Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Name Not Available" listed in sound mixer. Reported as root-kit or adware.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Riplyn

Riplyn

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 18 June 2015 - 01:49 AM

Yesterday after installing a new alpha game, "Burstfire" I noticed that in my volume mixer, which I use frequently, were two new entries labeled "Name Not Available". I thought it was just some weird windows thing, and that eventually it would realize I had already closed the game, and disappear. Today I saw it again, so I looked up the issue. I got no results other than those relating to malware. So I immediately started sweating. I rarely get malware. In fact, the only other experience I've had before this is with my old computer, which I thought has malware, but it just turned out to be what Bitdefender called a "Detection Error". So you could call me a newb with dealing with these kinds of things. I always take great care when browsing, as I realize the vastness of the internet, and its many dark crevices hidden in plain sight.

So, as one might expect, I started virus scans. As I mentioned, I use Bitdefender Antivirus. As of now, it has scanned 4.7 million items, and is 48% finished. It has been going for about 5 hours. I also used Emsisoft Anti-Malware, and Malware Bytes as well. Both of those came up with nothing. I have also noticed that Piriform's CCleaner (which I have used recently) is crashing a lot. Additionally, the computer is generally slower, and freezes on right clicks sometimes. The taskbar icons also flash white occasionally. All of this may be because I was running Bitdefender in the background, and it is intensive when scanning. Many people report ads playing in the background when they have this virus. I have had no such experience. I have also not restarted my computer since I noticed it. I am slightly afraid to do so haha. It may be important to note there is an add on in IE11 under the Not Available Category called: {25510184-5A38-4A99-B273-DCA8EEF6CD08} There is no other identifiable characteristic, the more info screen shows nothing helpful. Research on it yielded nothing but seemingly random appearances in people's logs with no connecting factors. I haven't even launched IE11 in months, so if this is the cause of the virus, I'm baffled. THANK YOU in advance! :)

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Dr. Webb Office (administrator) on AIRSAIL on 17-06-2015 23:46:55
Running from C:\Users\Dr. Webb Office\Desktop
Loaded Profiles: Dr. Webb Office (Available Profiles: Dr. Webb Office)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Flux Software LLC) C:\Users\Dr. Webb Office\AppData\Local\FluxSoftware\Flux\flux.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\odscanui.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-10-15] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-10-15] (Saitek)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-19] (Bitdefender)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-10-23] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenHelper.exe [1599808 2015-02-02] (Razer Inc)
HKLM-x32\...\Run: [PlayClaw] => C:\Program Files (x86)\Steam\steamapps\common\PlayClaw\PlayClawLauncher.exe [417392 2014-09-18] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-206340440-336403946-3887997364-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-10] (Bitdefender)
HKU\S-1-5-21-206340440-336403946-3887997364-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-206340440-336403946-3887997364-1001\...\Run: [Google Update] => C:\Users\Dr. Webb Office\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-27] (Google Inc.)
HKU\S-1-5-21-206340440-336403946-3887997364-1001\...\Run: [f.lux] => C:\Users\Dr. Webb Office\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-206340440-336403946-3887997364-1001\...\MountPoints2: {345d34e1-52fd-11e4-bf3b-78e3b5baf0b2} - "L:\VerizonSWUpgradeAssistantLauncher.exe" 
HKU\S-1-5-21-206340440-336403946-3887997364-1001\...\MountPoints2: {4d7b2715-2709-11e4-bf2a-78e3b5baf0b2} - "K:\MotorolaDeviceManagerSetup.exe" -a
Startup: C:\Users\Dr. Webb Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-08-25]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Dr. Webb Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dr. Webb Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-206340440-336403946-3887997364-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-10] (Bitdefender)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-13] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-13] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-10] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-13] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-13] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-10] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-10] (Bitdefender)
DPF: HKLM-x32 {03A89EFD-E023-A200-A22D-45F77558EB4C} http://connect.galactek.com/download/AXCltInstall.dll
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dr. Webb Office\AppData\Roaming\Mozilla\Firefox\Profiles\1lct7eng.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-206340440-336403946-3887997364-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dr. Webb Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-206340440-336403946-3887997364-1001: @talk.google.com/O1DPlugin -> C:\Users\Dr. Webb Office\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-206340440-336403946-3887997364-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dr. Webb Office\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-206340440-336403946-3887997364-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dr. Webb Office\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-206340440-336403946-3887997364-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Dr. Webb Office\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dr. Webb Office\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-24]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RuneScape) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjblpfpopipimofkhbglcoeknpnfijj [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-16]
CHR Extension: (YouTube) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Conway's Game of Life in 3D) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddbblfgfhlnmilaekooaaggjodpliakh [2014-09-17]
CHR Extension: (AdBlock) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-31]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-12-08]
CHR Extension: (AirDroid) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2014-09-17]
CHR Extension: (SparkChess 8) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-09-17]
CHR Extension: (Sand 2) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn [2014-09-17]
CHR Extension: (Until AM Web App) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2014-09-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-14]
CHR Extension: (Falling Sand Game) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo [2014-09-17]
CHR Extension: (Gmail) - C:\Users\Dr. Webb Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-08-25] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-10] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [235744 2015-04-16] (EasyAntiCheat Ltd)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-10-25] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Sandboxie Holdings, LLC)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [309760 2011-10-23] (IDT, Inc.) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-19] (Bitdefender)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-08-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-05] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-10] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-10] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-10] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-03-19] (BitDefender LLC)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SaiK0CD0; C:\Windows\system32\DRIVERS\SaiK0CD0.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [24680 2012-10-15] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52200 2012-10-15] (Saitek)
R3 SaiU0CD0; C:\Windows\System32\drivers\SaiU0CD0.sys [47168 2012-09-20] (Saitek)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Sandboxie Holdings, LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
S3 vzandnetadb; C:\Windows\System32\Drivers\lgvzandnetadb.sys [31744 2014-06-19] (Google Inc)
S3 vzandnetbus; C:\Windows\System32\drivers\lgvzandnetbus64.sys [24576 2014-05-27] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys [29696 2014-05-27] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-05-27] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys [94208 2014-05-26] (LG Electronics Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Steam\steamapps\common\PlayClaw\WinRing0x64.sys [14544 2014-08-18] (OpenLibSys.org)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-08-14] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 23:46 - 2015-06-17 23:47 - 00000000 ____D C:\FRST
2015-06-17 23:46 - 2015-06-17 23:46 - 00024755 _____ C:\Users\Dr. Webb Office\Desktop\FRST.txt
2015-06-17 23:45 - 2015-06-17 23:45 - 02109952 _____ (Farbar) C:\Users\Dr. Webb Office\Desktop\FRST64.exe
2015-06-17 23:26 - 2015-06-17 23:27 - 00304190 _____ C:\Users\Dr. Webb Office\Desktop\cc_20150617_232630.reg
2015-06-17 23:24 - 2015-06-17 23:24 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Temp
2015-06-17 21:40 - 2015-06-17 21:40 - 00000034 _____ C:\WINDOWS\system32\STOOLSubmit.ret
2015-06-17 21:23 - 2015-06-17 21:23 - 00000000 ____D C:\ProgramData\Dumps
2015-06-17 20:35 - 2015-06-17 20:35 - 00003962 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9818B297-1538-4690-9BA3-F16206B440F3}
2015-06-16 21:07 - 2015-06-16 21:07 - 00000000 ____D C:\Users\Dr. Webb Office\Documents\FreeReign
2015-06-16 21:07 - 2015-06-16 21:07 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\FreeReign
2015-06-16 00:58 - 2014-11-08 13:06 - 00029856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-06-16 00:58 - 2014-11-08 13:06 - 00027808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-06-16 00:54 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-16 00:54 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-16 00:54 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-16 00:54 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-16 00:54 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-16 00:54 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-16 00:54 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-16 00:54 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-16 00:54 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-16 00:53 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-16 00:53 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-16 00:53 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-16 00:53 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-16 00:53 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-16 00:53 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-16 00:53 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-16 00:53 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-16 00:53 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-16 00:53 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-16 00:53 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-16 00:53 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-16 00:53 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-16 00:53 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-16 00:53 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-16 00:53 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-16 00:53 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-16 00:53 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-16 00:53 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-16 00:53 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-16 00:53 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-16 00:53 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-16 00:53 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-16 00:53 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-16 00:53 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-16 00:53 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-16 00:53 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-16 00:53 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-16 00:53 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-16 00:53 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-16 00:53 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-16 00:53 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-16 00:53 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-16 00:53 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-16 00:53 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-16 00:53 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-16 00:53 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-16 00:53 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-16 00:53 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-16 00:53 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-16 00:53 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-16 00:53 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-16 00:53 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-16 00:53 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-16 00:53 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-16 00:53 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-16 00:53 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-16 00:53 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-16 00:53 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-16 00:53 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-16 00:53 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-16 00:53 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-16 00:53 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-16 00:53 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-16 00:53 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-16 00:53 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-16 00:53 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-14 13:26 - 2015-06-14 18:41 - 00000000 ____D C:\Users\Dr. Webb Office\Documents\Witcher 2
2015-06-14 13:26 - 2015-06-14 13:26 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\The Witcher 2
2015-06-12 00:25 - 2015-06-12 00:25 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\com.playsaurus.heroclicker
2015-06-07 12:41 - 2015-06-07 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
2015-06-05 23:36 - 2015-06-05 23:36 - 00003044 _____ C:\WINDOWS\System32\Tasks\RTSS
2015-06-05 18:38 - 2015-06-05 18:38 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\Fallout
2015-06-04 14:44 - 2015-06-04 14:44 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\GWX
2015-05-20 22:27 - 2015-05-20 22:28 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-05-20 22:27 - 2015-05-20 22:27 - 00000975 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-05-20 22:27 - 2015-05-20 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-05-20 19:33 - 2015-05-20 19:33 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-05-20 19:33 - 2015-05-20 19:33 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\FluxSoftware
2015-05-19 16:24 - 2015-05-19 16:29 - 00000000 ____D C:\Users\Dr. Webb Office\Desktop\Data
2015-05-19 00:58 - 2015-05-19 00:58 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2015-05-19 00:58 - 2015-05-19 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2015-05-19 00:58 - 2015-05-19 00:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 23:48 - 2014-10-03 16:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-17 23:34 - 2014-11-30 20:15 - 01878093 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-17 23:14 - 2013-01-16 19:03 - 00000000 ____D C:\Users\Public\Symantec
2015-06-17 23:05 - 2013-04-05 13:09 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-206340440-336403946-3887997364-1001
2015-06-17 23:02 - 2014-08-27 17:37 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-17 22:57 - 2014-08-28 22:31 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-206340440-336403946-3887997364-1001UA.job
2015-06-17 22:46 - 2015-05-14 00:26 - 00000000 ____D C:\Users\Dr. Webb Office\Documents\AART
2015-06-17 22:14 - 2014-08-14 18:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-17 22:07 - 2013-04-12 09:03 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\CrashDumps
2015-06-17 22:07 - 2013-01-16 19:02 - 00000000 ____D C:\ProgramData\Norton
2015-06-17 21:59 - 2015-05-13 04:35 - 00000000 ____D C:\ProgramData\Corel
2015-06-17 21:25 - 2014-12-24 14:24 - 00000000 ____D C:\ProgramData\BDLogging
2015-06-17 21:10 - 2015-02-02 20:55 - 00001808 _____ C:\WINDOWS\Sandboxie.ini
2015-06-17 20:39 - 2014-08-14 18:54 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\Google
2015-06-17 20:38 - 2014-08-14 18:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-17 20:28 - 2014-08-18 15:04 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\TS3Client
2015-06-17 20:22 - 2014-08-20 11:42 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-17 20:17 - 2014-09-08 13:42 - 00000000 ____D C:\Users\Dr. Webb Office\Documents\My Games
2015-06-17 13:50 - 2015-04-30 01:22 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\Raptr
2015-06-17 10:02 - 2014-08-27 17:37 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 02:57 - 2014-08-28 22:31 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-206340440-336403946-3887997364-1001Core.job
2015-06-16 05:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-16 01:56 - 2014-11-14 16:38 - 00000000 __SHD C:\Users\Dr. Webb Office\AppData\Local\EmieBrowserModeList
2015-06-16 01:56 - 2014-08-14 17:51 - 00000000 __SHD C:\Users\Dr. Webb Office\AppData\Local\EmieUserList
2015-06-16 01:56 - 2014-08-14 17:51 - 00000000 __SHD C:\Users\Dr. Webb Office\AppData\Local\EmieSiteList
2015-06-16 01:56 - 2013-04-05 14:44 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\Adobe
2015-06-16 01:53 - 2014-10-03 16:18 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-16 01:50 - 2014-08-14 17:41 - 00000000 ___DO C:\Users\Dr. Webb Office\OneDrive
2015-06-16 01:49 - 2015-02-13 00:06 - 00014966 _____ C:\WINDOWS\setupact.log
2015-06-16 01:49 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-16 01:48 - 2013-08-22 10:44 - 00427344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-16 01:47 - 2015-02-13 00:04 - 00028770 _____ C:\WINDOWS\PFRO.log
2015-06-16 01:47 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-06-16 01:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-16 01:45 - 2013-04-05 13:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-16 01:44 - 2013-09-21 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-16 01:37 - 2013-04-05 13:51 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-16 01:37 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-15 19:27 - 2015-05-02 17:58 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2015-06-14 18:44 - 2014-10-04 17:25 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-06-14 18:44 - 2014-08-14 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-06-14 14:24 - 2015-02-15 12:39 - 00133577 _____ C:\WINDOWS\DirectX.log
2015-06-13 21:25 - 2014-10-25 13:10 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\vlc
2015-06-13 14:31 - 2015-01-11 04:29 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-13 14:31 - 2014-08-18 15:47 - 00000000 ____D C:\ProgramData\Oracle
2015-06-13 14:30 - 2014-10-12 16:00 - 00000000 ____D C:\Program Files\Java
2015-06-13 14:29 - 2015-01-11 04:29 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-13 14:29 - 2014-10-17 14:25 - 00319584 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-06-13 14:29 - 2014-10-17 14:24 - 00206944 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-06-13 14:29 - 2014-10-17 14:24 - 00206432 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-06-13 14:29 - 2014-10-17 14:24 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-13 14:21 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-08 22:35 - 2013-04-05 14:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-08 22:27 - 2014-09-20 14:41 - 00000000 ____D C:\Users\Dr. Webb Office\Documents\Nexus Mod Manager
2015-06-07 00:33 - 2014-08-19 09:28 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\wf-launcher
2015-06-06 23:52 - 2014-08-19 09:28 - 00000000 ____D C:\ProgramData\GFACE
2015-06-04 15:45 - 2014-09-11 20:33 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\SpaceEngineers
2015-06-04 14:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-03 18:47 - 2015-05-02 23:12 - 00003040 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2015-06-03 18:45 - 2014-08-14 19:31 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\OBS
2015-06-03 18:39 - 2015-05-12 20:56 - 00000000 ____D C:\Users\Dr. Webb Office\.VirtualBox
2015-06-03 12:18 - 2015-05-16 23:15 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2015-05-16 23:15 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-22 20:09 - 2014-08-18 15:04 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\TeamSpeak 3 Client
2015-05-20 22:29 - 2014-08-18 15:48 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Roaming\.minecraft
2015-05-20 21:17 - 2014-03-18 06:03 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-20 01:19 - 2015-05-16 23:05 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 01:19 - 2015-05-16 23:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-19 15:18 - 2015-05-02 17:57 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-05-19 01:14 - 2014-11-02 23:51 - 00000000 ____D C:\Users\Dr. Webb Office\AppData\Local\FOMM
2015-05-19 00:43 - 2015-04-30 01:22 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-18 02:52 - 2014-08-28 22:31 - 00003930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-206340440-336403946-3887997364-1001UA
2015-05-18 02:52 - 2014-08-28 22:31 - 00003550 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-206340440-336403946-3887997364-1001Core
 
==================== Files in the root of some directories =======
 
2014-08-13 13:53 - 2014-08-13 13:53 - 0000239 _____ () C:\Users\Dr. Webb Office\AppData\Local\poetsch.bat
2014-08-14 16:37 - 2014-08-19 22:01 - 0007602 _____ () C:\Users\Dr. Webb Office\AppData\Local\resmon.resmoncfg
2014-12-24 14:25 - 2014-12-24 14:25 - 0626426 _____ () C:\ProgramData\1419445105.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\Dr. Webb Office\AppData\Local\Temp\0KrakenDevProps.dll
C:\Users\Dr. Webb Office\AppData\Local\Temp\1871KrakenDevProps.dll
C:\Users\Dr. Webb Office\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\Nexus Mod Manager-0.54.10.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\raptrpatch.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\raptr_stub.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\utils.dll
C:\Users\Dr. Webb Office\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Dr. Webb Office\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-16 04:12
 
==================== End of log ============================

Attached Files


Edited by Riplyn, 18 June 2015 - 02:07 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 18 June 2015 - 09:40 AM

Hi, my name is Elise and I'll assist you with this problem.
 
Lets first do a rootkit scan here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 18 June 2015 - 11:46 AM

I followed the instructions given. Without changing parameters, I scanned. The scan did not find anything. It also did not create a log. Was it only going to create a file if it found something? Also, note that the entries in sound mixer are mysteriously gone, disappeared overnight. Overnight I reran Malware Bytes to scan all of C drive, still nothing.



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 18 June 2015 - 12:03 PM

It is strange, but there is no evidence of any infection in your FRST log eitehr. If Bitdefender, Emsisoft, MBAM and TDSSkiller all came back clean I really don't think this is a rootkit. The infection that had these symptoms was quite old and usually had a patched volsnap.sys file (this was checked by FRST and found clean, TDSSkiller also checks this file).

I'd advice you to use the computer for a few days and monitor the sound mixer for strange entries.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 18 June 2015 - 12:11 PM

I understand. Three questions:

 

1) Can you explain what you meant by volsnap.sys file?

2) I read online that is is caused by a trojan existing on the system. Can we be sure there is no trojan here?

3) Relating to the previous question, are you sure that no malware of any kind exists on the system?

 

I try to be as careful as I can, as I value my computer, and know how much damage malware can do. I ask so many questions simply because I see this relates to harmful infections others have reported, and I want to be 100% sure. If after say 2 more days nothing shows up in sound mixer, is it possible it went into hibernation or something of the sort? Sadly, I do not know as much about how malware works as I probably should. If it is easy to explain in simple text, may I ask what you guys look for in the logs? I am quite curious.



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 18 June 2015 - 02:40 PM

Volsnap.sys is a sound related driver used by Windows. An older version of the ZeroAccess rootkit patched this to exhibit malicious activity, this caused the "name not available" device to show up in the sound mixer and caused random audio ads (that is really in a nutshell). The volsnap.sys file is checked by both FRST and tdsskiller to see if it is patched or not and on both scans came back clean.

I think the above also answers the second question. :)

Both rootkit and normal scans show no malware at all on your system. So yes, I'm pretty sure there is no malware on your computer. :) Do you have any problems left at this point that would point at infection (extreme slowness, pop ups, browser redirections and so on)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 18 June 2015 - 03:39 PM

No problems that would point to infection at this point, although I would still like to monitor it for a couple days and keep this open for that duration if you don't mind :) I have no idea why it "disappeared" and that makes me worried. Do you have any idea why it would be there for 2 days then disappear? BTW thank you for helping me, my lack of experience with dealing with viruses leads to my being rather paranoid about it haha. I really appreciate it!



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 19 June 2015 - 01:32 AM

Sorry, I can't answer that for you, but it sure seems strange. Of course we cna keep this open for a few more days. 

 

Any chance you can reinstall the game, just to see if that caused it?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2015 - 04:33 AM

I have an update: I was playing a game called warthunder, and when I force closed the task by right clicking on the icon in the taskbar, the program was still listed in the sound mixer. After I restarted the sound mixer it was listed as "Sound not Available". I did this again and ended up with three of them simultaneously in the sound mixer. I ran FRST and TDSKiller again, but they came up with nothing. What do you think?  I have never known windows to put sound not available in the sound mixer. Restarting the computer makes it go away.



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 05 July 2015 - 04:45 AM

That is normal, its likely an issue with Windows or the game not updating the description. In this case this is legitimate behavior and no reason for concern.

 

Do you have any other question or problem with your computer?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2015 - 11:00 AM

Thank you. My only concern regarding the topic is that nothing has come up with Google searches relating some cases of name not available to a Windows issue. On another note, I recently brough my pc to a friend's house, and am using his 1080p monitor. I noticed my boot time is significantly increased. After it dispays the hp splash, it goes to a black screen for about 5 minutes. This never happened before, but I suspect it relates to thr slightly increased monitor resolution. You agree?

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 05 July 2015 - 03:54 PM

Yes, to test if thats the case, you can try to reboot in safe mode and see if the loading time is increased there as well (it should be a lot faster).


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2015 - 02:29 AM

Okay, thank you. Although you have concluded this is almost definitely not a virus, rootkit, or anything malware related, I am still unconvinced. I looked online at a techspot professional help forum post of someone who had name not available (again he hears ads I don't), and he said that no scans he ran detected it. I have also never seen this elsewhere listed as a windows bug, and neither myself or anyone I know has every experienced it. This leads me to believe it is something other than an issue with windows not updating the name. I am going to be switching over to windows 10 when it comes out, and I will most likely to a system re-install at that time, but before then, is there anything else that can be done to remove this from happening? Every time I see it in the sound mixer I get nervous. For example, right now there are two instances of it, and I did not force quit anything. They just seem to pop up randomly. Thank you.



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,205 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:36 PM

Posted 06 July 2015 - 12:44 PM

I'm not concluding this is "almost definitely" not malware, I'm 100 % convinced of it, for what that is worth to you. :)
 
You need to understand that the malware that made "name not available" show up, did not specifically target the sound mixer, this was merely a symptom. We use symptoms to diagnose malware in as such that we get an idea of where to start looking; it is NOT a sign that an infection "must" be present. I can however assure you that there is absolutely nothing malicious going on on your computer.

Please read the following advice on how to prevent reinfecting your PC:
  • Install and update the following programs regularly:
  • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
    A comprehensive tutorial and a list of possible firewalls can be found here.
  • an AntiVirus Software
    It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
    Some more links you might find of interest:Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Riplyn

Riplyn
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 15 July 2015 - 05:52 PM

Thank you, it is worth it to me haha. I found this forum post on malware bytes: https://forums.malwarebytes.org/index.php?/topic/145422-name-not-available-in-audio-mixer-please-help/page-1

 

 

This person has almost the exact same issue I have it seems. I also found out today that the sound not available entries go away when I close the "windows audio device graph isolation" and "kraken sys audio launcher". If you could provide any other assistance I would appreciate it. I want to get to the bottom of why this is occurring.


Edited by Riplyn, 15 July 2015 - 05:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users