Resolved Random audio PC infection?

Status
Not open for further replies.

moridar

Posts: 6   +0
Hi,

My PC plays random audio clips at random times. I know what you are thinking, "Just look for a process that only appears when it plays" Yeah, doesn't happen. I have ended all but essential processes and it still plays.

From the research I have done, it seems like a Backdoor Virus/Trojan. I would love to get rid of this ASAP.

It appears in the volume mixer as "Name not Available" all the time, whether it is playing audio or not. I ran ComboFix once, and after it made the log the audio disappeared from the mixer, but upon restart returned.

Already scanned with AVG and Windows Security System, I will do anything to get rid of this! I do know about computers, so you don't need to baby me.

Thanks!

Tyler
 
Welcome to TechSpot! I'll help check the system.

Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

The thread to run these scans appears above the forum. It's next to another sticky that says "Don't run Combofix on your own."
===================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
 
Preliminary Scans

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tyler :: TYLER-LAPTOP [administrator]

Protection: Disabled

2/11/2012 10:42:17 PM
mbam-log-2012-02-11 (22-42-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201536
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

...and the GMER log...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-11 23:00:03
Windows 6.1.7601 Service Pack 1
Running: t93up4is.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4212c946
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4212c946 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
 
Also

DDS link led me to a blank page. Tried downloading it elsewhere, same result.

--EDIT--

--UPDATE--

I believe this torrent to be the problem: Edit: Link has been deleted- possibly malware bundled
I restarted my computer after installing this and that is when the problem started. I thought I used this same one before, but it was a different one. Trojan in the "SR8" folder if you do download it, but you have to run it first, so it won't just infect your pc automatically. Anyway, it could also be the Keygen, and I usually just 7zip to find the .txt file it pulls from, but I didnt have 7zip at the moment and I was in a rush. So I hope that helps, maybe we can diagnose where it went faster then?


--FINAL UPDATE--
The link was not a download link, but ok. Anyway, upon experimentation with msconfig, I located the service responsible for the audio files. Here is the information:

Name: Adobe Licensing Console Manufacturer: Unknown

I found this as well upon googling "Adobe Licensing Console":

Adobe Licensing Console
Filename(s): mrvcl32.exe, msvfd32.exe
Description: Added by an unidentify malware Win32/Tracur variant.
Located in \%Windir%\%System%\
Filename is (Existing fileName) ending with 32 as seen above.

I hope this helps, I would like to get rid of this though, so if we could continue diagnosing my notebook that would be great. If you would like to do this for yourself, you could go to demonoid.me and search "Rhino SR8" and click on the second link. You will have to filter by applications. Anyway, thanks for your help!
 
The DDS link is good, but malware may be preventing the download of the 'scr file extension.

Try this: Please download this file: xp_scr_fix

Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

You should then be able to run DDS.scr. It's the .scr file extension causing the problem.
=========================================
When finished with DDS, go ahead with the following:

I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Please include the following logs in your next post(s):
2 logs from DDS
Combofix
Eset scan
CK scan
 
No DDS again But...

Once again, DDS led me to the about:blank page. However, it looks like combofix was able to catch and remove something. here are the logs.


ComboFix 12-02-12.01 - Tyler 02/12/2012 17:36:05.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6456 [GMT -8:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 01:39 . 2012-02-13 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 01:17 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B135F23-8E20-4FF3-B6DC-DBCFAC7A6FCD}\mpengine.dll
2012-02-12 22:03 . 2012-02-12 22:13 -------- d-----w- c:\windows\SysWow64\NV
2012-02-12 22:03 . 2012-02-12 22:13 -------- d-----w- c:\windows\system32\NV
2012-02-12 22:02 . 2012-02-12 22:02 -------- d-----w- c:\users\UpdatusUser
2012-02-12 22:01 . 2012-01-26 11:48 6063936 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-12 22:01 . 2012-01-26 11:40 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-12 22:01 . 2012-01-26 11:37 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-02-12 22:01 . 2012-01-26 11:37 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-12 22:01 . 2012-01-26 11:37 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-12 22:01 . 2012-01-26 11:37 849728 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-02-12 22:01 . 2012-01-26 11:37 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-12 22:01 . 2012-01-26 11:37 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-12 22:01 . 2012-01-26 11:35 2477468 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-12 22:01 . 2012-02-12 22:01 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-02-12 21:44 . 2012-02-12 21:45 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-02-12 19:33 . 2012-02-12 20:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-12 19:33 . 2012-02-12 19:33 -------- d-----w- c:\programdata\LogiShrd
2012-02-12 19:33 . 2012-02-12 19:33 -------- d-----w- c:\program files\Logitech Gaming Software
2012-02-12 06:35 . 2012-02-12 06:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 06:35 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-12 01:23 . 2012-02-12 01:23 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 00:21 . 2012-02-12 00:23 -------- d-----w- c:\program files (x86)\BHODemon 2
2012-02-11 03:21 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2012-02-11 02:03 . 2012-02-11 02:03 -------- d--h--w- c:\programdata\Common Files
2012-02-11 02:03 . 2012-02-12 03:02 -------- d-----w- c:\program files (x86)\AVG
2012-02-11 02:01 . 2012-02-11 03:40 -------- d-----w- c:\programdata\MFAData
2012-02-11 01:53 . 2012-02-11 01:53 -------- d-----w- c:\programdata\Ableton
2012-02-11 00:19 . 2012-02-11 00:19 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-10 23:41 . 2012-02-10 23:41 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-02-10 23:40 . 2012-02-10 23:40 2 --shatr- c:\windows\winstart.bat
2012-02-10 23:39 . 2012-02-10 23:39 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-02-10 23:37 . 2012-02-10 23:37 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-10 23:36 . 2012-02-10 23:35 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{748F7B66-D130-455A-BAF5-DFEA54450D24}\gapaengine.dll
2012-02-10 23:36 . 2012-02-09 23:59 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 23:36 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 22:00 . 2007-04-02 09:16 2916438 ----a-w- c:\windows\SysWow64\rcm.dll
2012-02-10 22:00 . 2007-04-02 09:16 2777088 ----a-w- c:\windows\SysWow64\rhrdk.10.v40.dll
2012-02-10 22:00 . 2007-04-02 09:16 196608 ----a-w- c:\windows\SysWow64\BongoSDK.10.v40.dll
2012-02-10 22:00 . 2007-04-02 09:16 192512 ----a-w- c:\windows\SysWow64\BongoSDK.dll
2012-02-10 22:00 . 2012-02-10 22:00 -------- d-----w- c:\program files (x86)\Common Files\InstallShield Shared
2012-02-10 21:59 . 2012-02-10 22:00 -------- d-----w- c:\program files (x86)\ASGvis
2012-02-10 21:56 . 2012-02-12 08:17 -------- d-----w- c:\program files (x86)\Common Files\McNeel Shared
2012-02-10 21:56 . 2012-02-10 22:01 -------- d-----w- c:\programdata\McNeel
2012-02-10 20:41 . 2012-02-10 20:48 -------- d-----w- C:\NVIDIA
2012-02-10 16:27 . 2012-02-10 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-02-10 16:26 . 2012-02-10 16:26 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-02-10 16:26 . 2012-02-10 16:26 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-02-10 06:55 . 2012-02-10 06:55 -------- d-----w- c:\programdata\WEngineLite
2012-02-10 06:39 . 2012-02-10 06:39 -------- d-----w- c:\program files\SAMSUNG
2012-02-10 06:39 . 2012-02-10 06:39 -------- d-----w- c:\programdata\Samsung
2012-02-10 06:35 . 2012-02-10 06:57 -------- d-----w- c:\program files (x86)\Samsung
2012-02-10 06:12 . 2012-02-10 06:58 -------- d-----w- c:\windows\SysWow64\Samsung_USB_Drivers
2012-02-10 05:09 . 2011-10-24 22:28 176128 ----a-w- c:\windows\system32\QTCF.dll
2012-02-10 02:59 . 2012-02-10 02:59 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-02-10 02:28 . 2012-02-10 02:28 -------- d-----w- c:\program files\Paint.NET
2012-02-10 02:16 . 2012-02-10 02:16 -------- d-----w- c:\programdata\Psicraft
2012-02-10 02:16 . 2012-02-10 02:16 -------- d-----w- c:\program files (x86)\Psicraft
2012-02-10 02:03 . 2012-01-10 13:52 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2012-02-10 02:02 . 2012-02-10 02:02 -------- d-----w- c:\program files (x86)\Ableton
2012-02-10 01:36 . 2012-02-10 01:36 -------- d-----w- c:\program files (x86)\InfraRecorder
2012-02-10 01:25 . 2012-02-10 01:25 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-10 01:25 . 2012-02-10 01:34 -------- d-----w- c:\program files (x86)\FXpansion
2012-02-10 01:25 . 2012-02-10 01:25 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-02-10 01:25 . 2012-02-10 01:25 -------- d-----w- c:\windows\PCHEALTH
2012-02-10 01:24 . 2012-02-10 01:24 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-10 01:24 . 2012-02-10 01:24 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-02-10 01:24 . 2012-02-11 00:29 -------- d-----w- c:\programdata\Microsoft Help
2012-02-10 01:24 . 2012-02-10 01:24 -------- d-----r- C:\MSOCache
2012-02-10 01:21 . 2012-02-10 01:21 -------- d-----w- c:\program files (x86)\MagicISO
2012-02-10 01:12 . 2009-02-25 02:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-02-10 01:12 . 2009-02-25 02:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-02-10 01:12 . 2012-02-10 01:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-02-10 00:47 . 2012-02-10 00:48 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-02-10 00:47 . 2012-02-10 00:47 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-02-10 00:47 . 2012-02-10 00:47 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-10 00:47 . 2012-02-10 00:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-02-10 00:47 . 2012-02-10 00:47 -------- d-----w- c:\program files (x86)\QuickTime
2012-02-10 00:47 . 2012-02-10 00:47 -------- d-----w- c:\program files (x86)\Notepad++
2012-02-10 00:43 . 2012-02-10 00:43 -------- dc-h--w- c:\programdata\{27121758-C954-4F81-BEF2-EB60BDCAF657}
2012-02-10 00:43 . 2012-02-10 00:43 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-02-10 00:43 . 2012-02-10 00:43 -------- d-----w- c:\programdata\Native Instruments
2012-02-10 00:43 . 2012-02-10 00:43 -------- d-----w- c:\program files\Native Instruments
2012-02-10 00:43 . 2012-02-10 00:43 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2012-02-10 00:39 . 2012-02-10 00:39 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-02-10 00:39 . 2012-02-10 01:34 -------- d-----w- c:\program files (x86)\VstPlugins
2012-02-10 00:39 . 2012-01-10 13:52 368640 ----a-w- c:\windows\SysWow64\rewire.dll
2012-02-10 00:39 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-02-10 00:39 . 2012-02-10 00:39 -------- d-----w- c:\program files (x86)\Outsim
2012-02-10 00:38 . 2012-02-10 00:38 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-02-10 00:38 . 2012-02-12 22:08 -------- d-----w- c:\program files (x86)\Image-Line
2012-02-10 00:37 . 2012-02-10 00:37 689495 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-02-10 00:24 . 2012-02-10 00:24 -------- d-----w- c:\program files (x86)\MixVibes
2012-02-10 00:08 . 2012-02-10 00:08 -------- d-----w- c:\program files (x86)\Common Files\doubleTwist
2012-02-10 00:08 . 2012-02-10 00:08 -------- d-----w- c:\program files (x86)\ffdshow
2012-02-10 00:08 . 2008-12-18 03:22 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-02-10 00:08 . 2008-12-11 21:26 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2012-02-10 00:07 . 2012-02-10 23:43 -------- d-----w- c:\program files (x86)\TweakNow RegCleaner 2011
2012-02-10 00:06 . 2012-02-10 00:08 -------- d-----w- c:\program files (x86)\doubleTwist 2.0
2012-02-09 23:58 . 2012-02-09 23:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-09 23:58 . 2012-02-09 23:58 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-09 23:55 . 2012-01-17 12:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41B059F7-B3D7-44BB-8C0C-15DE72F807DD}\mpengine.dll
2012-02-09 23:53 . 2012-02-10 00:03 -------- d-----w- c:\programdata\WindSolutions
2012-02-09 23:37 . 2012-02-09 23:37 -------- d-----w- c:\programdata\FLEXnet
2012-02-09 23:36 . 2012-02-09 23:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-02-09 23:36 . 2012-02-10 16:31 -------- d-----w- c:\program files\Autodesk
2012-02-09 23:36 . 2012-02-10 16:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-02-09 23:35 . 2012-02-10 16:24 -------- d-----w- c:\program files (x86)\Autodesk
2012-02-09 23:35 . 2012-02-10 16:24 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-02-09 23:35 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-02-09 23:35 . 2009-09-05 01:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-02-09 23:34 . 2012-02-10 20:29 -------- d-----w- c:\programdata\Autodesk
2012-02-09 23:33 . 2012-02-09 23:33 -------- d-----w- c:\windows\SysWow64\Wat
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-04 12:05 . 2012-02-04 12:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-02-04 12:05 . 2012-02-04 12:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-02-04 12:05 . 2012-02-04 12:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 03:45 . 2011-12-10 03:45 60416 ----a-w- c:\windows\system32\drivers\iBtFltCoex.sys
2011-12-10 03:34 . 2011-12-10 03:34 47616 ----a-w- c:\windows\system32\opphelper.dll
2011-11-15 09:13 . 2011-11-15 09:13 327168 ----a-w- c:\windows\system32\drivers\btmhsf.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_01.54.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-12 21:59 . 2012-01-26 14:53 61248 c:\windows\SysWOW64\OpenCL.dll
- 2012-02-11 04:54 . 2011-10-15 08:53 61248 c:\windows\SysWOW64\OpenCL.dll
+ 2009-07-14 04:54 . 2012-02-13 01:04 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 01:06 . 2012-02-13 01:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012021220120213\index.dat
+ 2009-07-14 04:54 . 2012-02-13 01:04 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-12 01:45 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-10 20:04 . 2012-02-12 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-10 20:04 . 2012-02-13 01:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-09 23:09 . 2012-02-13 00:42 99874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-21 03:09 . 2012-02-13 01:08 54352 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-13 01:08 38692 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-12 21:59 . 2012-01-26 14:53 68928 c:\windows\system32\OpenCL.dll
- 2012-02-11 04:54 . 2011-10-15 08:53 68928 c:\windows\system32\OpenCL.dll
+ 2012-02-12 06:19 . 2012-02-12 06:15 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2009-07-14 05:30 . 2012-02-11 04:57 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-02-12 22:01 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-02-12 21:59 . 2012-01-26 14:53 68928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\OpenCL64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 61248 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\OpenCL.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 28992 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvpciflt.sys
+ 2009-11-24 01:38 . 2009-11-24 01:38 16008 c:\windows\system32\DriverStore\FileRepository\lgvirhid.inf_amd64_neutral_a11a608419b947c2\LGVirHid.sys
+ 2011-04-11 20:01 . 2011-04-11 20:01 79432 c:\windows\system32\DriverStore\FileRepository\lgsh_usb.inf_amd64_neutral_269334372630b86b\ladfGSRCoinst_amd64.dll
+ 2011-10-24 16:39 . 2011-10-24 16:39 66328 c:\windows\system32\DriverStore\FileRepository\lgsfmouhid.inf_amd64_neutral_5dd838989ef304c7\LGSHidFilt.Sys
+ 2009-07-01 19:54 . 2009-07-01 19:54 30728 c:\windows\system32\DriverStore\FileRepository\lgpbtdd.inf_amd64_neutral_67f46fed141433dd\LGPBTDD.sys
+ 2009-11-24 01:37 . 2009-11-24 01:37 22408 c:\windows\system32\DriverStore\FileRepository\lgbusenum.inf_amd64_neutral_060f69b673003bcc\LGBusEnum.sys
- 2012-02-11 04:54 . 2011-10-15 08:53 28992 c:\windows\system32\drivers\nvpciflt.sys
+ 2012-02-12 21:59 . 2012-01-26 14:53 28992 c:\windows\system32\drivers\nvpciflt.sys
+ 2009-11-24 01:38 . 2009-11-24 01:38 16008 c:\windows\system32\drivers\LGVirHid.sys
+ 2011-10-24 16:39 . 2011-10-24 16:39 66328 c:\windows\system32\drivers\LGSHidFilt.Sys
+ 2009-11-24 01:37 . 2009-11-24 01:37 22408 c:\windows\system32\drivers\LGBusEnum.sys
+ 2012-02-09 22:34 . 2012-02-12 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-09 22:34 . 2012-02-11 05:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-09 22:34 . 2012-02-12 22:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-09 22:34 . 2012-02-11 05:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-11 05:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-12 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-12 19:33 . 2012-02-12 19:33 88064 c:\windows\Installer\18523c.msi
+ 2012-02-09 22:46 . 2012-02-13 01:08 5012 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3250538999-1458486944-4197994451-1001_UserData.bin
+ 2012-02-13 00:13 . 2012-02-13 00:13 9560 c:\windows\system32\NetworkList\Icons\{CCABC5C0-BD0D-436A-8850-67B51F45BFC0}_48.bin
+ 2012-02-13 00:13 . 2012-02-13 00:13 4280 c:\windows\system32\NetworkList\Icons\{CCABC5C0-BD0D-436A-8850-67B51F45BFC0}_32.bin
+ 2012-02-13 00:13 . 2012-02-13 00:13 2456 c:\windows\system32\NetworkList\Icons\{CCABC5C0-BD0D-436A-8850-67B51F45BFC0}_24.bin
+ 2012-02-12 21:59 . 2012-01-26 14:53 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdetx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 4096 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdet.dll
+ 2012-02-13 01:07 . 2012-02-13 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-12 01:45 . 2012-02-12 01:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-12 01:45 . 2012-02-12 01:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-13 01:07 . 2012-02-13 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-12 21:59 . 2012-01-26 14:53 812352 c:\windows\SysWOW64\nvumdshim.dll
+ 2012-01-26 12:17 . 2012-01-26 12:17 416064 c:\windows\SysWOW64\nvStreaming.exe
+ 2012-02-12 21:59 . 2012-01-26 14:53 215360 c:\windows\SysWOW64\nvinit.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 301376 c:\windows\SysWOW64\nvdecodemft.dll
+ 2012-02-12 22:03 . 2012-01-26 14:53 812352 c:\windows\SysWOW64\NV\igdumdx32.dll
+ 2012-02-12 22:03 . 2012-01-26 14:53 812352 c:\windows\SysWOW64\NV\igd10umd32.dll
+ 2012-02-12 07:00 . 2012-02-13 01:06 297495 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll
+ 2012-02-10 20:03 . 2012-02-13 01:05 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-10 20:03 . 2012-02-12 01:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-12 01:45 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-13 01:04 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-02-12 01:51 662446 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-13 01:11 662446 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-13 01:11 122242 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-12 01:51 122242 c:\windows\system32\perfc009.dat
+ 2012-02-12 21:59 . 2012-01-26 14:53 962368 c:\windows\system32\nvumdshimx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 260416 c:\windows\system32\nvinitx.dll
- 2012-02-11 04:54 . 2011-10-15 08:53 364352 c:\windows\system32\nvdecodemft.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 364352 c:\windows\system32\nvdecodemft.dll
+ 2012-02-12 22:03 . 2012-01-26 14:53 962368 c:\windows\system32\NV\igdumd64.dll
+ 2012-02-12 22:03 . 2012-01-26 14:53 962368 c:\windows\system32\NV\igd10umd64.dll
+ 2009-07-14 05:30 . 2012-02-12 22:01 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-11 04:57 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-11 04:57 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-02-12 22:01 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-02-12 21:59 . 2012-01-26 14:53 962368 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvumdshimx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 812352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvumdshim.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 310592 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvml.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 249152 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvkflt.sys
+ 2012-02-12 21:59 . 2012-01-26 14:53 260416 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvinitx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 215360 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvinit.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 201024 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvidia-smi.exe
+ 2012-02-12 21:59 . 2012-01-26 14:53 202752 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdxgiwrapx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 182080 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdxgiwrap.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 323976 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdrsdb.bin
+ 2012-02-12 21:59 . 2012-01-26 14:53 301376 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdecodemft32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 364352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdecodemft.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 261120 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\Nvd3d9wrapx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 236352 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\Nvd3d9wrap.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 224064 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\dbInstaller.exe
+ 2011-04-11 20:01 . 2011-04-11 20:01 341832 c:\windows\system32\DriverStore\FileRepository\lgsh_usb.inf_amd64_neutral_269334372630b86b\ladfGSRamd64.sys
+ 2011-04-11 20:00 . 2011-04-11 20:00 410184 c:\windows\system32\DriverStore\FileRepository\lgsh_usb.inf_amd64_neutral_269334372630b86b\ladfGSCamd64.sys
- 2012-02-11 04:54 . 2011-10-15 08:53 249152 c:\windows\system32\drivers\nvkflt.sys
+ 2012-02-12 21:59 . 2012-01-26 14:53 249152 c:\windows\system32\drivers\nvkflt.sys
- 2009-07-14 05:01 . 2012-02-12 01:44 441720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-13 01:06 441720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-12 21:59 . 2012-01-26 14:53 7712576 c:\windows\SysWOW64\nvwgf2um.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2517312 c:\windows\SysWOW64\nvcuvid.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2437440 c:\windows\SysWOW64\nvcuvenc.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 5892928 c:\windows\SysWOW64\nvcuda.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2300736 c:\windows\SysWOW64\nvapi.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 9716544 c:\windows\system32\nvwgf2umx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 1466176 c:\windows\system32\nvgenco64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 1737536 c:\windows\system32\nvdispco64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2672448 c:\windows\system32\nvcuvid.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2872640 c:\windows\system32\nvcuvenc.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 8007488 c:\windows\system32\nvcuda.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2660160 c:\windows\system32\nvapi64.dll
+ 2011-10-24 16:39 . 2011-10-24 16:39 1845528 c:\windows\system32\LkmdfCoInst.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 9716544 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvwgf2umx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 7712576 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvwgf2um.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 1466176 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvgenco64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 1737536 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvdispco64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2517312 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcuvid32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2672448 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcuvid.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2872640 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcuvenc64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2437440 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcuvenc.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 5892928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcuda32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 8007488 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcuda.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2660160 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvapi64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 2300736 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvapi.dll
+ 2011-10-24 16:39 . 2011-10-24 16:39 1845528 c:\windows\system32\DriverStore\FileRepository\lgsfmouhid.inf_amd64_neutral_5dd838989ef304c7\LkmdfCoInst.dll
+ 2012-02-04 10:41 . 2012-02-12 21:26 2041064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-04 10:41 . 2012-02-12 00:56 2041064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-09 22:44 . 2012-02-12 22:00 2414646 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3250538999-1458486944-4197994451-1001-8192.dat
+ 2012-02-09 22:44 . 2012-02-12 22:02 3811124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3250538999-1458486944-4197994451-1001-12288.dat
- 2012-02-10 06:13 . 2012-02-12 01:44 1189216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-02-10 06:13 . 2012-02-13 01:06 1189216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-02-12 21:59 . 2012-01-26 14:53 19443008 c:\windows\SysWOW64\nvoglv32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 15007552 c:\windows\SysWOW64\nvd3dum.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 17543488 c:\windows\SysWOW64\nvcompiler.dll
+ 2012-02-12 22:03 . 2012-01-26 14:53 19443008 c:\windows\SysWOW64\NV\ig4icd32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 25540928 c:\windows\system32\nvoglv64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 17640256 c:\windows\system32\nvd3dumx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 25222976 c:\windows\system32\nvcompiler.dll
+ 2012-02-12 22:03 . 2012-01-26 14:53 25540928 c:\windows\system32\NV\ig4icd64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 25540928 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvoglv64.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 19443008 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvoglv32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 13617984 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvlddmkm.sys
+ 2012-02-12 21:59 . 2012-01-26 14:53 17640256 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvd3dumx.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 15007552 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvd3dum.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 71500480 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\NvCplSetupInt.exe
+ 2012-02-12 21:59 . 2012-01-26 14:53 17543488 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcompiler32.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 25222976 c:\windows\system32\DriverStore\FileRepository\nvdm.inf_amd64_neutral_939b2da5009f2415\nvcompiler.dll
+ 2012-02-12 21:59 . 2012-01-26 14:53 13617984 c:\windows\system32\drivers\nvlddmkm.sys
+ 2012-02-03 16:10 . 2012-02-03 16:10 31633920 c:\windows\Installer\14ece.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-12 75048]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-2-9 576000]
U-MIX44.lnk - c:\program files (x86)\MixVibes\Drivers\U-MIX44\umix44-volume-panel.exe [2011-4-12 2275840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/04 04:57;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-08-12 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-09 1431888]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-02-10 689495]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-01-26 382272]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-01-26 2345792]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2010-06-25 331512]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2010-08-18 278800]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);c:\windows\system32\DRIVERS\qcfilterdl2k.sys [x]
S3 qcusbnetdl2k;Gobi 2000 USB-NDIS miniport(413C-8186);c:\windows\system32\DRIVERS\qcusbnetdl2k.sys [x]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);c:\windows\system32\DRIVERS\qcusbserdl2k.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3250538999-1458486944-4197994451-1001Core.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 22:37]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3250538999-1458486944-4197994451-1001UA.job
- c:\users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-09 22:37]
.
2012-02-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Tyler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Tyler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 4.2.2.2
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\2qdcizjw.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-AccuWeatherWidget - c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{65134FDF-F8A5-4B3D-91D9-CDF273CFD578}"=hex:51,66,7a,6c,4c,1d,38,12,b1,4c,00,
61,97,b6,53,0e,ee,cf,8e,b2,76,91,91,6c
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e8,96,bb,07,53,e8,cc,01
.
[HKEY_USERS\S-1-5-21-3250538999-1458486944-4197994451-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4a,a4,59,92,36,a9,44,b9,28,08,a9,c9,f9,2a,c7,a5,a1,f4,a2,34,46,31,ad,
db,37,bc,5a,5c,65,ce,85,73,c8,5f,dd,7a,17,69,c7,cf,f6,d2,85,20,26,85,70,c9,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
 
Continued

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-12 17:40:34
ComboFix-quarantined-files.txt 2012-02-13 01:40
ComboFix2.txt 2012-02-12 00:54
.
Pre-Run: 127,156,686,848 bytes free
Post-Run: 127,077,429,248 bytes free
.
- - End Of File - - AA8A488CB026231AFDE7F1F7F6F4673C

No ESET Log

CK Scan
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\autodesk\revit architecture 2012\program\help\en-us\wbh\contexthelp\hcontrol_revit_removewatch.htm
c:\program files (x86)\fxpansion\cypher\presets\patchen\dr cracker.cypher
c:\program files (x86)\fxpansion\fusor\devices\presets\bitcrusher\cracked 2 bit hp.fxpreset
c:\program files (x86)\fxpansion\strobe\presets\patchen\ba clackity crackity.strobe
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\users\tyler\documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\users\tyler\documents\ableton\library\presets\instruments\instrument rack\guitars and plucked\synthetic\lead-cracker.adg
c:\users\tyler\documents\torrents\finished\atomix_virtual_dj_pro_7.0.5.b370 with crack.torrent
c:\users\tyler\downloads\(demonoid.me)-avg_pc_tuneup_2011_crack_11280710.787.torrent
c:\users\tyler\music\itunes\itunes media\music\eminem\relapse\18 crack a bottle.m4a
scanner sequence 3.GE.11.JKAPHW
----- EOF -----

I guess that reveals my horrid torrenting habits... Well, I didn't torrent Ableton, so it is not that, plus that is an audio file. Virtual DJ is safe, I have used it on multiple computers multiple times. iTunes is a song... The FXPansion and Image-Line files are all audio clips. Revit was downloaded off of the official AutoDesk site with a student license, however who knows what this thing has done. AVG was downloaded after the virus started affecting my system, however I suppose it could still be hurting my system. Anyway, like I updated in my previous post, I believe that is the cause. The Adobe Licensing Console is still in the Startup Services menu.
 
Too Late

I was able to delete the service causing the problem, but my computer performance has not completely recovered ("Minecraft" was once able to run at 100fps with my current texture pack, and it now runs at 1fps). I will be reinstalling the OS. Thank you for your help!
 
Thank you for the update. I'm leaving some information that may help you understand the dangers of file sharing:

P2P/ 'file sharing' Warning:
Even if you are using a "safe" P2P program, it is only the program that is safe.
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
 
Status
Not open for further replies.
Back