aardvark2012 Posted March 28, 2013 ID:661888 Share Posted March 28, 2013 Hi,I've been getting an ad appearing in the bottom left of my browser window (IE9) linked to the address ad.xtendmedia.com (visible on mouse-over -- I haven't clicked it). In itself, it's only mildly irritating, but I looked around and it appears it can make things go pear-shaped if it's left lying around. I also suspect it's blocking certain websites -- I'm unable to update drivers, my webmail keeps crashing, and worst of all, I think it's stopping Steam from running (tragedy!).This may be irrelevant, but the appearance of these ads seems to be correlated with a "Do you want to open or save bv.js from www.google-analytics.com?" message.Here are the logs:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2Run by Toby at 9:32:22 on 2013-03-28#Option Extended Search is enabled.Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8175.5480 [GMT 10.5:30].AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exeC:\Windows\system32\ATKFUSService.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\taskhost.exeC:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Windows\SysWOW64\ASDR.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exeC:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\SysWOW64\HsMgr.exeC:\Windows\system\HsMgr64.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXEC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\lg_fwupdate\fwupdate.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Users\Toby\AppData\Local\Temp\ins44D0.tmpC:\Windows\explorer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com.au/mWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dllBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silentuRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartuRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autocleanmRun: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [updatePSTShortCut] c:\program files (x86)\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\powerstartermRun: [LGODDFU] "c:\program files (x86)\lg_fwupdate\lgfw.exe" blrunmRun: [uCam_Menu] c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0mRun: [updatePPShortCut] c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0mRun: [bDRegion] c:\program files (x86)\cyberlink\shared files\brs.exemRun: [RemoteControl9] c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exemRun: [updateP2GoShortCut] c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0mRun: [CLMLServer] c:\program files (x86)\cyberlink\power2go\clmlsvc.exemRun: [MDS_Menu] c:\program files (x86)\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1mRun: [updateLBPShortCut] c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartmRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{9B181EEF-1FC6-45B0-879C-09D01DD8FF35} : DHCPNameServer = 192.168.1.1Notify: SDWinLogon - SDWinLogon.dllSSODL: WebCheck - <orphaned>mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWndx64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envokex64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envokex64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservicex64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabx64-SSODL: WebCheck - <orphaned>Hosts: 192.157.56.28 www.google-analytics.com.Hosts: 192.157.56.28 ad-emea.doubleclick.net.Hosts: 192.157.56.28 www.statcounter.com.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 ad-emea.doubleclick.net..Note: multiple HOSTS entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-3-22 17720]R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-21 21104]R1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2012-1-7 16384]R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-13 465216]R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-24 821592]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-26 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-26 682344]R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-11 1103392]R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-11 1369624]R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-11 168384]R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-9-21 114688]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2011-9-21 2725376]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-3-7 40832]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-3-7 65280]R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-3-5 21384]R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-1-7 23680]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-26 24176]R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-3-5 33224]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-21 413800]R3 SynUSB64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2011-10-7 30352]R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-3-5 21904]S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/22 14:59:02;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-9-22 25640]S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-9-21 30528]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-1 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-1 30208]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736].=============== Created Last 60 ================.2013-03-26 08:55:48 -------- d-----w- C:\Users\Toby\AppData\Roaming\Malwarebytes2013-03-26 08:55:40 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-26 08:55:40 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-26 08:55:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-03-22 00:43:48 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys2013-03-13 09:15:49 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-03-13 03:58:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-13 03:30:57 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center2013-03-12 18:22:26 15859416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-03-11 03:27:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2013-03-11 03:26:52 17272 ----a-w- C:\Windows\System32\sdnclean64.exe2013-03-11 03:26:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22013-03-11 03:25:21 -------- d-----w- C:\Users\Toby\AppData\Local\Programs2013-02-25 14:02:44 25256224 ----a-w- C:\Windows\System32\nvcompiler.dll2013-02-17 22:52:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll2013-02-17 22:52:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll2013-02-13 04:46:52 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}2013-02-13 02:40:14 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-02-13 02:40:14 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-02-13 02:40:14 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-02-13 02:39:55 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:39:55 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:36:41 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-02-13 02:36:41 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-02-13 02:35:35 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-02-13 02:35:16 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-02-13 02:35:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-02-13 02:35:16 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-02-13 02:35:16 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-02-13 02:35:16 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-02-13 02:35:16 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2013-02-13 01:57:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll2013-01-29 07:45:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll2013-01-29 07:45:06 828872 ----a-w- C:\Windows\System32\msvcr110.dll2013-01-29 07:45:06 661448 ----a-w- C:\Windows\System32\msvcp110.dll2013-01-29 07:45:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll2013-01-29 07:45:06 354264 ----a-w- C:\Windows\System32\vccorlib110.dll2013-01-29 07:45:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll2013-01-29 07:45:04 50800 ----a-w- C:\Windows\System32\drivers\point64.sys.==================== Find6M ====================.2013-03-23 22:35:02 25640 ----a-w- C:\Windows\gdrv.sys2013-03-13 09:16:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-03-13 09:16:41 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-03-13 09:16:41 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-03-13 09:16:41 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-03-13 09:16:41 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-03-13 09:16:41 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-03-13 09:16:41 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-03-13 09:16:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-03-13 09:16:41 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-03-13 09:16:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-03-13 09:16:40 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-03-13 09:16:40 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-03-13 03:58:07 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-13 03:58:07 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-03-12 18:22:32 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-12 18:22:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-02-17 22:52:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll2013-02-13 02:35:16 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-01-21 00:42:12 2177664 ----a-w- C:\Windows\System32\coin93.dll2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-01-18 15:00:11 2953448 ----a-w- C:\Windows\System32\nvcoproc.bin2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll2013-01-17 21:45:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-01-15 08:19:06 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs.============= FINISH: 9:32:35.24 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 21/09/2011 8:55:06 AMSystem Uptime: 24/03/2013 9:04:16 AM (96 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | Z68A-D3-B3Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz | Socket 1155 | 3601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 217.67 GiB free.D: is CDROM (CDFS)E: is FIXED (NTFS) - 466 GiB total, 370.04 GiB free.F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP211: 13/03/2013 10:41:21 PM - Windows UpdateRP212: 21/03/2013 4:12:40 PM - Scheduled Checkpoint.==== Hosts File Hijack ======================.Hosts: 192.157.56.28 www.google-analytics.com.Hosts: 192.157.56.28 ad-emea.doubleclick.net.Hosts: 192.157.56.28 www.statcounter.com.Hosts: 93.115.241.27 www.google-analytics.com.Hosts: 93.115.241.27 ad-emea.doubleclick.net.Hosts: 93.115.241.27 www.statcounter.com..==== Installed Programs ======================.@BIOS7-Zip 9.20 (x64 edition)Adobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.6)Advanced SystemCare 6Age of Empires IIIAge of Empires III - The Asian DynastiesAge of Empires III - The WarChiefsAge of MythologyApple Application SupportApple Mobile Device SupportApple Software UpdateASUS Gamer OSDASUS nVidia DriverASUS Smart DoctorASUS Xonar DS Audio DriverBonjourCamera Access LibraryCamera Support Core LibraryCamera Window DSCamera Window DVCCamera Window MCCanon Camera Access LibraryCanon Camera Support Core LibraryCanon Camera Window DC_DV 5 for ZoomBrowser EXCanon Camera Window DC_DV 6 for ZoomBrowser EXCanon Camera Window DSLR 5 for ZoomBrowser EXCanon Camera Window MC 6 for ZoomBrowser EXCanon MovieEdit Task for ZoomBrowser EXCanon PhotoRecordCanon RAW Image Task for ZoomBrowser EXCanon Utilities PhotoStitch 3.1Canon ZoomBrowser EX (E)CyberLink BD Advisor 2.0CyberLink Blu-ray Disc SuiteCyberLink LabelPrintCyberLink LG Burning ToolCyberLink MediaShowCyberLink PowerDVD 9CyberLink PowerProducerCyberLink YouCamDragon Age IIDragon Age: OriginsEasy Tune 6 B11.0512.1eLicenser ControlERUNT 1.1jESET Smart SecurityEtron USB3.0 Host ControllerEVE Online (remove only)FrapsGame BoosterGIMP 2.6.11Google SketchUp 8Google Toolbar for Internet ExplorerGoogle Update HelperGPL GhostscriptGSview 5.0Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)Intel® Control CenterIntel® Management Engine ComponentsIObit Malware FighteriTunesJava 7 Update 17Java Auto UpdaterJava™ 6 Update 30 (64-bit)Java™ 7 Update 5 (64-bit)LG Tool KitLightScribe System SoftwareLux Delux 6.22Malwarebytes Anti-Malware version 1.70.0.1100Mass EffectMass Effect 2Mass Effect™ 3Mathematica 8 Home Edition (M-WIN-H 8.0.1 2063989)Mathematica Extras 8.0 (2063897)Medieval II Total WarMedieval II Total War : Kingdoms : AmericasMedieval II Total War : Kingdoms : BritanniaMedieval II Total War : Kingdoms : CrusadesMedieval II Total War : Kingdoms : TeutonicMicrosoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Age of Empires IIMicrosoft Application Error ReportingMicrosoft Help Viewer 1.1Microsoft Mouse and Keyboard CenterMicrosoft SilverlightMicrosoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft Visual C++ Compilers 2010 Standard - enu - x86Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219Microsoft Visual C++ 2010 Express - ENUMicrosoft Visual J# .NET Redistributable Package 1.1Microsoft Visual Studio 2010 Express Prerequisites x64 - ENUMicrosoft Visual Studio 2010 Service Pack 1Microsoft Visual Studio 2010 Tools for Office Runtime (x64)MovieEdit TaskMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML4 ParserNexus Mod ManagerNVIDIA 3D Vision Controller Driver 295.73NVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0209NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsOblivionOblivion - BTmod 2.20ON_OFF Charge B11.0110.1OpenALOpenTTD 1.2.3OriginPhotoStitchPortalQuickTimeRAW Image Task 2.2Realtek Ethernet Controller DriverRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Smart 6 B11.0512.1Smart Defrag 2Spybot - Search & DestroySteamSteinberg Cubase 5 64bitSteinberg Drum Loop Expansion 01Steinberg Groove Agent ONE ContentSteinberg Groove Agent ONE Vintage BeatboxesSteinberg HALion Symphonic Orchestra 16-bit EditionSteinberg HALionOne 64bitSteinberg HALionOne Additional Content Set 01Steinberg HALionOne Expression SetSteinberg HALionOne GM Drum SetSteinberg HALionOne GM SetSteinberg HALionOne Pro SetSteinberg HALionOne Studio Drum SetSteinberg HALionOne Studio SetSteinberg LoopMash ContentSteinberg REVerence Content 01TeamSpeak 3 ClientThe Elder Scrolls V: SkyrimThief - Deadly ShadowsThief 3 Sneaky Upgrade version 1.1.0Unofficial Oblivion Patch v3.2.0Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)UtilityVLC media player 1.1.11WinRAR archiverXviD MPEG-4 Video Codec.==== Event Viewer Messages From Past Week ========.23/03/2013 3:11:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.23/03/2013 3:08:41 PM, Error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================Many thanks in advanceToby Link to post Share on other sites More sharing options...
Robybel Posted March 28, 2013 ID:661890 Share Posted March 28, 2013 Hi and Welcome!! aardvark2012 My name is Robybel. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.Vista and Windows 7 users:These tools MUST be run from the executable. (.exe) every time you run themwith Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.Having said that....Let's get going!! ============ Next ==============IOBIT ProductsWe note you may be using one or more products from IOBit.IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, we do not recommend the use of IOBit products.============ Next ==============Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.============ Next ==============AdwCleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.============ Next ==============Download RogueKiller and save it to your desktop. Quit all other programsStart RogueKiller.exeWait until the Prescan has finished ... Click on ScanWait for the end of the scanA report will be created on your desktop. Click on the Delete buttonNext click on the ShortcutsFix another report will be created on your desktop.Please post: All RKreport.txt text files located on your desktop.On your next reply please post :checkup.txtAdwCleaner[s1].txtAll RKreport.txtLet me know if you have any problems in performing with the steps above or any questions you may have.Good Day! Link to post Share on other sites More sharing options...
aardvark2012 Posted March 28, 2013 Author ID:661927 Share Posted March 28, 2013 Awesome response time, Robybel! Thank you!Re: IObit. I'm not too surprised to hear that, actually. Their software has become more and more like spamware itself recently. I'll get rid of it once we're done here.Here are the logs you requested. I think I got everything you wanted.Results of screen317's Security Check version 0.99.61Windows 7 Service Pack 1 x64 (UAC is enabled)Internet Explorer 9``````````````Antivirus/Firewall Check:``````````````Windows Firewall Disabled!ESET Smart Security 5.0Antivirus up to date!`````````Anti-malware/Other Utilities Check:`````````Spybot - Search & DestroyMalwarebytes Anti-Malware version 1.70.0.1100Java 7 Update 17Adobe Reader 10.1.6 Adobe Reader out of Date!````````Process Check: objlist.exe by Laurent````````ESET NOD32 Antivirus egui.exeESET NOD32 Antivirus ekrn.exeMalwarebytes Anti-Malware mbamservice.exeMalwarebytes Anti-Malware mbamgui.exeSpybot Teatimer.exe is disabled!IObit IObit Malware Fighter IMFsrv.exeIObit IObit Malware Fighter IMF.exeMalwarebytes' Anti-Malware mbamscheduler.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C: 0%````````````````````End of Log``````````````````````# AdwCleaner v2.115 - Logfile created 03/28/2013 at 19:43:28# Updated 17/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Toby - TOBY-PC# Boot Mode : Normal# Running from : C:\Users\Toby\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16470[OK] Registry is clean.*************************AdwCleaner[s1].txt - [512 octets] - [28/03/2013 19:43:28]########## EOF - C:\AdwCleaner[s1].txt - [571 octets] ##########RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Toby [Admin rights]Mode : Scan -- Date : 03/28/2013 19:52:49| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : Mal.Hosts ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost::1 localhost192.157.56.28 www.google-analytics.com.192.157.56.28 ad-emea.doubleclick.net.192.157.56.28 www.statcounter.com.93.115.241.27 www.google-analytics.com.93.115.241.27 ad-emea.doubleclick.net.93.115.241.27 www.statcounter.com.¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3500413AS ATA Device +++++--- User ---[MBR] 89ce3fef1dc6f1eb8c06746330d31181[bSP] 06b942ddae2b8e6f287469c00479587b : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: ST3500413AS ATA Device +++++--- User ---[MBR] b1db3ebec760d4355f9636f8491808cc[bSP] 252fbd5158a2a3e16e9f3f3226fb9744 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive2: Brother DCP-145C USB Device +++++Error reading User MBR!User = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1]_S_03282013_02d1952.txt >>RKreport[1]_S_03282013_02d1952.txtRogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Toby [Admin rights]Mode : Remove -- Date : 03/28/2013 19:54:22| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> DELETED[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED(0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED(0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : Mal.Hosts ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost::1 localhost192.157.56.28 www.google-analytics.com.192.157.56.28 ad-emea.doubleclick.net.192.157.56.28 www.statcounter.com.93.115.241.27 www.google-analytics.com.93.115.241.27 ad-emea.doubleclick.net.93.115.241.27 www.statcounter.com.¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST3500413AS ATA Device +++++--- User ---[MBR] 89ce3fef1dc6f1eb8c06746330d31181[bSP] 06b942ddae2b8e6f287469c00479587b : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: ST3500413AS ATA Device +++++--- User ---[MBR] b1db3ebec760d4355f9636f8491808cc[bSP] 252fbd5158a2a3e16e9f3f3226fb9744 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2]_D_03282013_02d1954.txt >>RKreport[1]_S_03282013_02d1952.txt ; RKreport[2]_D_03282013_02d1954.txtRogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Toby [Admin rights]Mode : Shortcuts HJfix -- Date : 03/28/2013 19:56:02| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ File attributes restored: ¤¤¤Desktop: Success 1 / Fail 0Quick launch: Success 1 / Fail 0Programs: Success 14 / Fail 0Start menu: Success 1 / Fail 0User folder: Success 86 / Fail 0My documents: Success 2 / Fail 2My favorites: Success 0 / Fail 0My pictures: Success 2 / Fail 0My music: Success 276 / Fail 0My videos: Success 0 / Fail 0Local drives: Success 92 / Fail 0Backup: [NOT FOUND]Drives:[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored[D:] \Device\CdRom0 -- 0x5 --> Skipped[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored[F:] \Device\HarddiskVolume4 -- 0x2 --> RestoredFinished : << RKreport[3]_SC_03282013_02d1956.txt >>RKreport[1]_S_03282013_02d1952.txt ; RKreport[2]_D_03282013_02d1954.txt ; RKreport[3]_SC_03282013_02d1956.txt Link to post Share on other sites More sharing options...
Robybel Posted March 28, 2013 ID:661929 Share Posted March 28, 2013 Hi aardvark2012 Very good jobBlitzblank.Download BlitzBlank and save it to your desktop. Open Blitzblank.exe Click OK at the warning (and take note of it, this is a VERY powerful tool!).Click the Script tab and copy/paste the following text there:DeleteFile:C:\Windows\system32\drivers\etc\hosts Click Execute Now. Your computer will need to reboot in order to replace the files.When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Link to post Share on other sites More sharing options...
aardvark2012 Posted March 28, 2013 Author ID:661935 Share Posted March 28, 2013 Okay, here are the logs. TDSS didn't find any threats. I got a different version from the one you posted (v. 2.8.16.0), and I noticed that some of the default scan options were unchecked. I left them unchecked... but, just so you know.BlitzBlank 1.0.0.32File/Registry Modification Engine native applicationMoveFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\etc\hosts", destinationFile ="(null)", replaceWithDummy = 020:56:18.0848 2252 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:4220:56:20.0349 2252 ============================================================20:56:20.0349 2252 Current date / time: 2013/03/28 20:56:20.034920:56:20.0349 2252 SystemInfo:20:56:20.0349 2252 20:56:20.0349 2252 OS Version: 6.1.7601 ServicePack: 1.020:56:20.0349 2252 Product type: Workstation20:56:20.0349 2252 ComputerName: TOBY-PC20:56:20.0349 2252 UserName: Toby20:56:20.0349 2252 Windows directory: C:\Windows20:56:20.0349 2252 System windows directory: C:\Windows20:56:20.0349 2252 Running under WOW6420:56:20.0349 2252 Processor architecture: Intel x6420:56:20.0349 2252 Number of processors: 420:56:20.0349 2252 Page size: 0x100020:56:20.0349 2252 Boot type: Normal boot20:56:20.0349 2252 ============================================================20:56:21.0378 2252 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x0000004020:56:21.0378 2252 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004020:56:22.0119 2252 ============================================================20:56:22.0119 2252 \Device\Harddisk0\DR0:20:56:22.0119 2252 MBR partitions:20:56:22.0119 2252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200020:56:22.0119 2252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A35300020:56:22.0119 2252 \Device\Harddisk1\DR1:20:56:22.0120 2252 MBR partitions:20:56:22.0120 2252 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A38480020:56:22.0120 2252 ============================================================20:56:22.0135 2252 C: <-> \Device\Harddisk0\DR0\Partition220:56:22.0170 2252 E: <-> \Device\Harddisk1\DR1\Partition120:56:22.0170 2252 ============================================================20:56:22.0170 2252 Initialize success20:56:22.0170 2252 ============================================================20:57:08.0029 3888 ============================================================20:57:08.0029 3888 Scan started20:57:08.0029 3888 Mode: Manual;20:57:08.0029 3888 ============================================================20:57:09.0314 3888 ================ Scan system memory ========================20:57:09.0314 3888 System memory - ok20:57:09.0314 3888 ================ Scan services =============================20:57:09.0488 3888 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys20:57:09.0548 3888 1394ohci - ok20:57:09.0573 3888 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys20:57:09.0586 3888 ACPI - ok20:57:09.0616 3888 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys20:57:09.0625 3888 AcpiPmi - ok20:57:09.0813 3888 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe20:57:09.0813 3888 AdobeARMservice - ok20:57:10.0061 3888 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe20:57:10.0063 3888 AdobeFlashPlayerUpdateSvc - ok20:57:10.0104 3888 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys20:57:10.0124 3888 adp94xx - ok20:57:10.0155 3888 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys20:57:10.0174 3888 adpahci - ok20:57:10.0193 3888 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys20:57:10.0195 3888 adpu320 - ok20:57:10.0409 3888 [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe20:57:10.0431 3888 AdvancedSystemCareService6 - ok20:57:10.0454 3888 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll20:57:10.0455 3888 AeLookupSvc - ok20:57:10.0596 3888 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys20:57:10.0606 3888 AFD - ok20:57:10.0630 3888 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys20:57:10.0643 3888 agp440 - ok20:57:10.0656 3888 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe20:57:10.0681 3888 ALG - ok20:57:10.0704 3888 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys20:57:10.0713 3888 aliide - ok20:57:10.0734 3888 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys20:57:10.0743 3888 amdide - ok20:57:10.0760 3888 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys20:57:10.0769 3888 AmdK8 - ok20:57:10.0784 3888 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys20:57:10.0793 3888 AmdPPM - ok20:57:10.0820 3888 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys20:57:10.0838 3888 amdsata - ok20:57:10.0856 3888 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys20:57:10.0868 3888 amdsbs - ok20:57:10.0883 3888 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys20:57:10.0890 3888 amdxata - ok20:57:10.0908 3888 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys20:57:10.0963 3888 AppID - ok20:57:11.0010 3888 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll20:57:11.0035 3888 AppIDSvc - ok20:57:11.0051 3888 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll20:57:11.0054 3888 Appinfo - ok20:57:11.0103 3888 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe20:57:11.0108 3888 Apple Mobile Device - ok20:57:11.0128 3888 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys20:57:11.0128 3888 AppleCharger - ok20:57:11.0141 3888 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe20:57:11.0144 3888 AppleChargerSrv - ok20:57:11.0156 3888 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys20:57:11.0179 3888 arc - ok20:57:11.0203 3888 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys20:57:11.0229 3888 arcsas - ok20:57:11.0294 3888 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe20:57:11.0295 3888 ASDR - ok20:57:11.0465 3888 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe20:57:11.0505 3888 aspnet_state - ok20:57:11.0533 3888 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys20:57:11.0550 3888 asusgsb - ok20:57:11.0593 3888 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys20:57:11.0600 3888 AsyncMac - ok20:57:11.0613 3888 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys20:57:11.0613 3888 atapi - ok20:57:11.0651 3888 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys20:57:11.0678 3888 atkdisplf - ok20:57:11.0684 3888 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe20:57:11.0686 3888 ATKFUSService - ok20:57:11.0728 3888 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll20:57:11.0734 3888 AudioEndpointBuilder - ok20:57:11.0740 3888 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll20:57:11.0743 3888 AudioSrv - ok20:57:11.0750 3888 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll20:57:11.0755 3888 AxInstSV - ok20:57:11.0780 3888 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys20:57:11.0785 3888 b06bdrv - ok20:57:11.0801 3888 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys20:57:11.0813 3888 b57nd60a - ok20:57:11.0829 3888 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll20:57:11.0831 3888 BDESVC - ok20:57:11.0836 3888 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys20:57:11.0839 3888 Beep - ok20:57:11.0854 3888 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll20:57:11.0859 3888 BFE - ok20:57:11.0886 3888 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll20:57:11.0895 3888 BITS - ok20:57:11.0903 3888 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys20:57:11.0911 3888 blbdrive - ok20:57:12.0039 3888 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe20:57:12.0040 3888 Bonjour Service - ok20:57:12.0109 3888 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys20:57:12.0137 3888 bowser - ok20:57:12.0166 3888 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys20:57:12.0167 3888 BrFiltLo - ok20:57:12.0186 3888 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys20:57:12.0187 3888 BrFiltUp - ok20:57:12.0226 3888 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll20:57:12.0235 3888 Browser - ok20:57:12.0256 3888 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys20:57:12.0267 3888 Brserid - ok20:57:12.0274 3888 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys20:57:12.0284 3888 BrSerWdm - ok20:57:12.0295 3888 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys20:57:12.0304 3888 BrUsbMdm - ok20:57:12.0319 3888 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys20:57:12.0320 3888 BrUsbSer - ok20:57:12.0329 3888 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys20:57:12.0337 3888 BTHMODEM - ok20:57:12.0357 3888 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll20:57:12.0360 3888 bthserv - ok20:57:12.0442 3888 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files (x86)\Canon\CAL\CALMAIN.exe20:57:12.0444 3888 CCALib8 - ok20:57:12.0464 3888 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys20:57:12.0491 3888 cdfs - ok20:57:12.0515 3888 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys20:57:12.0525 3888 cdrom - ok20:57:12.0540 3888 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll20:57:12.0540 3888 CertPropSvc - ok20:57:12.0550 3888 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys20:57:12.0552 3888 circlass - ok20:57:12.0567 3888 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys20:57:12.0571 3888 CLFS - ok20:57:12.0717 3888 [ 4642B5A3E0D2E61D08163DE95FC5B949 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe20:57:12.0720 3888 CLKMSVC10_9EC60124 - ok20:57:12.0754 3888 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe20:57:12.0755 3888 clr_optimization_v2.0.50727_32 - ok20:57:12.0787 3888 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe20:57:12.0789 3888 clr_optimization_v2.0.50727_64 - ok20:57:12.0851 3888 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe20:57:12.0966 3888 clr_optimization_v4.0.30319_32 - ok20:57:12.0985 3888 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe20:57:12.0987 3888 clr_optimization_v4.0.30319_64 - ok20:57:13.0007 3888 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys20:57:13.0016 3888 CmBatt - ok20:57:13.0030 3888 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys20:57:13.0039 3888 cmdide - ok20:57:13.0086 3888 [ 0367F029425CBD5506E8DB2757FF3A8F ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys20:57:13.0151 3888 cmudaxp - ok20:57:13.0194 3888 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys20:57:13.0210 3888 CNG - ok20:57:13.0227 3888 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys20:57:13.0230 3888 Compbatt - ok20:57:13.0247 3888 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys20:57:13.0250 3888 CompositeBus - ok20:57:13.0251 3888 COMSysApp - ok20:57:13.0269 3888 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys20:57:13.0270 3888 crcdisk - ok20:57:13.0304 3888 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll20:57:13.0307 3888 CryptSvc - ok20:57:13.0360 3888 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe20:57:13.0361 3888 DAUpdaterSvc - ok20:57:13.0396 3888 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys20:57:13.0411 3888 dc3d - ok20:57:13.0499 3888 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll20:57:13.0525 3888 DcomLaunch - ok20:57:13.0554 3888 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll20:57:13.0557 3888 defragsvc - ok20:57:13.0566 3888 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys20:57:13.0569 3888 DfsC - ok20:57:13.0602 3888 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll20:57:13.0629 3888 Dhcp - ok20:57:13.0661 3888 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys20:57:13.0662 3888 discache - ok20:57:13.0679 3888 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys20:57:13.0686 3888 Disk - ok20:57:13.0737 3888 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll20:57:13.0739 3888 Dnscache - ok20:57:13.0770 3888 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll20:57:13.0795 3888 dot3svc - ok20:57:13.0799 3888 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll20:57:13.0800 3888 DPS - ok20:57:13.0836 3888 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys20:57:13.0844 3888 drmkaud - ok20:57:13.0871 3888 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys20:57:13.0876 3888 DXGKrnl - ok20:57:13.0931 3888 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys20:57:14.0221 3888 eamonm - ok20:57:14.0264 3888 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll20:57:14.0275 3888 EapHost - ok20:57:14.0490 3888 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys20:57:14.0641 3888 ebdrv - ok20:57:14.0724 3888 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe20:57:14.0724 3888 EFS - ok20:57:14.0757 3888 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys20:57:14.0766 3888 ehdrv - ok20:57:14.0839 3888 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe20:57:14.0841 3888 ehRecvr - ok20:57:14.0850 3888 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe20:57:14.0851 3888 ehSched - ok20:57:14.0922 3888 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys20:57:14.0936 3888 EIO64 - ok20:57:15.0007 3888 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe20:57:15.0011 3888 ekrn - ok20:57:15.0050 3888 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys20:57:15.0080 3888 elxstor - ok20:57:15.0135 3888 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys20:57:15.0147 3888 epfw - ok20:57:15.0205 3888 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys20:57:15.0220 3888 EpfwLWF - ok20:57:15.0249 3888 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys20:57:15.0257 3888 epfwwfp - ok20:57:15.0266 3888 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys20:57:15.0279 3888 ErrDev - ok20:57:15.0316 3888 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys20:57:15.0317 3888 etdrv - ok20:57:15.0340 3888 [ 3663291D0D26001A2BB67678AB61D14C ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys20:57:15.0349 3888 EtronHub3 - ok20:57:15.0357 3888 [ 744420D6C062C38F7361870F010D6D4B ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys20:57:15.0359 3888 EtronXHCI - ok20:57:15.0389 3888 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll20:57:15.0394 3888 EventSystem - ok20:57:15.0406 3888 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys20:57:15.0424 3888 exfat - ok20:57:15.0444 3888 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys20:57:15.0460 3888 fastfat - ok20:57:15.0481 3888 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe20:57:15.0487 3888 Fax - ok20:57:15.0505 3888 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys20:57:15.0521 3888 fdc - ok20:57:15.0534 3888 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll20:57:15.0536 3888 fdPHost - ok20:57:15.0541 3888 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll20:57:15.0560 3888 FDResPub - ok20:57:15.0582 3888 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys20:57:15.0591 3888 FileInfo - ok20:57:15.0775 3888 [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys20:57:15.0782 3888 FileMonitor - ok20:57:15.0796 3888 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys20:57:15.0841 3888 Filetrace - ok20:57:15.0879 3888 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys20:57:15.0890 3888 flpydisk - ok20:57:15.0901 3888 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys20:57:15.0920 3888 FltMgr - ok20:57:16.0001 3888 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll20:57:16.0021 3888 FontCache - ok20:57:16.0051 3888 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe20:57:16.0052 3888 FontCache3.0.0.0 - ok20:57:16.0064 3888 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys20:57:16.0075 3888 FsDepends - ok20:57:16.0115 3888 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys20:57:16.0154 3888 Fs_Rec - ok20:57:16.0177 3888 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys20:57:16.0180 3888 fvevol - ok20:57:16.0197 3888 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys20:57:16.0221 3888 gagp30kx - ok20:57:16.0264 3888 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys20:57:16.0264 3888 gdrv - ok20:57:16.0319 3888 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys20:57:16.0320 3888 GEARAspiWDM - ok20:57:16.0387 3888 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll20:57:16.0396 3888 gpsvc - ok20:57:16.0495 3888 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe20:57:16.0495 3888 gupdate - ok20:57:16.0510 3888 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe20:57:16.0511 3888 gupdatem - ok20:57:16.0557 3888 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe20:57:16.0559 3888 gusvc - ok20:57:16.0617 3888 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys20:57:16.0617 3888 GVTDrv64 - ok20:57:16.0637 3888 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys20:57:16.0640 3888 hcw85cir - ok20:57:16.0666 3888 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys20:57:16.0671 3888 HdAudAddService - ok20:57:16.0690 3888 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys20:57:16.0691 3888 HDAudBus - ok20:57:16.0704 3888 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys20:57:16.0720 3888 HidBatt - ok20:57:16.0737 3888 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys20:57:16.0747 3888 HidBth - ok20:57:16.0756 3888 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys20:57:16.0772 3888 HidIr - ok20:57:16.0801 3888 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll20:57:16.0804 3888 hidserv - ok20:57:16.0812 3888 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys20:57:16.0821 3888 HidUsb - ok20:57:16.0830 3888 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll20:57:16.0831 3888 hkmsvc - ok20:57:16.0836 3888 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll20:57:16.0839 3888 HomeGroupListener - ok20:57:16.0854 3888 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll20:57:16.0856 3888 HomeGroupProvider - ok20:57:16.0874 3888 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys20:57:16.0875 3888 HpSAMD - ok20:57:16.0899 3888 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys20:57:16.0904 3888 HTTP - ok20:57:16.0916 3888 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys20:57:16.0916 3888 hwpolicy - ok20:57:16.0927 3888 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys20:57:16.0937 3888 i8042prt - ok20:57:16.0964 3888 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys20:57:16.0976 3888 iaStorV - ok20:57:17.0110 3888 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe20:57:17.0111 3888 IDriverT - ok20:57:17.0231 3888 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe20:57:17.0235 3888 idsvc - ok20:57:17.0259 3888 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys20:57:17.0261 3888 iirsp - ok20:57:17.0289 3888 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll20:57:17.0296 3888 IKEEXT - ok20:57:17.0361 3888 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe20:57:17.0365 3888 IMFservice - ok20:57:17.0414 3888 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys20:57:17.0437 3888 IntcAzAudAddService - ok20:57:17.0455 3888 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys20:57:17.0457 3888 intelide - ok20:57:17.0470 3888 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys20:57:17.0470 3888 intelppm - ok20:57:17.0485 3888 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys20:57:17.0492 3888 IOMap - ok20:57:17.0519 3888 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll20:57:17.0540 3888 IPBusEnum - ok20:57:17.0560 3888 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys20:57:17.0581 3888 IpFilterDriver - ok20:57:17.0637 3888 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll20:57:17.0642 3888 iphlpsvc - ok20:57:17.0662 3888 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys20:57:17.0666 3888 IPMIDRV - ok20:57:17.0681 3888 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys20:57:17.0691 3888 IPNAT - ok20:57:17.0780 3888 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe20:57:17.0784 3888 iPod Service - ok20:57:17.0790 3888 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys20:57:17.0792 3888 IRENUM - ok20:57:17.0801 3888 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys20:57:17.0810 3888 isapnp - ok20:57:17.0824 3888 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys20:57:17.0834 3888 iScsiPrt - ok20:57:17.0849 3888 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys20:57:17.0850 3888 kbdclass - ok20:57:17.0859 3888 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys20:57:17.0860 3888 kbdhid - ok20:57:17.0870 3888 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe20:57:17.0871 3888 KeyIso - ok20:57:17.0921 3888 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys20:57:17.0957 3888 KSecDD - ok20:57:17.0992 3888 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys20:57:17.0997 3888 KSecPkg - ok20:57:18.0005 3888 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys20:57:18.0014 3888 ksthunk - ok20:57:18.0041 3888 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll20:57:18.0069 3888 KtmRm - ok20:57:18.0096 3888 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll20:57:18.0100 3888 LanmanServer - ok20:57:18.0122 3888 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll20:57:18.0124 3888 LanmanWorkstation - ok20:57:18.0261 3888 [ 17203D81A68D9162DB9022A1FC601778 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe20:57:18.0262 3888 LightScribeService - ok20:57:18.0304 3888 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys20:57:18.0319 3888 lltdio - ok20:57:18.0335 3888 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll20:57:18.0340 3888 lltdsvc - ok20:57:18.0357 3888 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll20:57:18.0381 3888 lmhosts - ok20:57:18.0421 3888 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys20:57:18.0436 3888 LSI_FC - ok20:57:18.0445 3888 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys20:57:18.0455 3888 LSI_SAS - ok20:57:18.0466 3888 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys20:57:18.0476 3888 LSI_SAS2 - ok20:57:18.0491 3888 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys20:57:18.0501 3888 LSI_SCSI - ok20:57:18.0520 3888 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys20:57:18.0522 3888 luafv - ok20:57:18.0569 3888 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys20:57:18.0570 3888 MBAMProtector - ok20:57:18.0690 3888 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe20:57:18.0692 3888 MBAMScheduler - ok20:57:18.0720 3888 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe20:57:18.0724 3888 MBAMService - ok20:57:18.0747 3888 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll20:57:18.0750 3888 Mcx2Svc - ok20:57:18.0772 3888 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys20:57:18.0790 3888 megasas - ok20:57:18.0824 3888 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys20:57:18.0836 3888 MegaSR - ok20:57:18.0870 3888 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys20:57:18.0871 3888 MEIx64 - ok20:57:18.0890 3888 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll20:57:18.0891 3888 MMCSS - ok20:57:18.0906 3888 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys20:57:18.0930 3888 Modem - ok20:57:18.0965 3888 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys20:57:18.0966 3888 monitor - ok20:57:18.0976 3888 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys20:57:18.0977 3888 mouclass - ok20:57:19.0001 3888 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys20:57:19.0002 3888 mouhid - ok20:57:19.0005 3888 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys20:57:19.0006 3888 mountmgr - ok20:57:19.0017 3888 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys20:57:19.0021 3888 mpio - ok20:57:19.0036 3888 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys20:57:19.0045 3888 mpsdrv - ok20:57:19.0146 3888 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll20:57:19.0164 3888 MpsSvc - ok20:57:19.0181 3888 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys20:57:19.0184 3888 MRxDAV - ok20:57:19.0220 3888 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys20:57:19.0224 3888 mrxsmb - ok20:57:19.0264 3888 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys20:57:19.0281 3888 mrxsmb10 - ok20:57:19.0292 3888 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys20:57:19.0302 3888 mrxsmb20 - ok20:57:19.0326 3888 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys20:57:19.0335 3888 msahci - ok20:57:19.0352 3888 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys20:57:19.0362 3888 msdsm - ok20:57:19.0380 3888 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe20:57:19.0399 3888 MSDTC - ok20:57:19.0417 3888 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys20:57:19.0420 3888 Msfs - ok20:57:19.0426 3888 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys20:57:19.0444 3888 mshidkmdf - ok20:57:19.0465 3888 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys20:57:19.0474 3888 msisadrv - ok20:57:19.0502 3888 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll20:57:19.0522 3888 MSiSCSI - ok20:57:19.0525 3888 msiserver - ok20:57:19.0545 3888 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys20:57:19.0546 3888 MSKSSRV - ok20:57:19.0556 3888 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys20:57:19.0559 3888 MSPCLOCK - ok20:57:19.0565 3888 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys20:57:19.0574 3888 MSPQM - ok20:57:19.0586 3888 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys20:57:19.0590 3888 MsRPC - ok20:57:19.0600 3888 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys20:57:19.0601 3888 mssmbios - ok20:57:19.0602 3888 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys20:57:19.0604 3888 MSTEE - ok20:57:19.0622 3888 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys20:57:19.0625 3888 MTConfig - ok20:57:19.0642 3888 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys20:57:19.0651 3888 Mup - ok20:57:19.0724 3888 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll20:57:19.0749 3888 napagent - ok20:57:19.0759 3888 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys20:57:19.0777 3888 NativeWifiP - ok20:57:19.0905 3888 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys20:57:19.0914 3888 NDIS - ok20:57:19.0926 3888 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys20:57:19.0936 3888 NdisCap - ok20:57:19.0953 3888 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys20:57:19.0955 3888 NdisTapi - ok20:57:19.0963 3888 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys20:57:19.0967 3888 Ndisuio - ok20:57:19.0976 3888 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys20:57:19.0986 3888 NdisWan - ok20:57:19.0996 3888 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys20:57:20.0012 3888 NDProxy - ok20:57:20.0018 3888 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys20:57:20.0028 3888 NetBIOS - ok20:57:20.0036 3888 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys20:57:20.0038 3888 NetBT - ok20:57:20.0043 3888 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe20:57:20.0043 3888 Netlogon - ok20:57:20.0060 3888 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll20:57:20.0065 3888 Netman - ok20:57:20.0095 3888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe20:57:20.0122 3888 NetMsmqActivator - ok20:57:20.0125 3888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe20:57:20.0126 3888 NetPipeActivator - ok20:57:20.0146 3888 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll20:57:20.0151 3888 netprofm - ok20:57:20.0153 3888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe20:57:20.0153 3888 NetTcpActivator - ok20:57:20.0156 3888 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe20:57:20.0157 3888 NetTcpPortSharing - ok20:57:20.0180 3888 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys20:57:20.0196 3888 nfrd960 - ok20:57:20.0243 3888 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll20:57:20.0246 3888 NlaSvc - ok20:57:20.0258 3888 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys20:57:20.0267 3888 Npfs - ok20:57:20.0281 3888 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll20:57:20.0282 3888 nsi - ok20:57:20.0287 3888 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys20:57:20.0287 3888 nsiproxy - ok20:57:20.0421 3888 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys20:57:20.0470 3888 Ntfs - ok20:57:20.0486 3888 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys20:57:20.0495 3888 Null - ok20:57:20.0533 3888 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys20:57:20.0553 3888 NVHDA - ok20:57:20.0873 3888 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys20:57:20.0920 3888 nvlddmkm - ok20:57:20.0983 3888 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys20:57:20.0993 3888 nvraid - ok20:57:21.0011 3888 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys20:57:21.0028 3888 nvstor - ok20:57:21.0155 3888 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe20:57:21.0180 3888 nvsvc - ok20:57:21.0331 3888 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe20:57:21.0336 3888 nvUpdatusService - ok20:57:21.0348 3888 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys20:57:21.0386 3888 nv_agp - ok20:57:21.0405 3888 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys20:57:21.0423 3888 ohci1394 - ok20:57:21.0441 3888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll20:57:21.0445 3888 p2pimsvc - ok20:57:21.0458 3888 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll20:57:21.0463 3888 p2psvc - ok20:57:21.0480 3888 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys20:57:21.0490 3888 Parport - ok20:57:21.0522 3888 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys20:57:21.0531 3888 partmgr - ok20:57:21.0541 3888 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll20:57:21.0542 3888 PcaSvc - ok20:57:21.0552 3888 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys20:57:21.0570 3888 pci - ok20:57:21.0580 3888 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys20:57:21.0588 3888 pciide - ok20:57:21.0603 3888 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys20:57:21.0630 3888 pcmcia - ok20:57:21.0648 3888 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys20:57:21.0657 3888 pcw - ok20:57:21.0678 3888 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys20:57:21.0693 3888 PEAUTH - ok20:57:21.0750 3888 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe20:57:21.0751 3888 PerfHost - ok20:57:21.0798 3888 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll20:57:21.0853 3888 pla - ok20:57:21.0901 3888 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll20:57:21.0905 3888 PlugPlay - ok20:57:21.0911 3888 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll20:57:21.0915 3888 PNRPAutoReg - ok20:57:21.0923 3888 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll20:57:21.0926 3888 PNRPsvc - ok20:57:21.0961 3888 [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64 C:\Windows\system32\DRIVERS\point64.sys20:57:21.0978 3888 Point64 - ok20:57:22.0025 3888 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll20:57:22.0041 3888 PolicyAgent - ok20:57:22.0065 3888 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll20:57:22.0067 3888 Power - ok20:57:22.0103 3888 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys20:57:22.0127 3888 PptpMiniport - ok20:57:22.0160 3888 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys20:57:22.0182 3888 Processor - ok20:57:22.0222 3888 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll20:57:22.0225 3888 ProfSvc - ok20:57:22.0232 3888 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe20:57:22.0234 3888 ProtectedStorage - ok20:57:22.0240 3888 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys20:57:22.0241 3888 Psched - ok20:57:22.0300 3888 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys20:57:22.0326 3888 ql2300 - ok20:57:22.0340 3888 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys20:57:22.0344 3888 ql40xx - ok20:57:22.0367 3888 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll20:57:22.0371 3888 QWAVE - ok20:57:22.0381 3888 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys20:57:22.0407 3888 QWAVEdrv - ok20:57:22.0425 3888 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys20:57:22.0435 3888 RasAcd - ok20:57:22.0445 3888 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys20:57:22.0447 3888 RasAgileVpn - ok20:57:22.0456 3888 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll20:57:22.0460 3888 RasAuto - ok20:57:22.0471 3888 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys20:57:22.0489 3888 Rasl2tp - ok20:57:22.0511 3888 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll20:57:22.0516 3888 RasMan - ok20:57:22.0525 3888 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys20:57:22.0527 3888 RasPppoe - ok20:57:22.0534 3888 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys20:57:22.0547 3888 RasSstp - ok20:57:22.0559 3888 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys20:57:22.0562 3888 rdbss - ok20:57:22.0580 3888 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys20:57:22.0596 3888 rdpbus - ok20:57:22.0620 3888 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys20:57:22.0620 3888 RDPCDD - ok20:57:22.0626 3888 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys20:57:22.0627 3888 RDPENCDD - ok20:57:22.0630 3888 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys20:57:22.0631 3888 RDPREFMP - ok20:57:22.0669 3888 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys20:57:22.0671 3888 RdpVideoMiniport - ok20:57:22.0726 3888 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys20:57:22.0737 3888 RDPWD - ok20:57:22.0747 3888 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys20:57:22.0751 3888 rdyboost - ok20:57:22.0801 3888 [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys20:57:22.0809 3888 RegFilter - ok20:57:22.0835 3888 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll20:57:22.0839 3888 RemoteAccess - ok20:57:22.0860 3888 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll20:57:22.0864 3888 RemoteRegistry - ok20:57:22.0985 3888 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe20:57:22.0986 3888 RichVideo - ok20:57:22.0995 3888 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll20:57:22.0996 3888 RpcEptMapper - ok20:57:23.0016 3888 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe20:57:23.0019 3888 RpcLocator - ok20:57:23.0031 3888 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll20:57:23.0035 3888 RpcSs - ok20:57:23.0052 3888 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys20:57:23.0062 3888 rspndr - ok20:57:23.0084 3888 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys20:57:23.0094 3888 RTL8167 - ok20:57:23.0099 3888 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe20:57:23.0100 3888 SamSs - ok20:57:23.0114 3888 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys20:57:23.0124 3888 sbp2port - ok20:57:23.0142 3888 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll20:57:23.0146 3888 SCardSvr - ok20:57:23.0155 3888 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys20:57:23.0164 3888 scfilter - ok20:57:23.0187 3888 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll20:57:23.0207 3888 Schedule - ok20:57:23.0221 3888 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll20:57:23.0221 3888 SCPolicySvc - ok20:57:23.0255 3888 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll20:57:23.0259 3888 SDRSVC - ok20:57:23.0407 3888 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe20:57:23.0411 3888 SDScannerService - ok20:57:23.0436 3888 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe20:57:23.0442 3888 SDUpdateService - ok20:57:23.0480 3888 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe20:57:23.0480 3888 SDWSCService - ok20:57:23.0509 3888 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys20:57:23.0517 3888 secdrv - ok20:57:23.0546 3888 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll20:57:23.0575 3888 seclogon - ok20:57:23.0585 3888 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll20:57:23.0589 3888 SENS - ok20:57:23.0597 3888 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll20:57:23.0601 3888 SensrSvc - ok20:57:23.0602 3888 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys20:57:23.0611 3888 Serenum - ok20:57:23.0622 3888 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys20:57:23.0650 3888 Serial - ok20:57:23.0664 3888 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys20:57:23.0674 3888 sermouse - ok20:57:23.0691 3888 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll20:57:23.0695 3888 SessionEnv - ok20:57:23.0707 3888 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys20:57:23.0716 3888 sffdisk - ok20:57:23.0726 3888 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys20:57:23.0736 3888 sffp_mmc - ok20:57:23.0746 3888 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys20:57:23.0747 3888 sffp_sd - ok20:57:23.0754 3888 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys20:57:23.0765 3888 sfloppy - ok20:57:23.0792 3888 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll20:57:23.0796 3888 SharedAccess - ok20:57:23.0819 3888 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll20:57:23.0824 3888 ShellHWDetection - ok20:57:23.0841 3888 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys20:57:23.0857 3888 SiSRaid2 - ok20:57:23.0886 3888 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys20:57:24.0306 3888 SiSRaid4 - ok20:57:24.0482 3888 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe20:57:24.0484 3888 Smart TimeLock - ok20:57:24.0560 3888 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys20:57:24.0567 3888 SmartDefragDriver - ok20:57:24.0585 3888 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys20:57:24.0601 3888 Smb - ok20:57:24.0619 3888 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe20:57:24.0621 3888 SNMPTRAP - ok20:57:24.0644 3888 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys20:57:24.0651 3888 spldr - ok20:57:24.0720 3888 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe20:57:24.0730 3888 Spooler - ok20:57:24.0774 3888 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe20:57:24.0826 3888 sppsvc - ok20:57:24.0854 3888 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll20:57:24.0857 3888 sppuinotify - ok20:57:24.0921 3888 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys20:57:24.0954 3888 srv - ok20:57:24.0970 3888 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys20:57:24.0981 3888 srv2 - ok20:57:25.0026 3888 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys20:57:25.0029 3888 srvnet - ok20:57:25.0051 3888 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll20:57:25.0055 3888 SSDPSRV - ok20:57:25.0076 3888 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll20:57:25.0079 3888 SstpSvc - ok20:57:25.0104 3888 Steam Client Service - ok20:57:25.0241 3888 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe20:57:25.0244 3888 Stereo Service - ok20:57:25.0284 3888 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys20:57:25.0299 3888 stexstor - ok20:57:25.0324 3888 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll20:57:25.0330 3888 stisvc - ok20:57:25.0335 3888 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys20:57:25.0342 3888 swenum - ok20:57:25.0354 3888 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll20:57:25.0360 3888 swprv - ok20:57:25.0397 3888 [ BCB6AA197267D3506BE2535342FC40E0 ] SynUSB64 C:\Windows\system32\DRIVERS\SynUSB64.sys20:57:25.0397 3888 SynUSB64 - ok20:57:25.0441 3888 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll20:57:25.0467 3888 SysMain - ok20:57:25.0484 3888 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll20:57:25.0487 3888 TabletInputService - ok20:57:25.0496 3888 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll20:57:25.0501 3888 TapiSrv - ok20:57:25.0511 3888 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll20:57:25.0512 3888 TBS - ok20:57:25.0706 3888 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys20:57:25.0755 3888 Tcpip - ok20:57:25.0805 3888 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys20:57:25.0811 3888 TCPIP6 - ok20:57:25.0879 3888 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys20:57:25.0880 3888 tcpipreg - ok20:57:25.0906 3888 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys20:57:25.0915 3888 TDPIPE - ok20:57:25.0954 3888 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys20:57:25.0969 3888 TDTCP - ok20:57:25.0977 3888 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys20:57:25.0987 3888 tdx - ok20:57:25.0999 3888 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys20:57:26.0006 3888 TermDD - ok20:57:26.0036 3888 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll20:57:26.0042 3888 TermService - ok20:57:26.0047 3888 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll20:57:26.0049 3888 Themes - ok20:57:26.0066 3888 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll20:57:26.0067 3888 THREADORDER - ok20:57:26.0075 3888 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll20:57:26.0076 3888 TrkWks - ok20:57:26.0136 3888 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe20:57:26.0137 3888 TrustedInstaller - ok20:57:26.0146 3888 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys20:57:26.0160 3888 tssecsrv - ok20:57:26.0199 3888 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys20:57:26.0202 3888 TsUsbFlt - ok20:57:26.0240 3888 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys20:57:26.0252 3888 TsUsbGD - ok20:57:26.0266 3888 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys20:57:26.0276 3888 tunnel - ok20:57:26.0284 3888 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys20:57:26.0294 3888 uagp35 - ok20:57:26.0309 3888 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys20:57:26.0312 3888 udfs - ok20:57:26.0335 3888 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe20:57:26.0337 3888 UI0Detect - ok20:57:26.0347 3888 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys20:57:26.0357 3888 uliagpkx - ok20:57:26.0370 3888 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys20:57:26.0379 3888 umbus - ok20:57:26.0389 3888 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys20:57:26.0396 3888 UmPass - ok20:57:26.0410 3888 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll20:57:26.0416 3888 upnphost - ok20:57:26.0422 3888 [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys20:57:26.0430 3888 UrlFilter - ok20:57:26.0474 3888 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys20:57:26.0505 3888 usbaudio - ok20:57:26.0562 3888 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys20:57:26.0574 3888 usbccgp - ok20:57:26.0599 3888 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys20:57:26.0601 3888 usbcir - ok20:57:26.0644 3888 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys20:57:26.0660 3888 usbehci - ok20:57:26.0675 3888 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys20:57:26.0686 3888 usbhub - ok20:57:26.0702 3888 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys20:57:26.0711 3888 usbohci - ok20:57:26.0719 3888 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys20:57:26.0727 3888 usbprint - ok20:57:26.0764 3888 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys20:57:26.0766 3888 usbscan - ok20:57:26.0786 3888 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS20:57:26.0802 3888 USBSTOR - ok20:57:26.0840 3888 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys20:57:26.0864 3888 usbuhci - ok20:57:26.0887 3888 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll20:57:26.0889 3888 UxSms - ok20:57:26.0895 3888 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe20:57:26.0895 3888 VaultSvc - ok20:57:26.0901 3888 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys20:57:26.0916 3888 vdrvroot - ok20:57:26.0931 3888 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe20:57:26.0937 3888 vds - ok20:57:26.0949 3888 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys20:57:26.0950 3888 vga - ok20:57:26.0961 3888 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys20:57:26.0970 3888 VgaSave - ok20:57:26.0984 3888 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys20:57:26.0985 3888 vhdmp - ok20:57:26.0999 3888 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys20:57:27.0007 3888 viaide - ok20:57:27.0016 3888 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys20:57:27.0032 3888 volmgr - ok20:57:27.0041 3888 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys20:57:27.0045 3888 volmgrx - ok20:57:27.0055 3888 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys20:57:27.0070 3888 volsnap - ok20:57:27.0072 3888 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys20:57:27.0084 3888 vsmraid - ok20:57:27.0112 3888 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe20:57:27.0146 3888 VSS - ok20:57:27.0164 3888 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys20:57:27.0226 3888 vwifibus - ok20:57:27.0260 3888 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll20:57:27.0262 3888 W32Time - ok20:57:27.0286 3888 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys20:57:27.0289 3888 WacomPen - ok20:57:27.0307 3888 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys20:57:27.0317 3888 WANARP - ok20:57:27.0319 3888 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys20:57:27.0320 3888 Wanarpv6 - ok20:57:27.0370 3888 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe20:57:27.0387 3888 WatAdminSvc - ok20:57:27.0421 3888 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe20:57:27.0446 3888 wbengine - ok20:57:27.0459 3888 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll20:57:27.0482 3888 WbioSrvc - ok20:57:27.0510 3888 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll20:57:27.0514 3888 wcncsvc - ok20:57:27.0524 3888 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll20:57:27.0526 3888 WcsPlugInService - ok20:57:27.0537 3888 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys20:57:27.0540 3888 Wd - ok20:57:27.0585 3888 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys20:57:27.0600 3888 Wdf01000 - ok20:57:27.0610 3888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll20:57:27.0614 3888 WdiServiceHost - ok20:57:27.0616 3888 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll20:57:27.0617 3888 WdiSystemHost - ok20:57:27.0626 3888 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll20:57:27.0630 3888 WebClient - ok20:57:27.0666 3888 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll20:57:27.0670 3888 Wecsvc - ok20:57:27.0679 3888 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll20:57:27.0680 3888 wercplsupport - ok20:57:27.0687 3888 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll20:57:27.0690 3888 WerSvc - ok20:57:27.0701 3888 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys20:57:27.0727 3888 WfpLwf - ok20:57:27.0747 3888 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys20:57:27.0756 3888 WIMMount - ok20:57:27.0771 3888 WinDefend - ok20:57:27.0774 3888 WinHttpAutoProxySvc - ok20:57:27.0842 3888 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll20:57:27.0845 3888 Winmgmt - ok20:57:28.0012 3888 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll20:57:28.0074 3888 WinRM - ok20:57:28.0119 3888 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys20:57:28.0137 3888 WinUsb - ok20:57:28.0174 3888 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll20:57:28.0184 3888 Wlansvc - ok20:57:28.0195 3888 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys20:57:28.0204 3888 WmiAcpi - ok20:57:28.0247 3888 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe20:57:28.0250 3888 wmiApSrv - ok20:57:28.0267 3888 WMPNetworkSvc - ok20:57:28.0277 3888 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll20:57:28.0296 3888 WPCSvc - ok20:57:28.0316 3888 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll20:57:28.0320 3888 WPDBusEnum - ok20:57:28.0337 3888 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys20:57:28.0346 3888 ws2ifsl - ok20:57:28.0357 3888 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll20:57:28.0361 3888 wscsvc - ok20:57:28.0362 3888 WSearch - ok20:57:28.0435 3888 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll20:57:28.0469 3888 wuauserv - ok20:57:28.0514 3888 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys20:57:28.0521 3888 WudfPf - ok20:57:28.0535 3888 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys20:57:28.0539 3888 WUDFRd - ok20:57:28.0550 3888 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll20:57:28.0554 3888 wudfsvc - ok20:57:28.0562 3888 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll20:57:28.0567 3888 WwanSvc - ok20:57:28.0570 3888 ================ Scan global ===============================20:57:28.0604 3888 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll20:57:28.0661 3888 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll20:57:28.0685 3888 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll20:57:28.0719 3888 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll20:57:28.0734 3888 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe20:57:28.0736 3888 [Global] - ok20:57:28.0737 3888 ================ Scan MBR ==================================20:57:28.0745 3888 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR020:57:29.0046 3888 \Device\Harddisk0\DR0 - ok20:57:29.0047 3888 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR120:57:29.0049 3888 \Device\Harddisk1\DR1 - ok20:57:29.0049 3888 ================ Scan VBR ==================================20:57:29.0050 3888 [ C6A3356EA53A2FC381443A0F469D2C25 ] \Device\Harddisk0\DR0\Partition120:57:29.0051 3888 \Device\Harddisk0\DR0\Partition1 - ok20:57:29.0061 3888 [ 150858403BAF5A9D810024385B13D4C6 ] \Device\Harddisk0\DR0\Partition220:57:29.0062 3888 \Device\Harddisk0\DR0\Partition2 - ok20:57:29.0064 3888 [ 09346912387DB948BF39C01BC4C83866 ] \Device\Harddisk1\DR1\Partition120:57:29.0065 3888 \Device\Harddisk1\DR1\Partition1 - ok20:57:29.0065 3888 ============================================================20:57:29.0065 3888 Scan finished20:57:29.0065 3888 ============================================================20:57:29.0070 3632 Detected object count: 020:57:29.0070 3632 Actual detected object count: 0 Link to post Share on other sites More sharing options...
Robybel Posted March 28, 2013 ID:662129 Share Posted March 28, 2013 Hi aardvark2012 Ok; Thanks for your informations===========================Please read through these instructions to familarize yourself with what to expect when this tool runsRefer to the ComboFix User's Guide Download ComboFix from one of these locations:Link 1Link 2 * IMPORTANT- Save ComboFix.exe to your Desktop==================================================== Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs ==================================================== Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
aardvark2012 Posted March 28, 2013 Author ID:662211 Share Posted March 28, 2013 I ran ComboFix twice, because I discovered from the first log file that I'd left some bit of SpyBot running in the background (despite having gone through the task manager closing processes). Second time seemed to get it right. This is the second log file (I still have the first one, if you need to see it).ComboFix 13-03-28.01 - Toby 29/03/2013 8:42.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8175.6289 [GMT 10.5:30]Running from: c:\users\Toby\Desktop\ComboFix.exeAV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))..2013-03-28 22:16 . 2013-03-28 22:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-03-28 22:16 . 2013-03-28 22:16 -------- d-----w- c:\users\UpdatusUser.Toby-PC\AppData\Local\temp2013-03-28 22:16 . 2013-03-28 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-26 08:55 . 2013-03-26 08:55 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes2013-03-26 08:55 . 2013-03-26 08:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-03-26 08:55 . 2013-03-26 08:55 -------- d-----w- c:\programdata\Malwarebytes2013-03-26 08:55 . 2012-12-14 06:19 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-23 04:18 . 2013-03-23 04:18 -------- d-----w- c:\program files (x86)\ERUNT2013-03-22 00:43 . 2010-11-26 07:32 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-03-13 09:15 . 2013-03-13 09:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-13 03:58 . 2013-03-13 03:58 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-03-13 03:30 . 2013-03-13 03:31 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center2013-03-12 18:22 . 2013-03-12 18:22 15859416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-03-11 03:27 . 2013-03-22 23:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-03-11 03:26 . 2009-01-25 01:44 17272 ----a-w- c:\windows\system32\sdnclean64.exe2013-03-11 03:26 . 2013-03-11 03:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Toby\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-28 22:01 . 2011-09-20 23:36 25640 ----a-w- c:\windows\gdrv.sys2013-03-13 12:11 . 2011-09-20 23:42 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-13 03:58 . 2012-08-09 22:19 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-13 03:58 . 2012-08-09 22:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-03-12 18:22 . 2012-04-02 15:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-03-12 18:22 . 2011-09-24 23:38 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-25 14:02 . 2013-02-25 14:02 25256224 ----a-w- c:\windows\system32\nvcompiler.dll2013-02-25 14:02 . 2012-01-07 06:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll2013-02-25 14:02 . 2012-01-07 06:23 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll2013-02-25 14:02 . 2013-02-25 14:02 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll2013-02-25 14:02 . 2012-01-07 06:22 2826040 ----a-w- c:\windows\system32\nvapi64.dll2013-02-25 14:02 . 2012-10-10 10:53 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll2013-02-25 14:02 . 2012-02-22 00:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll2013-02-25 14:02 . 2012-01-07 07:14 1814304 ----a-w- c:\windows\system32\nvdispco64.dll2013-02-25 14:02 . 2013-02-25 14:02 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll2013-02-25 14:02 . 2013-02-25 14:02 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll2013-02-25 14:02 . 2013-02-25 14:02 26929440 ----a-w- c:\windows\system32\nvoglv64.dll2013-02-25 14:02 . 2013-02-25 14:02 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll2013-02-25 14:02 . 2013-02-25 14:02 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll2013-02-25 14:02 . 2013-02-25 14:02 245872 ----a-w- c:\windows\system32\nvinitx.dll2013-02-25 14:02 . 2013-02-25 14:02 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2013-02-25 14:02 . 2012-10-10 10:53 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll2013-02-25 14:02 . 2013-02-25 14:02 2904352 ----a-w- c:\windows\system32\nvcuvid.dll2013-02-25 14:02 . 2013-02-25 14:02 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll2013-02-25 14:02 . 2012-01-07 06:23 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll2013-02-25 14:02 . 2013-02-25 14:02 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll2013-02-25 14:02 . 2013-02-25 14:02 7564040 ----a-w- c:\windows\system32\nvopencl.dll2013-02-25 14:02 . 2013-02-25 14:02 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2013-02-25 14:02 . 2013-02-25 14:02 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2013-02-25 14:02 . 2013-02-25 14:02 9390760 ----a-w- c:\windows\system32\nvcuda.dll2013-02-25 14:02 . 2013-02-25 14:02 201576 ----a-w- c:\windows\SysWow64\nvinit.dll2013-02-17 22:52 . 2013-02-17 22:52 31080 ----a-w- c:\windows\system32\nvhdap64.dll2013-02-17 22:52 . 2012-02-22 00:23 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll2013-02-17 22:52 . 2013-02-17 22:52 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2013-02-13 02:40 . 2013-02-13 02:40 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-13 02:40 . 2013-02-13 02:40 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-13 02:40 . 2013-02-13 02:40 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-02-13 02:36 . 2013-02-13 02:36 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2013-02-13 02:36 . 2013-02-13 02:36 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-02-13 02:35 . 2013-02-13 02:35 3153408 ----a-w- c:\windows\system32\win32k.sys2013-02-13 02:35 . 2013-02-13 02:35 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-02-13 02:35 . 2013-02-13 02:35 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-02-13 02:35 . 2013-02-13 02:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-02-13 02:35 . 2013-02-13 02:35 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-02-13 02:35 . 2013-02-13 02:35 215040 ----a-w- c:\windows\system32\winsrv.dll2013-02-13 02:35 . 2013-02-13 02:35 2048 ----a-w- c:\windows\SysWow64\user.exe2013-02-13 02:35 . 2013-02-13 02:35 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-02-12 05:45 . 2013-03-13 03:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45 . 2013-03-13 03:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45 . 2013-03-13 03:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45 . 2013-03-13 03:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48 . 2013-03-13 03:11 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-02-12 04:48 . 2013-03-13 03:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-01-29 07:45 . 2013-01-29 07:45 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll2013-01-29 07:45 . 2013-01-29 07:45 828872 ----a-w- c:\windows\system32\msvcr110.dll2013-01-29 07:45 . 2013-01-29 07:45 661448 ----a-w- c:\windows\system32\msvcp110.dll2013-01-29 07:45 . 2013-01-29 07:45 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll2013-01-29 07:45 . 2013-01-29 07:45 354264 ----a-w- c:\windows\system32\vccorlib110.dll2013-01-29 07:45 . 2013-01-29 07:45 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll2013-01-29 07:45 . 2013-01-29 07:45 50800 ----a-w- c:\windows\system32\drivers\point64.sys2013-01-21 00:42 . 2013-01-21 00:42 2177664 ----a-w- c:\windows\system32\coin93.dll2013-01-18 15:00 . 2012-02-22 00:23 6390048 ----a-w- c:\windows\system32\nvcpl.dll2013-01-18 15:00 . 2012-02-22 00:23 3460896 ----a-w- c:\windows\system32\nvsvc64.dll2013-01-18 15:00 . 2012-11-18 16:32 2558240 ----a-w- c:\windows\system32\nvsvcr.dll2013-01-18 15:00 . 2012-02-22 00:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe2013-01-18 15:00 . 2012-02-22 00:23 63776 ----a-w- c:\windows\system32\nvshext.dll2013-01-18 15:00 . 2012-02-22 00:23 2953448 ----a-w- c:\windows\system32\nvcoproc.bin2013-01-18 15:00 . 2012-02-22 00:23 118560 ----a-w- c:\windows\system32\nvmctray.dll2013-01-17 21:45 . 2013-01-17 21:45 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe2013-01-15 08:19 . 2011-11-25 02:51 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-25 39408]"Steam"="c:\program files (x86)\steam\steam.exe" [2013-02-17 1597864]"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]"UpdatePSTShortCut"="c:\program files (x86)\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" [2010-06-02 222504]"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2013-02-18 27760]"UCam_Menu"="c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" [2009-02-17 218408]"UpdatePPShortCut"="c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" [2008-12-03 218408]"BDRegion"="c:\program files (x86)\cyberlink\shared files\brs.exe" [2010-11-23 75048]"RemoteControl9"="c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe" [2010-08-02 87336]"UpdateP2GoShortCut"="c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" [2009-05-19 222504]"CLMLServer"="c:\program files (x86)\cyberlink\power2go\clmlsvc.exe" [2009-12-15 103720]"MDS_Menu"="c:\program files (x86)\cyberlink\mediashow4\muitransfer\muistartmenu.exe" [2009-02-25 218408]"UpdateLBPShortCut"="c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" [2009-05-19 222504]"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer9"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/22 14:59;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-09-25 25640]R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-01 19456]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-01 57856]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-01 30208]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-20 1255736]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-03 62496]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-03 146432]S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-01-07 16384]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-03 38288]S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-17 383264]S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2009-06-26 30352]S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - CLKMDRV10_9EC60124.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2010-04-22 03:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:22].2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 12:27].2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 12:27]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752].[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}][HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com.au/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Notify-SDWinLogon - SDWinLogon.dll...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:b8,33,f5,ef,01,c4,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,60,69,f2,56,dd,50,44,88,91,2c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,60,69,f2,56,dd,50,44,88,91,2c,\.[HKEY_USERS\S-1-5-21-215604361-2767803132-3690170996-1000\Software\SecuROM\License information*]"datasecu"=hex:6b,c0,c7,79,1b,ce,9b,20,36,c0,97,d6,ec,fd,8a,2b,94,97,a5,c0,99, 1b,c7,79,15,c0,b2,f6,b9,fb,1a,db,ec,05,9e,a0,3a,bf,59,0f,d0,99,f9,49,7d,06,\"rkeysecu"=hex:ce,0f,df,1f,00,6f,23,70,fd,ed,88,e7,eb,68,81,f7.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-29 08:47:23ComboFix-quarantined-files.txt 2013-03-28 22:17.Pre-Run: 241,180,471,296 bytes freePost-Run: 241,102,422,016 bytes free.- - End Of File - - 74762B87027C36AEE5828BB00AC7331DThanksToby Link to post Share on other sites More sharing options...
aardvark2012 Posted March 28, 2013 Author ID:662216 Share Posted March 28, 2013 Something seems to be fixed! I can now get to the nVidia website to download updated drivers. That was blocked earlier. Steam still isn't running (though that could be a different issue). Not sure about the xtendmedia popups -- I don't have one right now, but they weren't always there. Link to post Share on other sites More sharing options...
Robybel Posted March 29, 2013 ID:662324 Share Posted March 29, 2013 Hi aardvarkPlease follow all previous instructions regarding security programs. Open a new Notepad session Click the Start button, click runin the run box type notepadclick okIn the notepad, Click "Format" and be certain that Word Wrap is not checked.Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODEClearJavaCacheIn the notepad Click File, Save as..., and set the Save in to your DesktopIn the filename box, type (including quotation marks) as the filename: "CFScript.txt"Click saveUsing your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.This will start ComboFix again.Close all browser/windows first.**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**NextPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. ESET Online ScannerI'd like us to scan your machine with ESET OnlineScanNote: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.*NoteIt is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.Please don't go surfing while your resident protection is disabled!Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Make sure that the option "Remove found threats" is UncheckedPush the Start button.ESET will then download updates for itself, install itself, and beginscanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.Push the Back button.Select Uninstall application on close check box and push About your Ac.xtendmedia problem, I think it is solved, as far as steam, we need to understand where is the problem .On your next reply please post :Your first combofix logMalwarebytes logEset reportLet me know if you have any problems in performing with the steps above or any questions you may have.Good Day! Link to post Share on other sites More sharing options...
aardvark2012 Posted March 29, 2013 Author ID:662336 Share Posted March 29, 2013 Here's the ComboFix and Malwarebytes logs. The online ESET scan didn't find anything, so no log to post. Malwarebytes didn't find anything either, but I've posted the log anyway. One other symptom (if it helps at all) is that a lot of the icons on various websites are weirdly corrupted.CheersComboFix 13-03-28.01 - Toby 29/03/2013 16:39:55.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8175.6313 [GMT 10.5:30]Running from: c:\users\Toby\Desktop\ComboFix.exeCommand switches used :: c:\users\Toby\Desktop\CFScript.txtAV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))))..2013-03-29 06:12 . 2013-03-29 06:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-03-29 06:12 . 2013-03-29 06:12 -------- d-----w- c:\users\UpdatusUser.Toby-PC\AppData\Local\temp2013-03-29 06:12 . 2013-03-29 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-26 08:55 . 2013-03-26 08:55 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes2013-03-26 08:55 . 2013-03-26 08:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-03-26 08:55 . 2013-03-26 08:55 -------- d-----w- c:\programdata\Malwarebytes2013-03-26 08:55 . 2012-12-14 06:19 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-23 04:18 . 2013-03-23 04:18 -------- d-----w- c:\program files (x86)\ERUNT2013-03-22 00:43 . 2010-11-26 07:32 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-03-13 09:15 . 2013-03-13 09:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-13 03:58 . 2013-03-13 03:58 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-03-13 03:30 . 2013-03-13 03:31 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center2013-03-12 18:22 . 2013-03-12 18:22 15859416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-03-11 03:27 . 2013-03-22 23:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy2013-03-11 03:26 . 2009-01-25 01:44 17272 ----a-w- c:\windows\system32\sdnclean64.exe2013-03-11 03:26 . 2013-03-11 03:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22013-03-11 03:25 . 2013-03-11 03:25 -------- d-----w- c:\users\Toby\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-28 22:37 . 2011-09-20 23:36 25640 ----a-w- c:\windows\gdrv.sys2013-03-13 12:11 . 2011-09-20 23:42 72013344 ----a-w- c:\windows\system32\MRT.exe2013-03-13 03:58 . 2012-08-09 22:19 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-13 03:58 . 2012-08-09 22:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-03-12 18:22 . 2012-04-02 15:25 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-03-12 18:22 . 2011-09-24 23:38 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-25 14:02 . 2013-02-25 14:02 25256224 ----a-w- c:\windows\system32\nvcompiler.dll2013-02-25 14:02 . 2012-01-07 06:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll2013-02-25 14:02 . 2012-01-07 06:23 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll2013-02-25 14:02 . 2013-02-25 14:02 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll2013-02-25 14:02 . 2012-01-07 06:22 2826040 ----a-w- c:\windows\system32\nvapi64.dll2013-02-25 14:02 . 2012-10-10 10:53 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll2013-02-25 14:02 . 2012-02-22 00:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll2013-02-25 14:02 . 2012-01-07 07:14 1814304 ----a-w- c:\windows\system32\nvdispco64.dll2013-02-25 14:02 . 2013-02-25 14:02 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll2013-02-25 14:02 . 2013-02-25 14:02 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll2013-02-25 14:02 . 2013-02-25 14:02 26929440 ----a-w- c:\windows\system32\nvoglv64.dll2013-02-25 14:02 . 2013-02-25 14:02 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll2013-02-25 14:02 . 2013-02-25 14:02 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll2013-02-25 14:02 . 2013-02-25 14:02 245872 ----a-w- c:\windows\system32\nvinitx.dll2013-02-25 14:02 . 2013-02-25 14:02 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2013-02-25 14:02 . 2012-10-10 10:53 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll2013-02-25 14:02 . 2013-02-25 14:02 2904352 ----a-w- c:\windows\system32\nvcuvid.dll2013-02-25 14:02 . 2013-02-25 14:02 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll2013-02-25 14:02 . 2012-01-07 06:23 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll2013-02-25 14:02 . 2013-02-25 14:02 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll2013-02-25 14:02 . 2013-02-25 14:02 7564040 ----a-w- c:\windows\system32\nvopencl.dll2013-02-25 14:02 . 2013-02-25 14:02 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2013-02-25 14:02 . 2013-02-25 14:02 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2013-02-25 14:02 . 2013-02-25 14:02 9390760 ----a-w- c:\windows\system32\nvcuda.dll2013-02-25 14:02 . 2013-02-25 14:02 201576 ----a-w- c:\windows\SysWow64\nvinit.dll2013-02-17 22:52 . 2013-02-17 22:52 31080 ----a-w- c:\windows\system32\nvhdap64.dll2013-02-17 22:52 . 2012-02-22 00:23 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll2013-02-17 22:52 . 2013-02-17 22:52 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2013-02-13 02:40 . 2013-02-13 02:40 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-02-13 02:40 . 2013-02-13 02:40 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-02-13 02:40 . 2013-02-13 02:40 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-02-13 02:36 . 2013-02-13 02:36 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS2013-02-13 02:36 . 2013-02-13 02:36 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-02-13 02:35 . 2013-02-13 02:35 3153408 ----a-w- c:\windows\system32\win32k.sys2013-02-13 02:35 . 2013-02-13 02:35 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-02-13 02:35 . 2013-02-13 02:35 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-02-13 02:35 . 2013-02-13 02:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-02-13 02:35 . 2013-02-13 02:35 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-02-13 02:35 . 2013-02-13 02:35 215040 ----a-w- c:\windows\system32\winsrv.dll2013-02-13 02:35 . 2013-02-13 02:35 2048 ----a-w- c:\windows\SysWow64\user.exe2013-02-13 02:35 . 2013-02-13 02:35 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-02-12 05:45 . 2013-03-13 03:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45 . 2013-03-13 03:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45 . 2013-03-13 03:11 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45 . 2013-03-13 03:11 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48 . 2013-03-13 03:11 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-02-12 04:48 . 2013-03-13 03:11 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-01-29 07:45 . 2013-01-29 07:45 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll2013-01-29 07:45 . 2013-01-29 07:45 828872 ----a-w- c:\windows\system32\msvcr110.dll2013-01-29 07:45 . 2013-01-29 07:45 661448 ----a-w- c:\windows\system32\msvcp110.dll2013-01-29 07:45 . 2013-01-29 07:45 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll2013-01-29 07:45 . 2013-01-29 07:45 354264 ----a-w- c:\windows\system32\vccorlib110.dll2013-01-29 07:45 . 2013-01-29 07:45 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll2013-01-29 07:45 . 2013-01-29 07:45 50800 ----a-w- c:\windows\system32\drivers\point64.sys2013-01-21 00:42 . 2013-01-21 00:42 2177664 ----a-w- c:\windows\system32\coin93.dll2013-01-18 15:00 . 2012-02-22 00:23 6390048 ----a-w- c:\windows\system32\nvcpl.dll2013-01-18 15:00 . 2012-02-22 00:23 3460896 ----a-w- c:\windows\system32\nvsvc64.dll2013-01-18 15:00 . 2012-11-18 16:32 2558240 ----a-w- c:\windows\system32\nvsvcr.dll2013-01-18 15:00 . 2012-02-22 00:23 884512 ----a-w- c:\windows\system32\nvvsvc.exe2013-01-18 15:00 . 2012-02-22 00:23 63776 ----a-w- c:\windows\system32\nvshext.dll2013-01-18 15:00 . 2012-02-22 00:23 2953448 ----a-w- c:\windows\system32\nvcoproc.bin2013-01-18 15:00 . 2012-02-22 00:23 118560 ----a-w- c:\windows\system32\nvmctray.dll2013-01-17 21:45 . 2013-01-17 21:45 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe2013-01-15 08:19 . 2011-11-25 02:51 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-25 39408]"Steam"="c:\program files (x86)\steam\steam.exe" [2013-02-17 1597864]"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]"UpdatePSTShortCut"="c:\program files (x86)\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" [2010-06-02 222504]"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2013-02-18 27760]"UCam_Menu"="c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" [2009-02-17 218408]"UpdatePPShortCut"="c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" [2008-12-03 218408]"BDRegion"="c:\program files (x86)\cyberlink\shared files\brs.exe" [2010-11-23 75048]"RemoteControl9"="c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe" [2010-08-02 87336]"UpdateP2GoShortCut"="c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" [2009-05-19 222504]"CLMLServer"="c:\program files (x86)\cyberlink\power2go\clmlsvc.exe" [2009-12-15 103720]"MDS_Menu"="c:\program files (x86)\cyberlink\mediashow4\muitransfer\muistartmenu.exe" [2009-02-25 218408]"UpdateLBPShortCut"="c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" [2009-05-19 222504]"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer9"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/22 14:59;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-09-25 25640]R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-09-25 30528]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-01 19456]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-01 57856]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-01 30208]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-20 1255736]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-03 62496]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-03 146432]S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-01-07 16384]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-03 38288]S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-17 383264]S3 cmudaxp;ASUS Xonar DS Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]S3 SynUSB64;eLicenser;c:\windows\system32\DRIVERS\SynUSB64.sys [2009-06-26 30352]S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]..--- Other Services/Drivers In Memory ---.*Deregistered* - CLKMDRV10_9EC60124.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2010-04-22 03:39 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:22].2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 12:27].2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 12:27]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752].[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}][HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 2552320].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com.au/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Notify-SDWinLogon - SDWinLogon.dll...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:b8,33,f5,ef,01,c4,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,60,69,f2,56,dd,50,44,88,91,2c,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,60,69,f2,56,dd,50,44,88,91,2c,\.[HKEY_USERS\S-1-5-21-215604361-2767803132-3690170996-1000\Software\SecuROM\License information*]"datasecu"=hex:6b,c0,c7,79,1b,ce,9b,20,36,c0,97,d6,ec,fd,8a,2b,94,97,a5,c0,99, 1b,c7,79,15,c0,b2,f6,b9,fb,1a,db,ec,05,9e,a0,3a,bf,59,0f,d0,99,f9,49,7d,06,\"rkeysecu"=hex:ce,0f,df,1f,00,6f,23,70,fd,ed,88,e7,eb,68,81,f7.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-29 16:43:59ComboFix-quarantined-files.txt 2013-03-29 06:13ComboFix2.txt 2013-03-28 22:17.Pre-Run: 241,215,918,080 bytes freePost-Run: 241,137,045,504 bytes free.- - End Of File - - E01D0A3F910A8D0310DA2BE8CAEB0943Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.29.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Toby :: TOBY-PC [administrator]Protection: Disabled29/03/2013 4:47:25 PMmbam-log-2013-03-29 (16-47-25).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 260631Time elapsed: 1 minute(s), 24 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Robybel Posted March 29, 2013 ID:662592 Share Posted March 29, 2013 Hi aardvark2012Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete clean==================================Please download Windows Repair (all in one) from hereInstall the program then run itGo to step 2 and allow it to run Disk checkOnce that is done then go to step 3 and allow it to run SFCOn the the Start Repairs tab => Click the StartClick on the select all check box and then click on StartDON'T use the computer while each scan is in progress.Restart may be needed to finish the repair procedure Link to post Share on other sites More sharing options...
aardvark2012 Posted March 29, 2013 Author ID:662641 Share Posted March 29, 2013 All done. On the restart after Windows Repair it got stuck at the welcome screen. I left it for about 20 minutes, just in case, and then turned off the power. It took a while, but seemed to boot up okay. No logs to post.Windows Repair seemed to fix a lot of problems, but the symptoms are still there -- corrupted icons on websites, no Steam, and I briefly had weird issues trying to download Windows Repair. I could look around for other problems, if that would be helpful in narrowing down the search.CheersToby Link to post Share on other sites More sharing options...
Robybel Posted March 30, 2013 ID:662916 Share Posted March 30, 2013 Hi aardvark2012...but the symptoms are still there -- corrupted icons on websites, no Steam,Please follow this Rebuilding the Icon Cache Database Close all folder windows that are currently open.Launch Task Manager using the CTRL+SHIFT+ESC key sequence, or by running taskmgr.exe.In the Process tab, right-click on the Explorer.exe process and select End Process.Click the End process button when asked for confirmation.From the File menu of Task Manager, select New Task (Run…)Type CMD.EXE, and click OKIn the Command Prompt window, type the commands one by one and press ENTER after each command:CD /d %userprofile%\AppData\LocalDEL IconCache.db /aEXITIn Task Manager, click File, select New Task (Run…)Type EXPLORER.EXE, and click OK.Note the space in the first line between /d and %userprofile%. Also in the second line between IconCache.db and /aPlease let me know if you have still problem Link to post Share on other sites More sharing options...
aardvark2012 Posted March 30, 2013 Author ID:662931 Share Posted March 30, 2013 Hi Robybel,It didn't seem to make any difference, I'm afraid. It's weird -- it's not just that they're corrupted, they're moved around as well. So I'll get one icon from a website appearing in place of other icons from that same site. And some just don't appear at all (with that little red 'x' in the box). None of this happens when I access the same site from a different machine.I also noticed another symptom (at least I'm assuming it's a symptom of the same underlying malware issues). In Windows Explorer, in the 'Computer' section of the panel on the left, if I right-click one of the drives (fixed discs or BD-ROM) I get a "Windows Explorer has stopped working" message. Right clicking anything else doesn't seem to cause a problem, and I can still access all the drives.I was hoping to see if any other Steam-like programs were also broken (and indeed if I could get Steam working again) but mostly it would involve updating/reinstalling the programs in question. Do you think this would be safe to do, or should I hold off until my computer is clean?Any other ideas?Thanks for your time on this... I realise this probably isn't the most satisfying problem to tackle :-)Toby Link to post Share on other sites More sharing options...
Robybel Posted March 31, 2013 ID:663191 Share Posted March 31, 2013 Hi aardvark2012Can I see an image of your problem or of your Desktop? Link to post Share on other sites More sharing options...
aardvark2012 Posted March 31, 2013 Author ID:663204 Share Posted March 31, 2013 Okay. As an example of the 'icon problem' I've got a couple of screen shots from my weather website. It's supposed to look the way it does in "Sample Webpage 1.png" (taken from a different computer). But, on my machine it looks like "Sample Webpage 2.png". The banner at the top is completely messed up -- it's taken a 'cloud' graphic and gone nuts with it. The drop down menus are all wrong, the 'sunset' graphic has been replaced by an rss icon, and the 'Flight Centre' ad has become a wind arrow. The rest of the page is similarly messed up (as are other pages -- it's not just this page). Also, it gets messed up in different ways each time I go there.Then there's the Windows Explorer crash (Explorer crash.png). This happens every time I right-click on "Local Disk (C:)" (say, to open in another window), or any of the drives under "Computer".Finally there's the Steam not starting issue. I'm not as convinced that this is a malware issue as with the others... but I'm not convinced it isn't either. Basically, when I start it up, steam.exe *32 appears briefly in Task Manager processes, but then disappears without anything else happening. I've tried without the firewall, so it's not that it's being blocked, and I'm looking into things I could try to resolve this (apparently IObit can interfere, even when it's not active, so I'll get rid of that after I finish this post).While none of these are life-threatening, they make me very nervous because they weren't happening before I started getting the xtendmedia ads. As far as I know (which isn't very far) they may just be remnants of something the malware broke while I had it, or they may be caused by active malware still in my system. I really have no idea... which is why I'm here :-).CheersToby Link to post Share on other sites More sharing options...
aardvark2012 Posted March 31, 2013 Author ID:663207 Share Posted March 31, 2013 I just discovered that I can't use 32-bit internet explorer at all. As soon as it opens up I get an "Internet Explorer has stopped working" message. This doesn't happen with 64-bit. Somehow I get the feeling that should explain something -- as far as I know 64-bit can't be my default browser, so any programs trying to use my default browser in any way (I have no idea if steam does this) would have to use 32-bit and presumably get shut down straight away.Anyway, I'm just making wild guesses here :-). Link to post Share on other sites More sharing options...
Robybel Posted March 31, 2013 ID:663295 Share Posted March 31, 2013 Hi aardvark2012Remove Program(s) Click on Start, then click the Start Search box on the Start Menu.Copy and paste the value below without the word Code: into the open text entry box:appwiz.cpland press Enter - the Unistall or change a program list will be opened.Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:Advanced SystemCare 6IObit Malware FighterTake extra care in answering questions posed by any Uninstaller.When the program(s) have been uninstalled, please close Control Panel.NextPlease follow this:http://forums.adobe.com/message/4278569Please let me know if you have still problem Link to post Share on other sites More sharing options...
aardvark2012 Posted March 31, 2013 Author ID:663376 Share Posted March 31, 2013 Deleting all the Flash files completely cleared up the browser icons! Thanks. I uninstalled the IObit stuff last night, but unfortunately it made no difference to anything.Now there's only the issues of:1) IE9 32-bit crashes on opening. (64-bit seems to be working fine now that the icons are fixed.)2) Windows explorer crashes on right-clicking drives in the navigation pane.Any other thoughts?ThanksToby Link to post Share on other sites More sharing options...
aardvark2012 Posted April 1, 2013 Author ID:663414 Share Posted April 1, 2013 It seems like this is starting to look less like a malware problem and more like a general "my computer is doing weird stuff" problem. Do you think we should close this thread and I start another one in the "PC Help" forum? Link to post Share on other sites More sharing options...
Robybel Posted April 1, 2013 ID:663489 Share Posted April 1, 2013 Hi aardvark2012Do you think we should close this thread and I start another one in the "PC Help" forum? Not yetPlease try this:Complete Internet RepairPlease download comintrep.exe and save it to your desktopDouble click the icon and select RunClick ExtractDouble click the Complete Internet Repair folder on your desktopDouble click the CIntRep.exe iconPlace a checkmark next to the following entries:Reset Internet Protocol (TCP/IP)Repair Winsock (Reset Catalog)Renew Internet ConnectionsFlush DNS Resolver CacheRepair Internet Explorer 6.0.2900Clear Windows Update HistoryRepair Windows / Automatic UpdatesRepair SSL / HTTPS / CryptographyReset Windows Firewall ConfigurationRestore the default hosts fileRepair Workgroup Computers view[*]Click Go![*]Ignore any error messages for now[*]Click OK to reboot your computer[*]Check your internet accessPlease let me know if this worked Link to post Share on other sites More sharing options...
aardvark2012 Posted April 1, 2013 Author ID:663491 Share Posted April 1, 2013 Hi Robybel,No change, I'm afraid. I did get a "Windows cannot find wuauclt" error window opening, which I thought was a bit strange, but Windows update seems to be working okay. (When I checked that updates still worked, it turns out that IE10 is available. Do you think installing that would fix my IE9 issues, or just gloss over them?).I thought about trying the "Reset Internet Explorer settings" in Internet Options -> Advanced, but I don't want to try anything that might risk messing up your plan.Cheers Link to post Share on other sites More sharing options...
Robybel Posted April 2, 2013 ID:663863 Share Posted April 2, 2013 Hi aardvark I did get a "Windows cannot find wuauclt" error window openingTry this:Go to Start/Search and type CMD right click the CMD icon in the Search Results and Run As Administrator. In the Command Prompt type SFC /scannow and press enter. This will replace any missing or corrupted files.When I checked that updates still worked, it turns out that IE10 is available.Yes good, update IE9 to IE10 and let me know if you have still problem.About Steam, you can Uninstall/reinstall, next let me know if work. Link to post Share on other sites More sharing options...
aardvark2012 Posted April 2, 2013 Author ID:663921 Share Posted April 2, 2013 Hi Robybel,SFC didn't find anything, which I thought was kind of weird. But I installed IE10, and it seems to be working fine now (32 and 64 bit). (Steam is also working now that I have a default browser again). So that's good news!The only thing now is the windows explorer crash when I right-click on the drives in the navigation pane. It's not a huge problem in itself -- easy enough to work around -- but I don't like having no idea why it's happening, and not knowing if it's related to other problems/malware I haven't found yet. Any ideas what to do about it?Cheers Link to post Share on other sites More sharing options...
Robybel Posted April 3, 2013 ID:664208 Share Posted April 3, 2013 Hi aardvark2012;) SFC didn't find anything, which I thought was kind of weird The only thing now is the windows explorer crash when I right-click on the drives in the navigation pane. It's not a huge problem in itself -- easy enough to work around -- but I don't like having no idea why it's happening, and not knowing if it's related to other problems/malware I haven't found yet. Any ideas what to do about it?This is no malware problem, I think that this problem is related to some sector of your hard drive damagedTry this:Run a Scandisk1. Click on MY COMPUTER (or COMPUTER)2. Right click on Drive and select PROPERTIES.3.Select TOOLS tab.4. Under "Error - Checking", click CHECK NOW button.If you are prompted for an administrator password or confirmation, type the password or provide confirmation.To automatically repair problems with files and folders that the scan detects, select Automatically fix file system errors.Otherwise, the disk check will simply report problems but not fix them.To perform a thorough disk check, select Scan for and attempt recovery of bad sectors. This scan attempts to find and repair physical errors on the hard disk itself, and it can take much longer to complete.5. Click Start. It will prompt you to Schedule the CHKDSK at restart.6. Reboot. Link to post Share on other sites More sharing options...
Recommended Posts