:38:42 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2014-11-12 12:36:10 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-11-12 12:36:10 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-11-12 12:36:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-11-12 12:34:45 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-11-12 12:34:44 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2014-11-12 12:34:44 144384 ----a-w- C:\Windows\System32\cdd.dll
2014-11-12 12:34:36 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2014-11-12 12:34:35 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-11-12 12:34:35 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-11-12 12:34:34 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-11-12 12:34:34 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2014-11-12 12:34:34 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-11-12 12:31:52 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2014-11-12 12:31:48 692736 ----a-w- C:\Windows\System32\osk.exe
2014-11-12 12:31:48 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-11-12 12:31:48 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-11-12 12:31:48 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-11-12 12:31:48 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-11-12 12:31:48 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-11-12 12:31:48 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-11-12 12:31:47 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-11-12 12:31:47 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-11-12 12:31:47 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-11-12 12:31:45 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-11-12 12:31:45 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-11-12 12:29:59 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-12 12:28:50 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2014-11-12 12:27:58 605552 ----a-w- C:\Windows\System32\winload.exe
2014-11-12 12:26:59 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2014-11-12 12:25:57 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-11-12 12:25:56 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-11-12 12:25:48 956928 ----a-w- C:\Windows\System32\localspl.dll
2014-11-12 12:24:55 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-11-12 12:24:54 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-11-12 12:24:00 150016 ----a-w- C:\Windows\System32\wshom.ocx
2014-11-12 12:24:00 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2014-11-12 12:22:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-11-12 12:22:59 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-11-12 12:22:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-11-12 12:22:55 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-11-12 12:16:59 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-11-12 12:16:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-11-12 12:16:26 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-11-12 12:16:25 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2014-11-12 12:16:25 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-11-12 12:16:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-11-12 12:16:24 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-11-12 12:02:20 741480 ------w- C:\Windows\System32\HPDiscoPMb411.dll
2014-11-12 12:02:04 -------- d-----w- C:\Program Files\HP
2014-11-12 12:02:04 -------- d-----w- C:\Program Files (x86)\HP
2014-11-12 12:01:53 -------- d-----w- C:\Users\Pyromancer\AppData\Local\HP
2014-11-12 11:14:41 -------- d-----w- C:\Program Files (x86)\Heroes of the Storm
2014-11-12 10:59:11 -------- d-----w- C:\Users\Pyromancer\AppData\Local\qBittorrent
2014-11-12 10:43:13 -------- d-----w- C:\Program Files (x86)\Hearthstone
2014-11-12 09:54:32 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\LolClient
2014-11-12 08:58:50 -------- d-----w- C:\ProgramData\Riot Games
2014-11-12 06:37:41 -------- d-----w- C:\Windows\AutoKMS
2014-11-12 06:36:35 -------- d-----w- C:\ProgramData\Microsoft Toolkit
2014-11-12 05:47:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-11-12 05:46:22 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-11-12 05:44:52 -------- d-----w- C:\Windows\PCHEALTH
2014-11-12 05:44:52 -------- d-----w- C:\Program Files\Microsoft SQL Server
2014-11-12 05:43:38 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2014-11-12 05:43:38 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-11-12 05:43:35 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Microsoft Help
2014-11-12 04:04:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll
2014-11-12 03:24:42 -------- d-----w- C:\Windows\System32\appmgmt
2014-11-12 03:13:55 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\MusicBee
2014-11-12 03:12:41 -------- d-----w- C:\Program Files (x86)\MusicBee
2014-11-12 01:37:32 -------- d-----w- C:\DriveKey
2014-11-12 01:37:19 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-11-12 01:37:19 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-11-12 01:37:19 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-11-12 01:37:19 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-11-12 01:37:18 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-11-12 01:30:02 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-11-12 01:30:01 -------- d-----w- C:\Program Files (x86)\Steam
2014-11-11 23:43:25 -------- d-----w- C:\Windows\Panther
2014-11-11 23:15:49 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\FastStone
2014-11-11 23:10:59 -------- d-----w- C:\Windows\System32\SPReview
2014-11-11 23:10:49 -------- d-----w- C:\Windows\System32\EventProviders
2014-11-11 23:08:25 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Apps
2014-11-11 23:05:59 1197056 ----a-w- C:\Windows\System32\taskschd.dll
2014-11-11 23:04:59 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2014-11-11 23:03:59 342016 ----a-w- C:\Windows\System32\apphelp.dll
2014-11-11 23:02:59 1555456 ----a-w- C:\Windows\SysWow64\certmgr.dll
2014-11-11 23:01:59 577024 ----a-w- C:\Windows\System32\AdmTmpl.dll
2014-11-11 23:00:59 475136 ----a-w- C:\Windows\System32\wlangpui.dll
2014-11-11 22:59:59 658944 ----a-w- C:\Windows\SysWow64\autofmt.exe
2014-11-11 22:58:58 279552 ----a-w- C:\Windows\System32\dxdiagn.dll
2014-11-11 22:57:59 66048 ----a-w- C:\Windows\System32\ncryptui.dll
2014-11-11 22:56:59 193536 ----a-w- C:\Windows\SysWow64\ksproxy.ax
2014-11-11 22:55:59 623104 ----a-w- C:\Windows\System32\FXSAPI.dll
2014-11-11 22:54:59 71680 ----a-w- C:\Windows\System32\CertPolEng.dll
2014-11-11 22:53:59 36352 ----a-w- C:\Windows\SysWow64\wshbth.dll
2014-11-11 22:44:15 -------- d-----w- C:\Windows\SysWow64\Adobe
2014-11-11 22:42:29 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2014-11-11 22:42:29 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2014-11-11 22:42:29 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-11-11 22:42:29 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-11-11 22:42:28 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-11-11 22:42:18 -------- d-----w- C:\Riot Games
2014-11-11 22:41:01 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\Riot Games
2014-11-11 22:37:49 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Macromedia
2014-11-11 22:35:43 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-11 22:35:43 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-11 22:34:52 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Adobe
2014-11-11 22:19:21 -------- d-----w- C:\Windows\System32\MRT
2014-11-11 22:18:50 142336 ----a-w- C:\Windows\System32\poqexec.exe
2014-11-11 22:18:50 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2014-11-11 22:07:48 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Blizzard Entertainment
2014-11-11 22:07:47 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Logitech® Webcam Software
2014-11-11 22:07:41 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\Battle.net
2014-11-11 22:07:41 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Battle.net
2014-11-11 22:07:36 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-11-11 22:07:36 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-11-11 22:07:36 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-11-11 22:05:57 -------- d-----w- C:\ProgramData\Battle.net
2014-11-11 22:05:01 53248 ----a-r- C:\Users\Pyromancer\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-11-11 22:02:55 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer
2014-11-11 21:55:16 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-11 21:39:09 -------- d-----w- C:\Windows\SysWow64\vbox
2014-11-11 21:39:09 -------- d-----w- C:\Windows\System32\vbox
2014-11-11 21:39:08 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\AVAST Software
2014-11-11 21:39:00 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-11 21:39:00 83280 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2014-11-11 21:39:00 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-11 21:39:00 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-11 21:39:00 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-11 21:39:00 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-11 21:38:59 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-11 21:38:53 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-11 21:38:42 -------- d-----w- C:\Program Files\AVAST Software
2014-11-11 21:35:32 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-11 21:35:23 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-11 21:35:23 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-11 21:35:23 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-11 21:35:23 -------- d-----w- C:\ProgramData\Malwarebytes
2014-11-11 21:35:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 21:35:09 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Programs
2014-11-11 21:34:57 -------- d-----w- C:\Program Files\Microsoft Xbox One Controller for Windows
2014-11-11 21:34:25 -------- d-----w- C:\Program Files\VideoLAN
2014-11-11 21:33:52 -------- d-----w- C:\Program Files\Ventrilo
2014-11-11 21:33:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-11-11 21:31:42 -------- d-----w- C:\Users\Pyromancer\AppData\Roaming\SUPERAntiSpyware.com
2014-11-11 21:31:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-11-11 21:31:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-11-11 21:28:32 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Logitech
2014-11-11 21:28:18 -------- d-----w- C:\Program Files\Bonjour
2014-11-11 21:28:18 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-11-11 21:28:05 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2014-11-11 21:26:03 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-11-11 21:26:03 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2014-11-11 21:26:03 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2014-11-11 21:26:00 -------- d-----w- C:\Program Files (x86)\Realtek
2014-11-11 21:24:38 94208 ----a-w- C:\Windows\System32\drivers\EtronXHCI.sys
2014-11-11 21:24:38 65408 ----a-w- C:\Windows\System32\drivers\EtronHub3.sys
2014-11-11 21:24:38 -------- d-----w- C:\Program Files (x86)\Etron Technology
2014-11-11 21:22:23 -------- d-----w- C:\ProgramData\Bigfoot Networks
2014-11-11 21:22:23 -------- d-----w- C:\Program Files\Bigfoot Networks
2014-11-11 21:21:25 -------- d-----w- C:\Users\Pyromancer\AppData\Local\Google
2014-11-11 21:21:20 -------- d-----w- C:\Program Files\CCleaner
2014-11-11 21:07:34 -------- d-----w- C:\ProgramData\AVAST Software
2014-11-11 21:01:09 -------- d-----w- C:\Users\Pyromancer\AppData\Local\ATI
2014-11-11 21:00:41 0 ----a-w- C:\Windows\ativpsrm.bin
2014-11-11 20:54:53 -------- d-----w- C:\ProgramData\AMD
2014-11-11 20:54:53 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-11-11 20:54:52 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-11-11 20:54:43 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-11-11 20:54:40 -------- d-----w- C:\Program Files\AMD
2014-11-11 20:54:32 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-11-11 20:53:44 -------- d-sh--w- C:\Windows\Installer
2014-11-11 20:53:44 -------- d-----w- C:\ProgramData\Package Cache
2014-11-11 20:53:33 -------- d-----w- C:\Program Files\ATI
2014-11-11 20:53:21 -------- d-----w- C:\Program Files\ATI Technologies
2014-11-11 20:52:48 -------- d-----w- C:\AMD
2014-10-22 19:05:36 5680856 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-10-22 19:05:36 5382328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-10-22 19:05:36 26366648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-10-22 19:01:38 3643576 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-10-22 19:01:20 7764184 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-10-22 19:01:20 7538872 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-10-22 19:01:20 654512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-10-22 19:01:20 36816576 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
.
==================== Find3M  ====================
.
2014-11-12 13:56:51 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-11 23:15:26 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-11-11 23:15:26 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-11-11 22:57:19 17136816 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-15 23:21:34 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2014-09-15 23:19:58 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2014-09-15 22:32:04 128384 ----a-w- C:\Windows\System32\amdhcp64.dll
2014-09-15 22:32:04 118096 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:50 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
2014-09-15 22:31:48 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:46 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
2014-09-15 22:31:44 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:42 1335544 ----a-w- C:\Windows\System32\aticfx64.dll
2014-09-15 22:31:40 1113576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2014-09-15 22:31:34 10826488 ----a-w- C:\Windows\System32\atidxx64.dll
2014-09-15 22:31:30 9254184 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2014-09-15 22:31:22 7207592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2014-09-15 22:31:06 8044976 ----a-w- C:\Windows\System32\atiumd6a.dll
2014-09-15 22:31:02 8296296 ----a-w- C:\Windows\System32\atiumd64.dll
2014-09-15 22:29:04 293088 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58 16750080 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
2014-09-15 22:18:02 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2014-09-15 22:18:02 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2014-09-15 22:18:02 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2014-09-15 22:18:02 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2014-09-15 22:18:00 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2014-09-15 22:17:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2014-09-15 22:17:56 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54 33867264 ----a-w- C:\Windows\System32\amdocl64.dll
2014-09-15 22:17:04 28770304 ----a-w- C:\Windows\SysWow64\amdocl.dll
2014-09-15 22:16:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
2014-09-15 22:16:18 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-09-15 22:13:24 27918336 ----a-w- C:\Windows\System32\atio6axx.dll
2014-09-15 22:09:38 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
2014-09-15 22:09:36 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10 127488 ----a-w- C:\Windows\System32\mantle64.dll
2014-09-15 22:09:04 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
2014-09-15 22:09:00 5639168 ----a-w- C:\Windows\System32\amdmantle64.dll
2014-09-15 22:08:08 23375360 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2014-09-15 22:07:48 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
2014-09-15 22:07:46 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2014-09-15 22:07:44 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2014-09-15 22:07:42 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2014-09-15 22:06:46 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52 4480000 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:28 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2014-09-15 22:03:26 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2014-09-15 22:03:24 619008 ----a-w- C:\Windows\System32\atieclxx.exe
2014-09-15 22:03:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2014-09-15 22:03:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
2014-09-15 22:03:08 85504 ----a-w- C:\Windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2014-09-15 22:00:04 95744 ----a-w- C:\Windows\System32\amdave64.dll
2014-09-15 22:00:00 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2014-09-15 21:59:50 89088 ----a-w- C:\Windows\System32\atisamu64.dll
.
============= FINISH: 21:26:27.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:23 AM

Posted 22 November 2014 - 07:22 PM

If you still have logs from the tools that you have run, please attach them.

then please do the following:

Please download the Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)

Note: Wait for the direct download to begin, do not click on anything else on the page.

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (Addition.txt).
Please attach that to your reply as well


NEXT

Download Malwarebytes Anti-Rootkit (MBAR) from the following link and save it to your desktop.

http://downloads.malwarebytes.org/file/mbar

**Next, exit Malwarebytes Anti-Malware ( MBAM ) if it is running. You can do so via the notification area icon near the clock. Right click on the MBAM icon, and select Exit.**

Next...Double click on the MBAR file you downloaded.
Approve the UAC prompt in Vista and newer operating systems.
Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
After reading the Introduction, click 'Next' if you agree.
On the Update Database screen, click on the 'Update' button.
Once you see 'Success: Database was successfully updated' click on 'Next'.
Click the 'Scan' button.

A.With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2014-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt


Edited by CatByte, 22 November 2014 - 07:24 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Pyromancer56

Pyromancer56
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 22 November 2014 - 08:34 PM

I've included a log from a ComboFix scan I did before posting on the forum.

Attached Files



#4 Pyromancer56

Pyromancer56
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 23 November 2014 - 09:28 AM

So I found the issue. I'm just an idiot that should use Chrome more often. The source of the audio was the chat on groupees. Sorry for wasting your time.



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:23 AM

Posted 23 November 2014 - 12:59 PM

No worries, I'm glad to know you found the source. At least the PC got a good check up and you know it's as clean as a whistle.

It's always best to do a thorough check as a nasty rootkit can cause very similar symptoms to what you described, so now your mind is at ease that it's just Chrome and nothing more sinister.

Right click and delete all the tools and logs you ran except ComboFix

Press the WinKey +R to open a run box and type in "ComboFix /uninstall" (without the quotes) to remove it, then you should be good to go.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Pyromancer56

Pyromancer56
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:23 AM

Posted 24 November 2014 - 04:07 PM

Deleted all tools and successfully uninstalled ComboFix. Thanks for your help  :thumbup2:



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:23 AM

Posted 26 November 2014 - 10:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users