Over the past couple of days, I installed a bunch of audio apps and this all went well. I just tried to install a (downloaded) soundpack add-on from an ISO through Daemon Tools. Although the ISO was mounted, I could not access the actual content, so there was probably something wrong with this file (infected?).
Also, since then I am having issues with Daemon Tools: it is running in the background (and there is a virtual drive listed) but I cannot open the main window from the startmenu or desktop shortcut.
Thirdly startup and shutdown times of my PC went up dramatically. I also noticed that the folder DRVSTORE folder in system32 is Blue (compressed) and have read on a forum that this could indicate that my machine is infected.
I just removed DaemonTools from mscofig-startup and managed to de-install it afterwards. I also ran atf cleaner, did scans with my Antivirus software and Malwarebytes and both did not find problems, but I am still concerned given the slow startup and shutdown times of my system.
Would aprreciate if someone could help me with diagnose and cleaning if needed.
I do have access to a legit Win 7 install disk.
Thanks.
PS: Since GMER is listed as for 32-bits systems only, I have not yet ran this.
DDS Log:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by PC at 19:46:49 on 2012-10-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8147.5461 [GMT 2:00]
.
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Computer Security *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\F-Secure\fshoster32.exe
C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\F-Secure\fshoster32.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsscoepl_x64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [F-Secure Hoster (54599)] "C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ENABLE~1.LNK - C:\Program Files\hdparm\enable hdd apm max performance.cmd
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{954DD49F-142A-4D12-BB86-E43AF08B2F8A} : NameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\xtuufonq.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-27 19224]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-10-26 62384]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-8-17 46024]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-8-17 95112]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-8-17 15016]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-8-6 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-8-6 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-8-6 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [2012-8-6 1473664]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-8-5 21992]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\F-Secure\fshoster32.exe [2012-6-21 163536]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2012-3-15 62160]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-5 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-5 189608]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-5 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-29 1258856]
R2 rtpMIDIService;rtpMIDIService;C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2012-8-24 1142272]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-5 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 automap;Automap MIDI Driver;C:\Windows\System32\drivers\automap.sys [2012-10-21 18776]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\System32\drivers\MAudioDelta.sys [2012-1-25 339760]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2012-3-15 514736]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-8-17 199736]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-27 356632]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-27 789272]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-8-5 60184]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\System32\drivers\teVirtualMIDI64.sys [2012-8-15 30208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-6 250808]
S3 fsccsys1346952648;F-Secure Content Control Driver;C:\Windows\System32\drivers\fsccsys.sys [2012-9-6 58424]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-8-6 160768]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-5 113120]
S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\System32\drivers\nvnusbaudio.sys [2012-10-21 53080]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
.
=============== Created Last 30 ================
.
2012-10-27 17:10:47 319484440 ----a-w- C:\backup_reg.reg
2012-10-27 16:29:47 -------- d-----w- C:\ProgramData\Slate Digital
2012-10-27 16:29:46 -------- d-----w- C:\Program Files (x86)\Slate Digital
2012-10-27 16:28:31 -------- d-----w- C:\Program Files (x86)\FabFilter
2012-10-27 16:27:24 -------- d-----w- C:\Program Files (x86)\iZotope
2012-10-26 14:19:37 -------- d-----w- C:\Users\PC\AppData\Local\Adobe
2012-10-26 13:50:54 -------- d-----w- C:\Users\PC\AppData\Local\Apple
2012-10-26 13:50:47 -------- d-----w- C:\Users\PC\AppData\Local\Apple Computer
2012-10-26 13:21:46 -------- d-----w- C:\Windows\Simple Port Forwarding
2012-10-26 13:21:46 -------- d-----w- C:\Program Files (x86)\Simple Port Forwarding
2012-10-26 11:49:17 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92BE7323-16CE-4E73-9B5D-3F6F9FAE985D}\mpengine.dll
2012-10-25 14:09:05 -------- d-----w- C:\Program Files (x86)\Tobias Erichsen
2012-10-24 09:01:28 -------- d-----w- C:\Program Files\Steinberg
2012-10-24 08:33:08 -------- d-----w- C:\Users\PC\AppData\Roaming\Malwarebytes
2012-10-24 08:33:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-24 08:33:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-24 08:33:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 19:51:36 -------- d-----w- C:\Users\PC\AppData\Roaming\VST3 Presets
2012-10-22 10:53:35 -------- d-----w- C:\audio
2012-10-22 10:45:58 -------- d-----w- C:\Program Files (x86)\rgcaudio software
2012-10-22 10:44:54 995383 ----a-w- C:\Windows\SysWow64\temp.008
2012-10-22 10:44:54 50688 ----a-w- C:\Windows\SysWow64\temp.007
2012-10-22 10:44:54 401462 ----a-w- C:\Windows\SysWow64\temp.005
2012-10-22 10:44:54 322560 ----a-w- C:\Windows\SysWow64\temp.006
2012-10-22 10:44:54 -------- d-----w- C:\Program Files (x86)\Pro-53
2012-10-22 10:41:12 995383 ----a-w- C:\Windows\SysWow64\temp.003
2012-10-22 10:41:12 77878 ----a-w- C:\Windows\SysWow64\temp.002
2012-10-22 10:41:12 278581 ----a-w- C:\Windows\SysWow64\temp.004
2012-10-22 10:41:11 401462 ----a-w- C:\Windows\SysWow64\temp.001
2012-10-22 10:41:11 -------- d-----w- C:\Program Files (x86)\Native Instruments
2012-10-22 10:39:27 -------- d-----w- C:\Program Files (x86)\URS
2012-10-22 10:38:02 -------- d-----w- C:\Program Files (x86)\Sugar Bytes
2012-10-21 12:38:16 -------- d-----w- C:\Users\PC\AppData\Local\Focusrite_Audio_Engineeri
2012-10-21 12:32:43 -------- d-----w- C:\Users\PC\AppData\Local\Novation
2012-10-21 12:32:28 53080 ----a-w- C:\Windows\System32\drivers\nvnusbaudio.sys
2012-10-21 12:32:28 20824 ----a-w- C:\Windows\System32\nvnusbaudio_coinst.dll
2012-10-21 12:32:28 -------- d-----w- C:\Program Files\Novation
2012-10-21 12:32:25 -------- d-----w- C:\ProgramData\Propellerhead Software
2012-10-21 12:31:53 18776 ----a-w- C:\Windows\System32\drivers\automap.sys
2012-10-21 12:31:52 -------- d-----w- C:\Program Files (x86)\Novation
2012-10-20 20:06:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-10-20 07:43:07 90112 ----a-w- C:\Windows\unvise32.exe
2012-10-20 07:40:43 -------- d-----w- C:\Users\PC\AppData\Local\Downloaded Installations
2012-10-20 07:40:43 -------- d-----w- C:\Program Files (x86)\Common Files\Pinnacle
2012-10-20 07:40:36 -------- d-----w- C:\Users\PC\AppData\Roaming\NVIDIA
2012-10-20 07:40:35 -------- d-----w- C:\Users\PC\AppData\Local\Pinnacle
2012-10-20 07:40:24 -------- d-----w- C:\ProgramData\Pinnacle Studio Ultimate
2012-10-20 07:39:29 -------- d-----w- C:\Program Files (x86)\Common Files\Pegasus Imaging
2012-10-20 07:39:28 -------- d-----w- C:\ProgramData\Studio 14
2012-10-20 07:39:28 -------- d-----w- C:\ProgramData\Pinnacle Studio Plus
2012-10-20 07:39:28 -------- d-----w- C:\Program Files (x86)\Pinnacle
2012-10-20 07:39:28 -------- d-----w- C:\Program Files (x86)\Common Files\Yahoo!
2012-10-18 18:17:44 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2012-10-18 18:17:00 -------- d-----w- C:\ProgramData\VST3 Presets
2012-10-18 18:15:18 -------- d-----w- C:\ProgramData\Steinberg
2012-10-18 18:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2012-10-18 18:14:54 -------- d-----w- C:\Users\PC\AppData\Roaming\Steinberg
2012-10-17 13:48:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-17 13:48:45 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-10-17 13:48:45 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-10-11 11:52:06 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-02 19:42:09 -------- d-----w- C:\Users\PC\AppData\Local\ZScreen_Developers
2012-10-02 19:41:25 -------- d-----w- C:\Users\PC\AppData\Roaming\iTSfv
2012-10-02 19:41:21 -------- d-----w- C:\Program Files\iTSfv
2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-10-08 20:31:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:31:09 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-28 13:05:54 58424 ----a-w- C:\Windows\System32\drivers\fsccsys.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 09:43:40 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
2012-08-16 17:37:07 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-08-15 21:41:40 20992 ----a-w- C:\Windows\System32\teVirtualMIDI64.dll
2012-08-15 21:41:38 30208 ----a-w- C:\Windows\System32\drivers\teVirtualMIDI64.sys
2012-08-15 21:41:00 18432 ----a-w- C:\Windows\SysWow64\teVirtualMIDI32.dll
2012-08-12 17:22:10 243064 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-06 09:30:16 1048576 ----a-w- C:\Windows\PE_Rom.dll
2012-08-06 09:05:13 46152 ----a-w- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2012-08-06 09:05:08 26136 ----a-w- C:\Windows\System32\drivers\ICCWDT.sys
2012-08-06 09:04:56 32360 ----a-w- C:\Windows\System32\drivers\ndisrd.sys
2012-08-06 09:04:50 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2012-08-06 09:04:31 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-08-06 09:04:30 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-08-06 09:04:26 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2012-08-06 09:04:26 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2012-08-05 15:00:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-05 15:00:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-05 14:16:15 16896 ----a-w- C:\Windows\AsTaskSched.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 19:46:57,11 ===============
Also, since then I am having issues with Daemon Tools: it is running in the background (and there is a virtual drive listed) but I cannot open the main window from the startmenu or desktop shortcut.
Thirdly startup and shutdown times of my PC went up dramatically. I also noticed that the folder DRVSTORE folder in system32 is Blue (compressed) and have read on a forum that this could indicate that my machine is infected.
I just removed DaemonTools from mscofig-startup and managed to de-install it afterwards. I also ran atf cleaner, did scans with my Antivirus software and Malwarebytes and both did not find problems, but I am still concerned given the slow startup and shutdown times of my system.
Would aprreciate if someone could help me with diagnose and cleaning if needed.
I do have access to a legit Win 7 install disk.
Thanks.
PS: Since GMER is listed as for 32-bits systems only, I have not yet ran this.
DDS Log:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by PC at 19:46:49 on 2012-10-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8147.5461 [GMT 2:00]
.
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Computer Security *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\F-Secure\fshoster32.exe
C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\F-Secure\fshoster32.exe
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsscoepl_x64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [F-Secure Hoster (54599)] "C:\Program Files (x86)\F-Secure\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ENABLE~1.LNK - C:\Program Files\hdparm\enable hdd apm max performance.cmd
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{954DD49F-142A-4D12-BB86-E43AF08B2F8A} : NameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\xtuufonq.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 hostcontrollerswitch-stuurprogramma;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-27 19224]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-10-26 62384]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-8-17 46024]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-8-17 95112]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-8-17 15016]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-8-6 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-8-6 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-8-6 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [2012-8-6 1473664]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-8-5 21992]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\F-Secure\fshoster32.exe [2012-6-21 163536]
R2 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [2012-3-15 62160]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-5 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-5 189608]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-8-5 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-29 1258856]
R2 rtpMIDIService;rtpMIDIService;C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2012-8-24 1142272]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-5 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 automap;Automap MIDI Driver;C:\Windows\System32\drivers\automap.sys [2012-10-21 18776]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\System32\drivers\MAudioDelta.sys [2012-1-25 339760]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2012-3-15 514736]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-8-17 199736]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 iusb3hub;Intel(R) USB 3.0 hub-stuurprogramma;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-27 356632]
R3 iusb3xhc;Intel(R) USB 3.0 uitbreidbare hostcontroller-stuurprogramma;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-27 789272]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-8-5 60184]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\System32\drivers\teVirtualMIDI64.sys [2012-8-15 30208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-6 250808]
S3 fsccsys1346952648;F-Secure Content Control Driver;C:\Windows\System32\drivers\fsccsys.sys [2012-9-6 58424]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-8-6 160768]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-5 113120]
S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\System32\drivers\nvnusbaudio.sys [2012-10-21 53080]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-5 1255736]
.
=============== Created Last 30 ================
.
2012-10-27 17:10:47 319484440 ----a-w- C:\backup_reg.reg
2012-10-27 16:29:47 -------- d-----w- C:\ProgramData\Slate Digital
2012-10-27 16:29:46 -------- d-----w- C:\Program Files (x86)\Slate Digital
2012-10-27 16:28:31 -------- d-----w- C:\Program Files (x86)\FabFilter
2012-10-27 16:27:24 -------- d-----w- C:\Program Files (x86)\iZotope
2012-10-26 14:19:37 -------- d-----w- C:\Users\PC\AppData\Local\Adobe
2012-10-26 13:50:54 -------- d-----w- C:\Users\PC\AppData\Local\Apple
2012-10-26 13:50:47 -------- d-----w- C:\Users\PC\AppData\Local\Apple Computer
2012-10-26 13:21:46 -------- d-----w- C:\Windows\Simple Port Forwarding
2012-10-26 13:21:46 -------- d-----w- C:\Program Files (x86)\Simple Port Forwarding
2012-10-26 11:49:17 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92BE7323-16CE-4E73-9B5D-3F6F9FAE985D}\mpengine.dll
2012-10-25 14:09:05 -------- d-----w- C:\Program Files (x86)\Tobias Erichsen
2012-10-24 09:01:28 -------- d-----w- C:\Program Files\Steinberg
2012-10-24 08:33:08 -------- d-----w- C:\Users\PC\AppData\Roaming\Malwarebytes
2012-10-24 08:33:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-24 08:33:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-24 08:33:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 19:51:36 -------- d-----w- C:\Users\PC\AppData\Roaming\VST3 Presets
2012-10-22 10:53:35 -------- d-----w- C:\audio
2012-10-22 10:45:58 -------- d-----w- C:\Program Files (x86)\rgcaudio software
2012-10-22 10:44:54 995383 ----a-w- C:\Windows\SysWow64\temp.008
2012-10-22 10:44:54 50688 ----a-w- C:\Windows\SysWow64\temp.007
2012-10-22 10:44:54 401462 ----a-w- C:\Windows\SysWow64\temp.005
2012-10-22 10:44:54 322560 ----a-w- C:\Windows\SysWow64\temp.006
2012-10-22 10:44:54 -------- d-----w- C:\Program Files (x86)\Pro-53
2012-10-22 10:41:12 995383 ----a-w- C:\Windows\SysWow64\temp.003
2012-10-22 10:41:12 77878 ----a-w- C:\Windows\SysWow64\temp.002
2012-10-22 10:41:12 278581 ----a-w- C:\Windows\SysWow64\temp.004
2012-10-22 10:41:11 401462 ----a-w- C:\Windows\SysWow64\temp.001
2012-10-22 10:41:11 -------- d-----w- C:\Program Files (x86)\Native Instruments
2012-10-22 10:39:27 -------- d-----w- C:\Program Files (x86)\URS
2012-10-22 10:38:02 -------- d-----w- C:\Program Files (x86)\Sugar Bytes
2012-10-21 12:38:16 -------- d-----w- C:\Users\PC\AppData\Local\Focusrite_Audio_Engineeri
2012-10-21 12:32:43 -------- d-----w- C:\Users\PC\AppData\Local\Novation
2012-10-21 12:32:28 53080 ----a-w- C:\Windows\System32\drivers\nvnusbaudio.sys
2012-10-21 12:32:28 20824 ----a-w- C:\Windows\System32\nvnusbaudio_coinst.dll
2012-10-21 12:32:28 -------- d-----w- C:\Program Files\Novation
2012-10-21 12:32:25 -------- d-----w- C:\ProgramData\Propellerhead Software
2012-10-21 12:31:53 18776 ----a-w- C:\Windows\System32\drivers\automap.sys
2012-10-21 12:31:52 -------- d-----w- C:\Program Files (x86)\Novation
2012-10-20 20:06:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-10-20 07:43:07 90112 ----a-w- C:\Windows\unvise32.exe
2012-10-20 07:40:43 -------- d-----w- C:\Users\PC\AppData\Local\Downloaded Installations
2012-10-20 07:40:43 -------- d-----w- C:\Program Files (x86)\Common Files\Pinnacle
2012-10-20 07:40:36 -------- d-----w- C:\Users\PC\AppData\Roaming\NVIDIA
2012-10-20 07:40:35 -------- d-----w- C:\Users\PC\AppData\Local\Pinnacle
2012-10-20 07:40:24 -------- d-----w- C:\ProgramData\Pinnacle Studio Ultimate
2012-10-20 07:39:29 -------- d-----w- C:\Program Files (x86)\Common Files\Pegasus Imaging
2012-10-20 07:39:28 -------- d-----w- C:\ProgramData\Studio 14
2012-10-20 07:39:28 -------- d-----w- C:\ProgramData\Pinnacle Studio Plus
2012-10-20 07:39:28 -------- d-----w- C:\Program Files (x86)\Pinnacle
2012-10-20 07:39:28 -------- d-----w- C:\Program Files (x86)\Common Files\Yahoo!
2012-10-18 18:17:44 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2012-10-18 18:17:00 -------- d-----w- C:\ProgramData\VST3 Presets
2012-10-18 18:15:18 -------- d-----w- C:\ProgramData\Steinberg
2012-10-18 18:15:18 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2012-10-18 18:14:54 -------- d-----w- C:\Users\PC\AppData\Roaming\Steinberg
2012-10-17 13:48:45 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-17 13:48:45 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-10-17 13:48:45 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-10-11 11:52:06 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-02 19:42:09 -------- d-----w- C:\Users\PC\AppData\Local\ZScreen_Developers
2012-10-02 19:41:25 -------- d-----w- C:\Users\PC\AppData\Roaming\iTSfv
2012-10-02 19:41:21 -------- d-----w- C:\Program Files\iTSfv
2012-10-02 11:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-10-08 20:31:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:31:09 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-09-28 13:05:54 58424 ----a-w- C:\Windows\System32\drivers\fsccsys.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 09:43:40 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
2012-08-16 17:37:07 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-08-15 21:41:40 20992 ----a-w- C:\Windows\System32\teVirtualMIDI64.dll
2012-08-15 21:41:38 30208 ----a-w- C:\Windows\System32\drivers\teVirtualMIDI64.sys
2012-08-15 21:41:00 18432 ----a-w- C:\Windows\SysWow64\teVirtualMIDI32.dll
2012-08-12 17:22:10 243064 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-06 09:30:16 1048576 ----a-w- C:\Windows\PE_Rom.dll
2012-08-06 09:05:13 46152 ----a-w- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2012-08-06 09:05:08 26136 ----a-w- C:\Windows\System32\drivers\ICCWDT.sys
2012-08-06 09:04:56 32360 ----a-w- C:\Windows\System32\drivers\ndisrd.sys
2012-08-06 09:04:50 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2012-08-06 09:04:31 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-08-06 09:04:30 28672 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-08-06 09:04:26 11832 ------w- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2012-08-06 09:04:26 10216 ------w- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2012-08-05 15:00:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-05 15:00:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-08-05 14:16:15 16896 ----a-w- C:\Windows\AsTaskSched.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 19:46:57,11 ===============